Recent research has exposed timing side channel vulnerabilities in many security applications. Hidden Markov models (HMMs) have used timing data to extract passwords from cryptographically protected communications tunnels. We extend that work to show how HMM models of protocols can be extracted directly from observations of protocol timing artifacts with no a priori knowledge. Since our approach uses symbolic reasoning, an important question is how to best translate continuous data observations to symbolic data. This translation is problematic when observation variance makes continuous to symbolic translation unreliable. We examine this problem and show that the HMMs we infer compensate automatically for significant observation jitter and symbol misclassification. Experimental verification is presented.