Reverse Engineering Network Protocols using Bioinformatics

Presented at DEF CON 13 (2005), July 30, 2005, noon (50 minutes)

Network protocol analysis is currently performed by hand using only intuition and a protocol analyzer tool such as tcpdump or Ethereal. This talk presents Protocol Informatics, a method for automating network protocol reverse engineering by utilizing algorithms found in the bioinformatics field. In order to determine fields in protocol packets, samples are aligned using multiple string alignment algorithms and their consensus sequences are analyzed to understand the beginning and the end of fields in the packet.


  • Marshall Beddoe
    Marshall Beddoe is currently a Research Scientist with McAfee, Inc. Prior to McAfee, Marshall worked for Foundstone performing general computer security research and development. His main focus is on the introduction of cross disciplinary methods and techniques into the realm of computer security. He has performed extensive research on protocol analysis, passive network mapping and operating system identification. He can be reached at


Similar Presentations: