How can I reverse engineer an application's protocol?

views:

380

answers:

+2 Q:

How can I reverse engineer an application's protocol?

I'm using an application (an instant messenger) which is not very popular. I'm trying to find the protocol that it uses. I know it's using TCP/IP but I want to find out all the commands that it is sending to the server and receiving from the server.

I tried a couple of sniffers, but they can not recognize this application by name and more over all I got was some unrelated hexadecimal codes.

Is there any idea how I can find the application's specifications?

(Please note: I googled it and found nothing and also there is no documentation by the author.)

+3 A:

Wireshark will tell you the protocol. The fact that you cannot read the messages in clear text on the wire is a good thing, isn't it?

cdonner 2009-03-04 01:59:59

The fact you can't read the clear text on the wire isn't good for two reasons: 1) It suggests that the protocol is secure when in fact it's just "security by obscurity" - which means that it's inconvenient to read, not secure. 2) It's easier to debug plain text protocols with tools like wireshark. **However** being a binary protocol suggests that it might be a lot more efficient in it's representation of data in packets - which could be very useful.

cartoonfox 2010-01-09 13:12:10

+4 A:

There are generally two approaches to reverse engineering something like this:

You could try disassembling it with a tool like IDA PRO.

You could try sniffing its traffic with a tool like Wireshark

Either way, it's likely to be a LOT of work.

Denis Hennessy 2009-03-04 02:06:18

ansaurus

tags:

views:

answers:

How can I reverse engineer an application's protocol?

related questions