// Comparison

Attacking Network Protocols vs Black Hat Python: Which Should You Read?

Two cybersecurity books on Networking, compared honestly: who each is for, what each does best, and which to read first.

Advanced

5/52017

Attacking Network Protocols

A Hacker's Guide to Capture, Analysis, and Exploitation

James Forshaw

James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

Intermediate

4/52021

Black Hat Python

Python Programming for Hackers and Pentesters

Justin Seitz, Tim Arnold

Justin Seitz and Tim Arnold's hands-on tour of writing offensive tooling in Python: network sniffers, web scrapers, GitHub-based command-and-control, screen capture, keylogging, and Volatility extensions.

Read this if

Anyone who needs to understand traffic, not just see it. Forshaw is the rare Project Zero veteran who can also teach; the book turns network protocol analysis into a learnable craft.

Working pentesters and red teamers who want to stop fighting other people's tools and start writing their own. The book that turns Python from a scripting language into an offensive multitool.

Skip this if

Beginners who haven't yet handled a pcap, or readers who only want HTTP/web. The book covers Layer 2 through application-level RPC, and the value compounds the deeper you go.

Beginners with no Python experience, or readers wanting a structured CS curriculum. Seitz and Arnold assume you can already program; the value is in offensive idioms, not language fundamentals.

Key takeaways

Capturing, parsing, and replaying traffic is one workflow, not three, and Forshaw's tooling-first framing makes that explicit.
Custom-protocol auditing (the part security curricula skip) is the part of the book that pays back hardest, especially for embedded, OT, and proprietary stacks.
The "build your own network analysis tool" chapters teach more about how protocols actually work than any number of Wireshark lessons.

Most operational tools you use can be replaced by ~50 lines of Python that do exactly what you need; the book is a series of working examples of that thesis.
The networking, web-scraping and process-injection chapters individually pay back the cost of the book once you've used the patterns three times.
The 2nd edition (Python 3, modern libraries) is the one to buy; the first edition's Python 2 code is dated.

How they compare

We rate Attacking Network Protocols higher (5/5 against 4/5 for Black Hat Python). For most readers, that means Attacking Network Protocols is the primary pick and Black Hat Python is a useful follow-up.

Attacking Network Protocols is pitched at advanced level. Black Hat Python is pitched at intermediate level. Read the easier one first if you're not yet comfortable with the topic.

Attacking Network Protocols and Black Hat Python both cover Networking, Offensive, so reading them in sequence reinforces the same material from different angles.

Keep reading