CAPEC-192: Protocol Analysis
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.
前提条件
- Access to a binary executable.
- The ability to observe and interact with a communication channel between communicating processes.
所需技能
所需资源
- Depending on the type of analysis, a variety of tools might be required, such as static code and/or dynamic analysis tools. Alternatively, the effort might require debugging programs such as ollydbg, SoftICE, or disassemblers like IDA Pro. In some instances, packet sniffing or packet analyzing programs such as TCP dump or Wireshark are necessary. Lastly, specific protocol analysis might require tools such as PDB (Protocol Debug), or packet injection tools like pcap or Nemesis.
后果影响
影响范围: Confidentiality
技术影响: Read Data
说明: Successful deciphering of protocol information compromises the confidentiality of future sensitive communications.
影响范围: Integrity
技术影响: Modify Data
说明: Modifying communications after successful deciphering of protocol information compromises integrity.