A tale of hubris and zealotry.
I agree with the statement "Tools are Useful", but knowing and being able to read a low-level representation goes boyond "preening themselves over their 1337 hex-dump reading skills".
All tools operate in specific contexts with very specific assumptions, e.g. as a standalone program that intercepts network traffic or reads a file that stores such traffic.
It is often helpful to be able to identify and/or parse the same kind of information outside of the context that the tool requires. Using the example of the IPv4 packet this might be when debugging a core dump and finding the hexdump of [[Figure 1] http://cacm.acm.org/magazines/2012/4/147357-the-network-protocol-battle/fulltext#F1 ] in some buffer. In my experience it is often that being familiar with the low-level representation is enormously helpful as it allows one to spot suspicious states and to investigate behavior in contexts where the dedicated tool is not available.
"Tools are useful", but so is just /seeing/ through the representation.
Displaying 1 comment