Attacking Network Protocols
A Hacker's Guide to Capture, Analysis, and Exploitation
James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- James Forshaw
- Published
- 2017
- Publisher
- No Starch Press
- Pages
- 336
- Language
- English
Read this if
Anyone who needs to understand traffic, not just see it. Forshaw is the rare Project Zero veteran who can also teach; the book turns network protocol analysis into a learnable craft.
Skip this if
Beginners who haven't yet handled a pcap, or readers who only want HTTP/web. The book covers Layer 2 through application-level RPC, and the value compounds the deeper you go.
Key takeaways
- Capturing, parsing, and replaying traffic is one workflow, not three, and Forshaw's tooling-first framing makes that explicit.
- Custom-protocol auditing (the part security curricula skip) is the part of the book that pays back hardest, especially for embedded, OT, and proprietary stacks.
- The "build your own network analysis tool" chapters teach more about how protocols actually work than any number of Wireshark lessons.
Notes
Pair with Practical Packet Analysis (Sanders) for the Wireshark-first introduction, and with Silence on the Wire (Zalewski) for conceptual depth on what the wire reveals beyond payload. Forshaw's later books on Windows Security Internals and his blog at tiraniddo.dev are the natural follow-ups. Required reading for IoT/OT pentesters and for anyone who reverses proprietary RPC.
What to read before
What to read before Attacking Network Protocols →Intermediate · 2008
Hacking: The Art of Exploitation
A from-first-principles tour of low-level exploitation that still teaches the mindset two decades later.
Intermediate · 2020
Black Hat Go
Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.
Intermediate · 2021
Black Hat Python
Justin Seitz and Tim Arnold's hands-on tour of writing offensive tooling in Python: network sniffers, web scrapers, GitHub-based command-and-control, screen capture, keylogging, and Volatility extensions.
What to read next
What to read after Attacking Network Protocols →Advanced · 2005
Silence on the Wire
Michal Zalewski's classic on the indirect attack surface: timing channels, protocol-stack fingerprinting, and the often-overlooked side data leaked by every layer of a stack.
Advanced · 2007
The Shellcoder's Handbook
A foundational text on memory-corruption exploitation across Linux, Windows, Solaris and embedded targets. Pre-modern-mitigations in spirit but still the canonical introduction to the techniques the modern toolchain is built to defeat.
Intermediate · 2008
Hacking: The Art of Exploitation
A from-first-principles tour of low-level exploitation that still teaches the mindset two decades later.
Explore similar books
Alternatives to Attacking Network Protocols →Intermediate · 2008
Hacking: The Art of Exploitation
A from-first-principles tour of low-level exploitation that still teaches the mindset two decades later.
Intermediate · 2021
Black Hat Python
Justin Seitz and Tim Arnold's hands-on tour of writing offensive tooling in Python: network sniffers, web scrapers, GitHub-based command-and-control, screen capture, keylogging, and Volatility extensions.
Intermediate · 2020
Black Hat Go
Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.