4.1 Protocol Analysis

Protocol analysis refers to the art and science of understanding how a particular communications protocol works, what it’s used for, how to identify it, and how to dissect it. This may not be as straightforward as you might expect. In an ideal world, all protocols would be neatly cataloged, publicized, and implemented according to specification. In reality, none of this is true. Many protocols are deliberately kept secret by their inventors, either to protect intellectual property, keep out competition, or for the purposes of security and covert communications. Other protocols are simply not well documented because no one has taken the time.

Some protocols are publicly documented, such as the IETF-specified standards (which we discuss in greater detail shortly). However, that does not mean that hardware and software vendors have chosen to properly implement them. Often, manufacturers implement protocols before standards have been formally ratified, or only partially implement them. Engineers and programmers often make mistakes that result in behavior which is not compliant with standards.