A Reverse Engineering Tool for Extracting Protocols of Networked Applications

Networked applications play a significant role in today´s interconnected world. It is important for software engineers to be able to understand and model the behavior of these applications during software maintenance. Some networked applications use legacy protocols in ways they were not intended to be used. Others use newly created protocols that are designed in an ad hoc way to simply meet requirements. Protocol usage needs to be understood so that applications can be effectively tested and maintained. In this paper we propose the first step in achieving this goal by presenting a dynamic analysis tool, called PEXT, that can reverse engineer a networked application´s underlying protocol by analyzing a collection of packets captured from the application at runtime. We demonstrate the effectiveness of this tool by extracting a protocol from an FTP application, and comparing the extracted protocol to the documented FTP protocol defined in RFC 959.