Today with the tremendous series of undocumented or poorly documented protocols how an incident responder on the network can can present the packet by capturing a binary executable file. The contents of such files can be parsed by conventional static and dynamic techniques. In many situations one can t detect even the binary file for analysis. So a new process of Protocol Reverse Engineering (PRE) leveraging multiple sources of information to accelerate incident response detection. It is a pseudo-formal survey of the tools, techniques, and methodologies that I've experienced or observed to be effective that is deliberately proscriptive, rather than prescriptive. It is not an exhaustive study, and only designed to cover common needs of analysts - particularly engaged in incident response.