Cyber Shelf

// Comparison

Attacking Network Protocols vs Silence on the Wire: Which Should You Read?

Two cybersecurity books on Networking, compared honestly: who each is for, what each does best, and which to read first.

Advanced
5/52017
Attacking Network Protocols

A Hacker's Guide to Capture, Analysis, and Exploitation

James Forshaw

James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

Advanced
5/52005
Silence on the Wire

A Field Guide to Passive Reconnaissance and Indirect Attacks

Michal Zalewski

Michal Zalewski's classic on the indirect attack surface: timing channels, protocol-stack fingerprinting, and the often-overlooked side data leaked by every layer of a stack.

Read this if

Anyone who needs to understand traffic, not just see it. Forshaw is the rare Project Zero veteran who can also teach; the book turns network protocol analysis into a learnable craft.
Curious defenders, reverse engineers, and protocol auditors who want to think about the side data every layer leaks. Zalewski is the field's most original networking thinker, and the book is twenty years old and somehow still ahead of most people's models.

Skip this if

Beginners who haven't yet handled a pcap, or readers who only want HTTP/web. The book covers Layer 2 through application-level RPC, and the value compounds the deeper you go.
Readers wanting recipes or playbooks. The book is conceptual essays on side channels, network metadata, and indirect inference; each chapter is a thought experiment with practical implications, not a step-by-step guide.

Key takeaways

  • Capturing, parsing, and replaying traffic is one workflow, not three, and Forshaw's tooling-first framing makes that explicit.
  • Custom-protocol auditing (the part security curricula skip) is the part of the book that pays back hardest, especially for embedded, OT, and proprietary stacks.
  • The "build your own network analysis tool" chapters teach more about how protocols actually work than any number of Wireshark lessons.
  • Every protocol layer leaks information that wasn't in the payload (TCP/IP fingerprinting, DNS cache hints, browser timing, terminal echo); the book's premise is that adversaries can read all of it.
  • Passive reconnaissance is dramatically underrated as both a threat and a research tool; Zalewski makes the case better than anyone before or since.
  • The chapters on phantom-data leakage (idle scanning, timing oracles, blind side channels) are the conceptual root of attack classes that keep getting rediscovered every few years.

How they compare

Attacking Network Protocols and Silence on the Wire are both rated 5/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target advanced-level readers, so the choice is about topic, not difficulty.

Attacking Network Protocols and Silence on the Wire both cover Networking, so reading them in sequence reinforces the same material from different angles.

Keep reading

Attacking Network Protocols

Alternatives to Attacking Network ProtocolsWhat to read after Attacking Network Protocols

Silence on the Wire

Alternatives to Silence on the WireWhat to read after Silence on the Wire

Related topics

Networking