Home
About
Services
Computer Forensics
Network Forensics
Wireless Forensics
Firewalls
Downloads
OS Docs
Programming
Computer History
My Babies

Network Forensics

Network Forensics

Information and Whitepapers

Download or Read On-Line

(For Your Knowledge or Curiosity)

Network Forensics - Netcat-Ncat

• Netcat Tutorial by Adam Palmer
• Netcat Tutorial II by muts
• Netcat Tutorial III by muts
• Ncat Users Guide by Fyodor

Network Forensics - Web

• Browser Secrets Unveiled by Chetan Gupta

Network Forensics - Sniffers and Sniffing

• The BSD Packet Filter (Classic) by Steven McCanne and Van Jacobson
• Sniffing FAQ (Classic) by Robert Graham
• Sniffing in a Switched Network by Manu Garg
• A Guided Tour of Ethereal by Brad Hards (Linux Journal)
• Aspects of Network Sniffing by kay
• Basic Packet Sniffer Construction from the Ground Up by Chad Renfro
• Receive Only UTP Cables and Network Taps by Diego González Gómez
• Taps and Span Ports (NetOptics)
• Carnivore by Robert Graham
• CommTraffic User Manual (TamoSoft)
• CommView Remote Agent User Manual (TamoSoft)
• CommView User Manual (TamoSoft)
• Development of an Architecture for Packet Capture and Network Traffic Analysis by Loris Degioanni
• Ethereal User Guide by Richard Sharpe, Ed Warnicke, and Ulf Lamping
• Graph Based Binary Analysis by Halvar Flake
• Network Tap Diagrams by Jeff Nathan
• ngrep Quick Tutorial by Mark E. Donaldson
• Packet Sniffing in a Switched Environment by Tom King
• Selecting Network Taps by unknown
• TCPreplay FAQ by Aaron Turner
• The Gobbler by Tirza Van Rijn and Jan Van Oorschot
• Intrusion Detection Using Ethereal by 2nd Lt David Chaboya
• Using WinPcap on a Dial-up Connection by Mark E. Donaldson
• WinDump Manual (WinDump Documentation)
• Wireshark User's Manual (Wireshark Documentation)
• Berkeley Packet Filters (BPF) - The Basics by Jeff Stebelton
• BPF Handout by Alexandre Dulaunoy
• Ethereal Power by Roderick W. Smith
• Ethereal-Wireshark Tutorial by Zebulebu
• Packetyzer User Guide (OpenXtra)
• Working with Microsoft Network Monitor by Brian M. Posey and David Davis

Network Forensics - Packet Analysis

• Practical Packet Analysis by Chris Sanders
• Characterizing and Tracing Packet Floods Using Cisco Routers by unknown
• End-to-End Internet Packet Dynamics by Vern Paxon
• Session Hijacking Packet Analysis by Lee Lawson
• TCPDump DNS Output Resolution by Guy Bruneau
• Teredo Stray Packet Analysis by Johannes Ullrich

Network Forensics - Packet Crafting and Packet Injection

• Network Intrusion Detection - Evasion, Traffic Normalization and Semantics (Classic) by Mark Handley, Vern Paxson, and Christian Kreibich
• Insertion, Evasion, and Denial of Service - Eluding Network Intrusion Detection (Classic) by Thomas H Ptacek, and Timothy N Newsham
• Attacking WiFi with Traffic Injection by Cedric Blancher
• Packet Craft by Mike Poor
• Packet Testing Tools by Dan Dirks
• An Introduction to the Tool Loki by Burning Asgard
• Crafting Routing Protocols Using Nemesis by MattA
• Fun with Packets by Coretez Giovanni
• Generation and Validation of Emperically Derived TCP by Felix Hernandez-Campos
• Getting Started with Hping3 by unknown
• Harpoon Manual by Joel Sommers
• How To Test an ISP by Renaud Bidou
• Hping Man Page by Salvatore Sanfilippo
• Hping Tutorial by Philippe Bogaerts
• Hping2 Basics by Chris Gates
• Hping2 HOWTO by Salvatore Sanfilippo
• Introduction to Protocol Fuzzing Using Scapy by Artjom Vassiljev
• Metasploit 3 Developers Guide by The Metasploit Staff
• Metasploit Framework User Guide Version 3.1 by The Metasploit Staff
• Metasploit Framework User Guide Version 3.2 by The Metasploit Staff
• Metasploit Meterpreter by Scape
• Network Packet Forgery with Scapy by Philippe Biondi
• Next Hop by David G. Andersen
• On Interactive Internet Traffic Replay by Seung-Sun Hong and S. Felix Wu
• Packet Analysis Tools and Methodology by Don Parker
• Packet Crafting for Firewall and IDS Audits by Don Parker
• Network Packet Forgery with Scapy by Philippe Biondi
• Packet Crafting via Hping by alt_don
• Packet Trace Manipulation Framework for Test Labs by Andy Rupp, Holger Dreger, Anja Feldmann, and Robin Sommer
• Packet Wizardry Ruling the Network with Python by Rob klein Gunnewiek
• Performance Evaluation of Packet Capturing Systems for High-speed Networks by Fabian Schneider
• pktd - A Packet Capture and Injection Daemon by Jose Marıa Gonzalezi and Vern Paxson
• Precision and Accuracy of Network Traffic by Marcos Paredes-Farrera, Martin Fleury and Mohammed Ghanbari
• Scapy Documentation by Philippe Biondi
• Self Configuring Network Traffic Generation by Joel Sommers and Paul Barford
• Simple Metaspoit in Action by Cyberheb
• Testing IDS Rulesets with Hping by Alt.don
• The Hping2 Idle Host Scan by Erik J. Kamerling
• The Nemesis Project by Mark Grimes and Jeff Nathan
• Tools of the Trade by Don Parker
• Using Hping by Salvatore Sanfilippo
• Wifi Advanced Stealth by Laurent Butti and Franck Veysset
• Writing Exploits with the Metasploit Framework by unknown
• Writing Metasploit Plugins by Saumil Shah

Network Forensics - Reconnaissance - NMAP

• The Art of Port Scanning by Fyodor
• NMAP Reference Guide by Fyodor
• NMAP Service and Application Version Detection by Fyodor
• NMAP Compilation, Installation and Removal by Fyodor
• Host Discovery With NMAP by Mark Wolfgang
• Defeating NMAP OS Fingerprinting by David Barroso Berrueta
• James Messer Secrets of Network Cartography (A Labor of Love) by James Messer
• NMAP Guide by Lamont Granquist
• NMAP Tutorial by yudhax
• Remote OS Detection via TCP-IP Stack FingerPrinting by Fyodor
• Another NMAP Tutorial by zebulebu
• NMAP - A Stealth Port Scanner by Andrew J. Bennieston

Network Forensics - Reconnaissance - Nessus

• Installing and Configuring Nessus by Nitesh Dhanjani
• Nessus Scanning on a Windows Domain by Sunil Vakharia
• Nessus Scanning by unknown

Network Forensics - Reconnaissance - Scanning

• IP Network Scanning and Reconnaissance (Classic) (Matta Security Limited)
• Internet Attack and Penetration (Classic) (Matta Security Limited)
• Network Scanning Techniques (Classic) by Ofir Arkin
• Firewalking (Classic) by David Goldsmith and Michael Schiffman
• Practical Automated Detection of Stealthy Portscans by Stuart Staniford, James A. Hoagland, and Joseph M. McAlerney
• Blind IP Spoofed Port Scanning by Tom Olofsson
• Finding Fences in Cyberspace Privacy, Property and Open Access by Ethan Preston
• Improving the Security of Your Site by Breaking Into It (Classic) by Dan Farmer and Vietse Venema
• Portscanning and Legal Implications by Abhinav Bhatt
• Port Scanning by Probhaker Mateti

Network Forensics - Reconnaissance - Fingerprinting

• NTA Monitor UDP Backoff Pattern Fingerprinting White Paper by Roy Hills

Network Forensics - Penetration

• An Introduction to Internet Attack and Penetration (Matta Security Limited)
• Firewall Penetration Testing by Rito E. Haeni
• Host Fingerprinting and Firewalking with HPING by Naveed Afzal
• Penetration Testing Techniques by Ron Gula
• Penetration Testing MIS Corporate Defense Solutions)
• Firewall Testing: An In Depth Analysis by ICSA Labs

Network Forensics - Ethernet and Data Link Layer (Layer 2)

• Intel Fast Ethernet LAN Guide (Intel Corporation)
• Ethernet 802.3 (CKP)
• Attacks at the Data Link Layer by Guillermo Mario Marro
• Computer Networking Primer (Novell)
• EtherLeak - Ethernet Frame Padding Information Leakage by Ofir Arken and Josh Anderson
• Ethernet FAQ by Marc Runkel
• Hacking Layer 2 by Sean Convery
• Using Jumbo Packets on Gigabit Ethernet (AppareNet)
• Network Architectures by Mark E. Donaldson
• Ethernet (Cisco Systems)

Network Forensics - VLAN (Virtual LANS)

• VLANs On Linux by Paul Frieden

Network Forensics - UPoE (Universal Power Over Ethernet)

• IEEE802.3af Power Over Ethernet
• PoE (Power Over Ethernet) - How to Power Over Your Ethernet CABLE to an Access Point by Terry Schmidt
• PoE (Power over Ethernet) How To by Terry Schmidt
• PoE IEE 802.3af White Paper (Cisco Systems)
• PoE Industrial Opportunity (GarrettCom)
• PoE Overview by Mark E. Donaldson
• PoE (Power over Ethernet) by Mark E. Donaldson
• Power Over Ethernet White Paper by Mark E. Donaldson
• Troubleshooting POE Systems with a Voltmeter by George Mallard

Network Forensics - Powerline Ethernet

• Home Plug 1.0 Technical White Paper (HomePlug Powerline Alliance)
• Home Plug AV White Paper (HomePlug Powerline Alliance)
• Home Plug Standard Steve Gardner, Steve Markwalter, and Larry Yonge
• Home Plug Technology Field Test Results Whitepaper (HomePlug Powerline Alliance)

Network Forensics - Routers-Routing-Switching - Switching

• Issues LAN Switching Migration from a Shared LAN Environment by Rich Seifert
• Layer 3 Switching by Mark E. Donaldson
• Multilayer Switching Reference (Aristu)
• Layer 3 Switches Explained by David Davis

Network Forensics - Routers-Routing-Switching - Routing

• Route Flap Dampening by Randy Bush
• How Routers Work by David Davis
• Router Configuration Windows by unknown
• Build a Network Router on Linux with Zebra by Dominique Cimafranca and Rex Young

Network Forensics - Routers-Routing-Switching - Routing Protocols

• BGP Part I by Peter J. Welcher
• BGP Part I by Peter J. Welcher
• EIGRP Troubleshooting Manual (Cisco Systems)
• Hot Standby Routing Protocol by Peter J. Welcher
• Interior Gateway Protocols by Eric Hall
• OSPF Part I by Peter J. Welcher
• OSPF Part II by Peter J. Welcher
• OSPF Part III by Peter J. Welcher
• Redistributing Routing Protocols (Cisco Systems)

Network Forensics - Routers-Routing-Switching - GRE (Generic Routing Encapsulation)

• Cisco GRE (Cisco Systems)
• Configure GRE Tunnels by David Davis
• Configuring a GRE Tunnel over IPsec with OSPF (Cisco Systems)
• GRE - Generic Routing Encapsulation by unknown
• GRE Configuration Guide (ProCurve Networking)
• GRE Patent
• GRE Tunnel Keepalive (Cisco Systems)
• GRE Tunnel Keepalives (Cisco Systems)
• How GRE Keepalives Work (Cisco Systems)
• IP Tunneling Generic Routing Encapsulation by David Davis
• VPN Tunnels - GRE Protocol 47 Packet Description and Use (Microsoft Corporation)
• Why Can't I Browse the Internet when Using a GRE Tunnel (Cisco Systems)

Network Forensics - Routers-Routing-Switching - Cisco

• Use HyperTerminal with Cisco Routers by David Davis
• CCNA Textbook Lab Manual by Matthew Basham
• CCNA Exam Cram - Long by Mark E. Donaldson
• CCNA Exam Cram - Short by Mark E. Donaldson
• Building Bastion Routers Using Cisco IOS by Brett Beldridge
• Cisco Access Control Lists (Cisco Systems)
• Cisco Configuration Management (Cisco Systems)
• Cisco Configuration Register by Dennis Laganiere
• Cisco Directions on How To Enable TFTP by Mark E. Donaldson
• Cisco Disaster Recovery (Cisco Systems)
• Cisco IOS 12.3 (Cisco Systems)
• Cisco IOS Commands Abreviated by Mark E. Donaldson
• Cisco IOS Disaster Recovery by Brian Clark
• Cisco IOS IP Routing - Dynamic Routing by David Davis
• Cisco IOS IP Routing - Static Routes by David Davis
• Cisco IOS Reference Guide (Cisco Systems)
• Cisco IOS Reflexive Access Lists by Greg Ferro
• Cisco IOS Essentials (Cisco Systems)
• Cisco PIX Firewall Configuration from Scratch by David Davis
• Cisco Router Configuration Commands by David Davis
• Cisco SSH Configuration (Cisco Systems)
• Configuring Cisco Routing Protocols by unknown
• Configuring IP Access Lists (Cisco Systems)
• Demystifying Cisco Access Control Lists by Mark E. Donaldson
• How to Install Software Images Using a TFTP or RPC Server Application (Cisco Systems)
• Improving Security on Cisco Routers (Cisco Systems)
• IOS Essentials (Cisco Systems)
• ISP Security Essentials (Cisco Systems)
• Network Summarization - Supernetting and Wildcard Masks by David Davis
• Use Your Router as a TFTP Server by Sudhanshu Gupta

Network Forensics - Routers-Routing-Switching - Michael J. Martin Papers

• Automating Configurations and Backups with Expect by Michael J. Martin
• Building 802.11Q VLANs by Michael J. Martin
• Building a Secure TACACS+ Environment by Michael J. Martin
• Building a WLAN Proxy Server - DHCP Services Part 1 by Michael J. Martin
• Building a WLAN Proxy Server - DHCP Services Part 2 by Michael J. Martin
• Building a WLAN Proxy Server - Implementing WPAD by Michael J. Martin
• Building a WLAN Proxy Server - IP Routing by Michael J. Martin
• Building a WLAN Proxy Server - Part 1 by Michael J. Martin
• Building a WLAN Proxy Server - Part 2 by Michael J. Martin
• Building VLAN Interfaces in Linux and IOS by Michael J. Martin
• Cisco Asynchronous Serial Support by Michael J. Martin
• Conducting a Network Inventory - Part 1 by Michael J. Martin
• Conducting a Network Inventory - Part 2 by Michael J. Martin
• Configuring Advanced TACACS+ - Implementing Autorization by Michael J. Martin
• Configuring CBAC Policy Configuration and CBAC Implementation by Michael J. Martin
• Configuring Firewall Active Access Control by Michael J. Martin
• Configuring IOS NAT by Michael J. Martin
• Configuring IOS Terminal Services by Michael J. Martin
• Configuring Secure Authentication on Cisco Routers and Switches by Michael J. Martin
• Cool IOS Commands by Michael J. Martin
• DHCP Services for WLAN's by Michael J. Martin
• Direct Transport VPN Configuration by Michael J. Martin
• DNS for a Wireless Network by Michael J. Martin
• Filtering with MAC Addresses by Michael J. Martin
• Full Crypto Cisco IPsec VPN Gateway with Software Client by Michael J. Martin
• Full Crypto VPN Hardware Client Configuration for Cisco EzVPN by Michael J. Martin
• Implementing IOS Async Terminal Services by Michael J. Martin
• Implementing IOS CLI Menus by Michael J. Martin
• Implementing Router Interface Redundancy by Michael J. Martin
• Implementing SACLs to Defend and Detect Attacks by Michael J. Martin
• Initial Configuration of a Cisco 1200 802.11g WLAN Access Point by Michael J. Martin
• IOS DHCP - Support Options and Configuration by Michael J. Martin
• IOS DHCP Services - Part 1 by Michael J. Martin
• IOS Secure Shell Support by Michael J. Martin
• IPsec Protocol Details for Implementing VPNs by Michael J. Martin
• IPsec VPN Authentication Generating and Exchanging Pre-shared Keys by Michael J. Martin
• IPsec VPN Connection Models by Michael J. Martin
• IPsec VPN Router Configuration - The ISAKMP Policy by Michael J. Martin
• More Cool IOS Commands - Implementing r Command Support by Michael J. Martin
• Network to Network VPN Gateway Configuration for Cisco EzVPN by Michael J. Martin
• SACLs - Filtering Suggestions and Ideas by Michael J. Martin
• Secure WLAN Best Practices and Topology by Michael J. Martin
• Secure WLANs - Understanding the Protocols by Michael J. Martin
• Smurf Fraggle Attack Defense Using SACLs by Michael J. Martin
• Split Tunnel Cisco IPsec VPN Gateway with Software Client by Michael J. Martin
• Split Tunnel VPN Hardware Client Configuration for Cisco EzVPN by Michael J. Martin
• Standard Interface Configuration for a WLAN Proxy Server by Michael J. Martin
• TACACS Authentication Methods by Michael J. Martin
• TACACS Tricks with Scripts - Part 1 by Michael J. Martin
• TACACS Tricks with Scripts - Part 2 by Michael J. Martin
• TCPdump Qualify Traffic and Create a Traffic Collection Statement by Michael J. Martin
• The Router is the Firewall Part 1 - An Overview of the IOS Firewall Feature by Michael J. Martin
• The Router is the Firewal Part 2 - Implementing CBAC by Michael J. Martin
• The Router is the Firewal Part 3 - Configuring CBAC by Michael J. Martin
• The Router is the Firewall Part 4 - Implementing IOS Authentication Proxy by Michael J. Martin
• Tools for Surviving the Cisco IOS Flaw by Michael J. Martin
• Understanding Reverse Telnet and IOS Terminal Lines by Michael J. Martin
• Understanding TCP IP to Prevent Network Attacks - Part 1 by Michael J. Martin
• Understanding TCP IP to Prevent Network Attacks - Part 2 by Michael J. Martin
• Using Cisco IOS Logging - Part 1 by Michael J. Martin
• Using Cisco IOS Logging - Part 2 by Michael J. Martin
• VPN Gateway Router Configuration Using Static and Dynamic Crypto Maps by Michael J. Martin
• VPN Gateway Router Configuration Using Transform Sets by Michael J. Martin
• Why You Need a Network Services Audit by Michael J. Martin

Network Forensics - IP Addressing, Subnetting, CIDR (Classless Inter-Domain Routing), and Routing

• Address Translating and Routing by Mark E. Donaldson
• IP Addressing and Subnetting Simplified by Mark E. Donaldson
• Networking Abbreviated by Mark E. Donaldson
• Sangoma TCP-IP and IPX Routing Tutorial
• Subnetting Abbreviated by Mark E. Donaldson
• Subnetting Examples by Mark E. Donaldson
• TCP-IP Addressing and Subnetting by TVG
• TCP-IP Addressing and Routing Guide by Mark E. Donaldson
• Introduction to IP Multicast (Cisco Systems)
• Best Practices IP Address Management 2009 by Tim Rooney
• IP Addressing - Convert IP to Binary by unknown

Network Forensics - IP - AS (Autonomous System) Numbers

• 4-Byte AS Numbers by Geoff Huston
• AS Number Consumption by Geoff Huston
• AS Numbers Again by Geoff Huston

Network Forensics - IP - QoS (Quality of Service)

Network Forensics - IP - IP Fragmenation and PMTU Discovery

• Adjusting MTU and MSS (Cisco Systems)
• Fragments - Small Packets Big Problems by Paul Rusty Russell
• GRE Fragmentation and ICMP Blocking (Cisco Systems)
• IP Fragmentation and PMTUD (Cisco Systems)
• IP Fragmentation FAQ by Mark E. Donaldson
• Resolve IP Fragmentation, MTU, MSS and PMTUD Issues with GRE and IPSEC (Cisco System)
• Rose Fragmentation Attack
• Target-Based Fragmentation Reassembly by Judy Novak
• Understanding IP Fragmentation by spoonfork
• Path MTU Discovery and Filtering ICMP by Marc Slemco
• Path MTU Discovery by Peter J. Welcher
• PMTU Path MTU Discovery by unknown
• A Tale of Two Protocols - IPv4, IPv6, MTUs and Fragmentation by Geoff Huston
• Access Control Lists and IP Fragments (Cisco Systems)
• Resolve IP Fragmentation Issues with GRE (Cisco Systems)
• Mutterings on MTU by Geoff Huston
• Path Maximum Transmission (PMTU) Black Hole Routers Unit by Joe Davies

Network Forensics - IP - IP Spoofing

• IP Spoofing Demystified by daemon9
• IP Spoofing - Understanding the Basics
• The Art of Unspoofing by Sean Trifero and Brian Knox
• The IP Smart Spoofing by Laurent Licuor and Vincent Royer

Network Forensics - IP - NAT (Network Address Translation)

• Network Address Translation Deployment and Features by Boyd Benson
• A Technique for Counting NATed Hosts by Steven M. Bellovin
• Advanced NAT Configuration by unknown
• Cisco IOS NAT (Cisco Systems)
• Configuring Dynamic NAT on a Cisco Router by Ammar Muqaddas and Chris Partsenidis
• Configuring Windows Server 2003 to Act as a NAT Router by Brien Posey
• DNS64 and NAT64 by Simon Perreault
• How NAT Works (Cisco Systems)
• How To Configure a Windows 2000 Server as a Network Address Translation Server (Microsoft Corporation)
• Implementing NAT-PT for IPv6 (Cisco Systems)
• IP Network Address Translation by Michael Hasenstein
• IPSec NAT Traversal Overview by Joe Davies
• NAT FAQ (Cisco Systems)
• NAT in Windows 2003 - Setup and Configuration by Andrew Z. Tabona
• NAT46 Considerations by Dapeng Liu
• NAT66 by Margaret Wasserman
• Network Address Translation by Peter J. Welcher
• Overview of Network Address Translation NAT in Windows XP (Microsoft Corporation)
• Peer-to-Peer Communication Across Network Address Translators by Bryan Ford and Pyda Srisuresh
• Static and Dynamic Network Address Translation by Ammar Muqaddas and Chris Partsenidis
• How Network Address Translation Works by Jeff Tyson

Network Forensics - IPv6

• Introduction to IPv6 Part 1 by Peter J. Welcher
• Introduction to IPv6 Part 2 by Peter J. Welcher
• IPv6 Technical Reference (Microsoft Corporation)
• Campus IPv6 (Internet 2 Engineering Workshops)
• Changes to IPv6 in Windows Vista and Windows Server 2008 by Joseph Davies
• Configuring IPv6 with Windows Vista by Joseph Davies
• Connecting to the IPv6 Internet by Ibrahim Haddad
• Connecting Your Network to the IPv6 Internet with Linux by Ibrahim Haddad
• Enabling IPv6 in Linux by Ibrahim Haddad
• Introduction to IPv6 (Microsoft Corporation)
• IPv6 Allocation Schemes (Internet 2 Engineering Workshops)
• IPv6 Applications (Internet 2 Engineering Workshops)
• IPv6 Essentials by Ibrahim Haddad
• IPv6 Router Configuration (Internet 2 Engineering Workshops)
• IPv6 Transition and Tunnels (Internet 2 Engineering Workshops)
• IPv6 Transition Technologies (Microsoft Corporation)
• IPv6 Tutorial (Cisco Systems)
• IPv6 Tutorial II by Florent Parent and Régis Desmeules
• IPv6 Tutorial III by Janos Mohacsi
• IPv6 Tutorial IV by Jordi Palet
• IPv6 Tutorial V by Florent Parent
• IPv6-IPv4 Coexistence and Migration (Microsoft Corporation)
• Manual Configuration for IPv6 Essentials by Joseph Davies
• Overview of IPv6 Router Configuration by Hisham Ahmed Ibrahim
• Performance Enhancements in the Next Generation TCP-IP Stack by Joseph Davies
• Security Implications of IPv6 by Michael H. Warfield
• Source and Destination Address Selection for IPv6 by Joseph Davies
• Support for IPv6 in Windows Server 2008 R2 and Windows 7 by Joseph Davies
• Toredo Overview (Microsoft Corporation)
• The Case for IPv6 by Silvia Hagen
• The IPv6 Internet - Connect Today with Linux by Ibrahim Haddad
• Supporting IPv6 on a Linux Server Node by Ibrahim Haddad
• Troubleshooting IPv6 by Joseph Davies
• Understanding the IPv6 Routing Table by Joseph Davies

Network Forensics - TCP/IP

• End To End Internet Packet Dynamics by Vern Paxson
• Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection (Classic) by Ptacet and Newsham
• Understanding Internet Traffic Streams by Nevil Borwnlee and kc claffy
• Network Intrusion Detection Evasion, Traffic Normalization and Semantics (Classic) by Handley, Paxson and Keibich
• Payload Anatomy and Future Mutations by Riley Hassell
• Probing TCP Implementations by Douglas E. Comer and John C. Lin
• A Simple Active Attack Against TCP by Laurent Joncheray
• SYN Floods and SYN Cookies by NeonSurge
• TCP/IP Gender Changer by Ivan Buetler
• Slipping in the Window: TCP Reset Attacks by Paul A. Watson
• Inferring and Visualizing Social Networks On IRC by Paul Mutton
• Windows 2000 TCP-IP Implementation Details by Dave MacDonald and Warren Barkley (Microsoft Corporation)
• Windows 2003 TCP-IP Implementation Details (Microsoft Corporation)
• TCP-IP Fundamentals for Microsoft Windows (Microsoft Corporation)
• Windows NT TCP-IP by Dave MacDonald
• Explicit Congestion Notification (ECN) for TCP-IP by Joseph Davies
• TCP and Explicit Congestion Notification by Sally Floyd
• Inferring Internet DOS Activity by David Moore, Geoffery M. Voelker, and Stefan Savage
• Network Analysis Technology for Microsoft Visibility by Michiharu Arimoto
• TCP State by Gary C. Kessler
• Scaring Crackers Away with TCP Wrapper by Adam Olson
• TCP-IP Protocol Suite by Mark E. Donaldson
• TCP-IP Troubleshooting (Microsoft Corporation)
• TCP-IP Tutorial and Technical Overview by Adolpho Rodriquez, Hohn Gatrell, John Karas, and Roland Peschke
• The Problem with Random Increments by Timothy M. Newsham
• Unicast Reverse Path Forwarding (Cisco Systems)
• Windows TCP-IP Fundamentals by Joseph Davies
• Observed Structure of Addresses In IP Traffic by Eddie Kohler, Jinyang Li, Vern Paxson, and Scott Shenker
• Session Layer by Mitch Neilsen
• Daryl's TCP-IP Primer by Daryl Banttari
• Windows 95 TCP-IP (Microsoft Corporation)
• Windows 2000 TCP-IP (Microsoft Corporation)
• Windows 2003 TCP-IP Technical Reference (Microsoft Corporation)
• TCP-IP Checksums by Alex Urich

Network Forensics - TCP/IP - OSI Model

• OSI Model by Mark E. Donaldson
• OSI Reference Model by Russell Hitchcock
• TCP-IP Protocol Stack by Mark E. Donaldson
• Internetworking Basics (Cisco)

Network Forensics - TCP/IP - Covert Channels

• Covert Channels In The TCP-IP Protocol Suite (Classic) by Craig H. Rowland
• Covert Channel Vulnerabilities in Anonymity Systems by Steven J. Murdock
• Covert Channel Analysis and Data Hiding in TCP-IP (Classic) by Kamran Ahsan
• Covert Channels Research Report by Marc Smeets and Matthijs Koot
• Infranet - Circumventing Web Censorship and Surveillance by Nick Feamster, Magdalena Balazinska, Greg Harfst, Hari Balakrishnan, and David Karger
• Steganography of VoIP Streams by Wojciech Mazurczyk and Krzysztof Szczypiorski
• Covert Channels - Cloak and Dagger in the Information Age (NOSO)

Network Forensics - TCP/IP and Network Programming

• TCP-IP Programming Part 1 by Joel Snyder and Geoff Bryant
• TCP-IP Programming Part 2 by Joel Snyder and Geoff Bryant
• TCP-IP Programming Part 3 by Joel Snyder and Geoff Bryant
• TCP-IP Programming Part 4 by Joel Snyder and Geoff Bryant
• TCP-IP Programming Part 5 by Joel Snyder and Geoff Bryant
• Building Packets for Dummies and Others with Libnet by Frederic Raynal
• Libnet 101 Part 1 - The Primer by Michael D. Schiffman
• LLibnet Reference Manual (Phrack Magazine)
• The Evolution of Libnet by Michael D. Schiffman

Network Forensics - SCTP (Stream Control Transmission Protocol) and MPLS (Multiprotocol Label Switching)

• Better Networking with SCTP by M. Tim Jones
• SCTP for Beginners by Erwin P. Rathgeb
• SCTP (EventStudio)
• Transparent TCP-to-SCTP Translation Shim Layer by Ryan W. Bickhart, Paul D. Amer, and Randall R. Stewart

Network Forensics - IGMP (Internet Group Management Protocol)

Network Forensics - ICMP (internet Control Messaging Protocol)

• ICMP Attacks Against TCP by F. Gont
• ICMP Usage in Scanning Version 1.0 (Classic) by Ofir Arkin
• ICMP Usage in Scanning Version 2.01 (Classic) by Ofir Arkin
• ICMP Usage in Scanning Version 2.5 (Classic) by Ofir Arkin
• ICMP Usage in Scanning Version 3.0 (Classic) by Ofir Arkin
• ICMP Protocol by Mark E. Donaldson
• Ping and How It Works by Mark E. Donaldson
• The Storey of the PING Program by Mike Muuss
• NT Ping by Mark E. Donaldson
• ICMP Applications (EventHelix)
• ICMP Packet Filtering by Mark E. Donaldson
• Ping Tunnel by Daniel Stodle
• Using ICMP Tunneling to Steal Internet by doug
• A Remote Active OS Fingerprinting Tool Using ICMP by Ofir Arkin
• ICMP Based Remote OS TCP-IP Stack Fingerprinting Techniques (Phrack Classic) by Ofir Arkin and Fyodor Yarochkin
• X - Remote ICMP OS Fingerprinting Techniques by Ofir Arkin and Fyodor Yarochkin
• XProbe - Remote ICMP Based OS Fingerprinting Techniques by Ofir Arkin
• Xprobe2 - A Fuzzy Approach to Remote Active Operating System Fingerprinting by Ofir Arkin and Fyodor Yarochkin
• XPobe2 by Ofir Arkin
• XProbe++ Presentation by Ofir Arkin, Fyodor Yarochkin, Meder Kydyraliev, Shih-Yao Dai, Yennun Huang, and Sy-Yen Kuo
• Xprobe2++ by Ofir Arkin, Fyodor Yarochkin, Meder Kydyraliev, Shih-Yao Dai, Yennun Huang, and Sy-Yen Kuon
• XProbe2-Rev1.0 by Ofir Arkin
• XProbe2-Rev1.5 by Ofir Arkin

Network Forensics - ARP (Address Resolution Protocol) and RARP (Reverse Address Resolution Protocol)

• The Basics of ARP Spoofing and ARP Poisoning by IronGeek
• EtterCap ARP Spoofing and Beyond by Mati Aharoni
• Fun With EtterCap Filters by IronGeek
• ARP Spoofing HTTP Infection Malware by Kai Zhang
• ARP Vulnerabilities by Mike Beekey
• arp-sk A Swiss Knife Tool for ARP
• ARP-sk by Cedrick Blancher
• Detection of Promiscuous Nodes Using ARP Packets by Daiji Sanai
• Promiscuous Node Detection Using ARP Packets by Daiji Sanai
• Anatomy of an ARP Poisoning Attack by Corey Nachreiner
• Introduction to ARP Spoofing by Sean Whalen
• Wireless Access Points and ARP Spoofing
• Broadband Network Insecurity and Implications by Matta Security Limited

Network Forensics - RPC and DCOM

• Sniffing DCE-RPC Traffic by James Howe
• Troubleshooting RPC Across Firewalls by Colin Bowern
• Exploiting DCOM by Yoshiaki Komoriya and Hidenobu Seki
• RPC2 by Pete J. Braam and Robert Watson
• RPC - Friend or Foe by David Hoelzer (SANS Institute)
• Using Distributed COM with Firewalls by David Hoelzer (SANS Institute)
• MSRPC NULL Sessions by Jean-Baptiste Marchand

Network Forensics - SMTP (Simple Mail Transfer Protocol) - Mail Protocols

Network Forensics - SMTP - Email Forensics

• Blat User Manual - Compiled by Mark E. Donaldson
• Reading Email Headers - The Classic
• Tracing E-mail by Chetan Gupta
• Verify Your Email Security With tcpdump by Carla Schroder
• Malicious SMTP Mass Mailing Activity by David Whyte, P.C. van Oorschot, and Evangelos Kranakis
• Mail Backscatter Simply Explained by unknown
• Understanding Email Spoofing by Deb Shinder

Network Forensics - SMTP - Mail Administration

• Administrator Shortcut Guide to Email Protection by Paul Robichaux

Network Forensics - SMTP - Mail Security

Network Forensics - SMTP - MTA (Mail Transport Agents) - Sendmail

• How to avoid Backscatter in Sendmail - Compiled by Mark E. Donaldson
• Demystifying Sendmail by Hal Pomeranz
• Improving Sendmail Security by Turning It Off by Hal Pomeranz
• Just Can't Get Enough Sendmail by Hal Pomeranz
• Sendmail GreePause by Hal Pomeranz
• Tweaking Sendmail Configuration Options (Sendmail Documentation)

Network Forensics - SMTP - MTA (Mail Transport Agents) - Postfix

Network Forensics - SMTP - MTA (Mail Transport Agents) - Exim

Network Forensics - SMTP - MTA (Mail Transport Agents) - Qmail and Zmailer

Network Forensics - SMTP - MDA (Mail Delivery Agents) - Procmail

Network Forensics - SMTP - MUA (Mail User Agents)

Network Forensics - SMTP - SPAM Control

Network Forensics - SMTP - SPF (Sender Policy Framework) - Email Validation

• An Overview of the Sender Policy Framework as an Antiphishing Mechanism by Stefan Gorling
• Comparison and Evaluation of E-Mail Sender Authentication Technologies by unknown
• Configuring Microsoft Outlook to Display Sender ID Information by Mark E. Donaldson
• Fighting Spam and Phishing with SPF by Nolan Garrett
• Microsoft CallerID for Email (Microsoft Corporation)
• Microsoft CallerID for Senders (Microsoft Corporation)
• Sender Policy Framework Syntax by Meng Weng Wong
• SPF Overview by Meng Weng Wong
• SPF Whitepaper by Meng Weng Wong
• SPF, MTAs, and SRS by Meng Weng Wong
• Administrator Shortcut Guide to Blocking Spam with Sender Validation by Alan Sugano

Network Forensics - NNTP (Network News Transport Protocol)

• Understanding the NNTP Protocol by Don Parker

Network Forensics - DNS

• DNS Amplification Attacks by Randall Vaughn and Gadi Evron
• Using The Domain Name System for System Breakins by Steven M. Belloven

Network Forensics - DNS - BIND (Berkeley Internet Named Daemon)

Network Forensics - DNS - Windows DNS

Network Forensics - DNS - IPv6

Network Forensics - DHCP (Dynamic Host Configuration Protocol)

• Block Bad Guys With Windows 2008 R2 New DHCP MAC Address Filtering Tool by Steven Bink
• Building DHCP Automatically by Eric Seigne
• Configuring a DHCP Server by Dru Lavigne
• Configuring a DHCP Local Server by unknown
• DHCP on a Multi-Segment Network by Dru Lavigne
• DHCP Primer by Dario Laverde
• DHCP Protocol by Laura Jeanne Knapp and Thomas M. Hadley
• DHCPv6 by Shane Kerr
• Failover with ISC DHCP by Paul Heinlein
• Introducing DHCP by Dru Lavigne
• One Byte at a Time - Bootstrapping with BOOTP and DHCP by Douglas Comer

Network Forensics - NTP (Network Time Protocol) and SNTP (Simple Network Time Protocol)

• Cisco NTP (Cisco Systems)
• NTP by Hal Pomeranz
• Using NTP to Control and Synchronize Clocks Part I by David Deeths and Glenn Brunette
• Using NTP to Control and Synchronize Clocks Part II by David Deeths and Glenn Brunette
• Using NTP to Control and Synchronize Clocks Part III by David Deeths and Glenn Brunette
• Windows Time Service Notes by Mark E. Donaldson
• Windows Time Service by Shala Brandolini(Microsoft Corporation)

Network Forensics - IDENT (Identification) and AUTH (Authorization)

• Authentication-Identification Port 113 by Steve Gibson
• The IDENT Protocol by Mark E. Donaldson

Network Forensics - Telnet

• How Telnet Works (Microsoft Corporation)
• Introduction to the Telnet Protocol by unknown
• Telnet - The Mother of All Application Protocols by unknown
• Telnet and the Telnet Protocol by unknown
• Telnet by unknown
• The Design of the Telnet Protocol (THINK Protocols Team CS Dept UT Austin)

Network Forensics - FTP

• Active vs Passive - FTP The Classic Definitive Explanation

Network Forensics - TFTP

Network Forensics - HTTP

• Browser Secrets Unveiled by Chetan Gupta
• HTTP Request Smuggling by Chaim Linhart, Amit Klein, Ronen Heled, and Steve Orrin
• Website Attack Guide by Ethernet

Network Forensics - SNMP

• NMS Best Practice (Cisco Systems)
• SNMP Simplified by Peter Murray and Paul Stalvig
• SNMP Tutorial Presentation by Karl Quinn
• SNMP Tutorial (DPS Telecom)
• SNMP White Paper (Network Instruments)
• SNMP (Cisco Systems)
• SNMPv3 White Paper by unknown

Network Forensics - PXE (Pre-Boot Execution Environment

• PXE - Not Just for Server Networks Anymore by Bill Childers (Linux Journal)
• PXE Magic - Flexible Network Booting with Menus by Kyle Rankin (Linux Journal)

Network Forensics - RFB (Remote Framebuffer) and RDP (Remote Desktop Protocol)

Network Forensics - VPN

• Circumventing VPN's by Loki
• VVPN Threat Analysis by Ivan Buetler
• Virual Private Networks Part 1 (IBM)
• Virual Private Networks Part 2 (IBM)

Network Forensics - VPN - IPsec

• IPsec HOWTO by Ralf Spenneberg
• IPsec Protocol Basics by unknown
• IPsec Simplified Part I by Peter J. Welcher
• IPsec Simplified Part II by Peter J. Welcher
• PSK Cracking IKE Aggressive Mode by Michael Thurmann and Enno Rey
• SSL VPN vs IPSec VPN (ArrayNetworks)
• Configuring Ipsec on PIX by Daniel B. Cid
• Configuring PIX to PIX to PIX IPsec Hub and Spoke (Cisco)

Network Forensics - VPN - SSL (Secure Sockets Layer) and TLS (Transport Layer Security)

• The Shortcut Guide to Extended Validation SSL Certificates by Dan Sullivan

Network Forensics - VPN - SSH

• File Transfer SCP-SFTP-FTP (Cambridge University)
• Guide to SSH (Hewlett-Packard Company)
• Howto Setup SSH Keys between machines by Daniel Owen
• Passive Analysis of SSH Traffic by unknown
• Preventing Privilege Escalation by Niels Provos
• Secure Copying with SSH by Brian Rectanus
• Secure FTP on VMS by unknown
• Open SSH Key Management Part 1 by Daniel Robbins
• Open SSH Key Management Part 2 by Daniel Robbins
• Open SSH Key Management Part 3 by Daniel Robbins
• The Shortcut Guide to Securing Automatic File Transfers by Ed Tittel
• Securing Windows SSH (Attachmate)
• Set Up a SSH-based Point to Point Connection (Linux-Tip.net)

Network Forensics - Honeypots

• Deploying Large Scale Distributed Honeypots by F. Pouget, M. Dacier, and V. H. Pham
• Detecting Honeypots by Thorsten Holz and Frederic Raynal
• Honeypot-based Forensics by F. Pouget and M. Dacier
• Honeypots by F. Pouget, M. Dacier, and Herve Debar
• Measuring Security Threats with Honeypot Technology by Maximillian Dornseif, Thorsten Holz, Julian Mathes, and Ingo Weisemoller
• Pointillist Approach for Defining Honeypots by Fabian Pouget and Thorsten Holz
• Profile Credit Card Fraud by The Honeynet Project
• Towards a Third Generation Data Capture Architecture for Honeynets by Edward Balas and Camilo Viecco
• Understanding Threats by F. Pouget, M. Dacier, and V. H. Pham

Network Forensics - Honeypots - Know Your Enemy Series (KYE)

• Know Your Enemy by The Honeynet Project
• Know Your Enemy II by The Honeynet Project
• Know Your Enemy III by The Honeynet Project
• KYE CDROM Eeyore by The Honeynet Project
• KYE Forensic Analysis by The Honeynet Project
• KYE GenII Honeynets by The Honeynet Project
• KYE Honeynets in Universities
• KYE Honeynets by The Honeynet Project
• KYE Honeywall CDROM Roo by The Honeynet Project
• KYE Learning with User-Mode Linux
• KYE Learning with VMware by The Honeynet Project
• KYE Malicious Web Servers by The Honeynet Project
• KYE Motives by The Honeynet Project
• KYE Passive Fingerprinting by The Honeynet Project
• KYE Phishing by The Honeynet Project
• KYE Sebek by The Honeynet Project
• KYE Tracking Botnets by The Honeynet Project
• KYE Virtual Honeynets by The Honeynet Project
• KYE Worms at War by The Honeynet Project

Network Forensics - MPLS and SCTP

• Guide To MPLS by J Doyle
• MPLS Overview by Foundry Networks
• IP-MPLS VPN by Foundry Networks
• Implementing VLL Using MPLS by Foundry Networks
• VPLS and VPL by Foundry Networks

Network Forensics - Bandwidth-Connectivity-Troubleshooting

• Troubleshooting Windows Network Connectivity by Brian M. Posey
• Device Bandwidth Chart by Mark E. Donaldson
• Remote LAN Connectivity by Mark E. Donaldson

Network Forensics - VoIP

• Tracking VoIP Calls on the Internet by Wang, Chen, and Jadodia
• Analysis Security Threats Tools SIP VoIP Systems by Shawn McGann and Douglas C. Sicker
• Introduction to VoIP
• VoIP Phreaking by Ofir Arkin (@stake)
• VoIP Security by Ofir Arkin @stake
• VoIP Testing Guide (Radcom)
• How Scype Bypasses Firewalls by Jurgen Schmidt
• The Definitive Guide to Converged Network Management by Ken Camp
• Handbook for Successful VoIP Deployment by John Q. Walker
• The Definitive Guide to Successful Deployment of VoIP and IP Telephony by Jim Cavanagh
• Power and Cooling for VoIP and IP Telephony Applications (Cisco Systems)
• The Essential Voice over IP by Ken Camp

VoIP Implementation and Management

by John Q. Walker and Jeffry T. Hicks

• Introduction
• Chapter 1
• Chapter 2
• Chapter 3
• Chapter 4
• Chapter 5
• Chapter 6

Network Forensics - VoIP - RTP (Real Time Transport Protocol) and RTSP (Real Time Streaming Protocol)

Network Forensics - VoIP - SIP

• SIP Tutorial by Jiri Kuthan and Dorgham Sisalem
• SIP Architecture by Janet R. Diandi, Vijay K. Gurbani, and Mark H. Jones
• SIP Server Technology Overview by Radvision
• SIP (Alcatel)
• Understanding SIP Servers (Radvision)
• Understanding SIP Tutorial by Jiri Kuthan and Dorgham Sisalem
• Understanding SIP

Network Forensics - VoIP - H323 and H248

• h323 Tutorial by Radcom

Network Forensics - UPnP (Universal Plug and Play)

• UPnP Device Architecture
• Advantages of UPnP Inaternet Gateway Device (Intel)
• Designing a UPnP AV MediaServer (Intel)
• Intel Authoring Tools For UPnP Technologies (Intel)
• Interoperablel Home Infrastructure (Intel)
• Intel Development Tools for UPnP (Intel)
• Intel UPnP-Based Remote IO Developers Guide v0.4 (Intel)
• Introduction to UPnP Technology (UPnP Forum)
• Understanding UPnP (Microsoft Corporation)
• Universal Plug and Play Device Architecture (Microsoft Corporation)
• Universal Plug and Play in Windows XP (Microsoft Corporation)
• UPnP AV Architecture Technology (Intel)
• UPnP NAT Traversal FAQ (UPnP.org)

Network Forensics - LDAP (Lightweight Directory Access Protocol)

• Advanced LDAP Authentication by Manfred Gnirss and Frank Kirshner (IBM)
• Build an LDAP Address Book (IBM)
• LDAP Implementation Cookbook by Heinz Johner, Michel Melot, Harri Stranden and Permana Widhiasta (IBM)
• LDAP Injection (SPI Labs)
• LDAP by unknown
• Understanding LDAP by Heinz Johner, Larry Brown, Franz-Stefan Hinner, Wolfgang Reis and Johan Westman (IBM)
• Using LDAP For Directory Integration by Steven Tuttle, Kedar Godbole, and Grant McCarthy (IBM)
• Using LDAP to Manage Unix Accounts by Jeff Machols (SysAdmin Magazine)
• x.500 Directory (Computer Associates)

Network Forensics - CIFS (Common Internet File System)

• CIFS - Common Insecurities Fail Scrutiny (Classic) by Hobbit
• CIFS Explained (CodeFX)
• NetBIOS by unknown
• Work in Progress - Redocumenting CIFS by Christopher R. Hertel

Network Forensics - CIFS - Samba

• Windows Network Services for Samba by Jean-Baptiste Marchand
• Samba Security by Mick Bauer (Linux Journal)
• Introduction to Samba Part 1 by Daniel Robbins
• Introduction to Samba Part 2 by Daniel Robbins
• Introduction to Samba Part 3 by Daniel Robbins
• Linux-Unix Active Directory Authentication Integration Using Samba Winbind by Edwin Gnichtel
• Samba 4 - Active Directoru by Andrew Bartlett
• Samba and Active Directory Integration by Jeremy Allison
• Samba 3 HOWTO and Reference by Jelmer R. Vernooij, John H. Terpstra, and Gerald (Jerry) Carter
• Unofficial Samba HOWTO by Andrew Bartlett
• Join Linux to Active Directory With Winbind by Carla Schroder
• Join Samba 3 to Your Active Directory Domain by Carla Schroder
• Unite your Linux and Active Directory Authentication by Eric Andersen
• Winbind Ties Linux and Windows Sign-Ons Together by Carla Schroder
• A First Look at Samba 4 by Markus Klemke
• Sambas New Registry Based Configuration - Presentation by Michael Adam
• Sambas New Registry Based Configuration by Michael Adam

Network Forensics - CIFS - Microsoft Historical (Hard to Find Classics)

• A Common Internet File System CIFS 1.0 Preliminary Draft by Paul J. Leach and Dilip C. Naik (Microsoft Corporation)
• CIFS Authentication Protocol Draft 3 by Paul J. Leach (Microsoft Corporation)
• CIFS Authentication Protocol Draft 4 by Paul J. Leach (Microsoft Corporation)
• CIFS Authentication Protocols Specification Draft 4 by Paul J. Leach (Microsoft Corporation)
• CIFS Logon and Pass Through Authentication Preliminary Draft by Paul J. Leach and Dilip C. Naik (Microsoft Corporation)
• CIFS Printing Specification Preliminary Draft by Paul J. Leach and Dilip C. Naik (Microsoft Corporation)
• CIFS Remote Administration Protocol Preliminary Draft by Paul J. Leach and Dilip C. Naik (Microsoft Corporation)
• CIFS Security Considerations Update by Paul J. Leach (Microsoft Corporation)
• CIFS Technical Reference Revision 1.0 (SNIA Technical Proposal)
• CIFS-E Browser Protocol Preliminary Draft by Paul J. Leach and Dilip C. Naik (Microsoft Corporation)
• Microsoft Networks-OpenNet File Sharing Protocol - Document Version 2.0 (Microsoft Corporation)
• SMB File Sharing Protocol Extensions Version 2.0 - Document Version 3.3 (Microsoft Corporation)
• SMB File Sharing Protocol Extensions Version 2.0 (Microsoft Corporation)
• SMB File Sharing Protocol Extensions Version 3.0 - Document Version 1.11 (Microsoft Corporation)
• SMB File Sharing Protocol Extensions Version 3.4 (Microsoft Corporation)
• SMB File Sharing Protocol Extensions (Microsoft Corporation)

Network Forensics - NFS (Network File System) and NIS (Network Information Service

• Design and Implementation of Sun NFS (Classic) by Russel Sandberg, David Goldberg, Steve Kleiman, Dan Walsh, and Bob Lyon
• File Systems and NFS (Duke)
• Linux NFS-HOWTO by Tavis Barr, Nicolai Langfeldt, Seth Vidal, and Tom McNeal
• NFS Client Authentication by Brent Callaghan
• NFS Hacking by Axel Neumann
• NFS Protocol Sequence Diagram (EventHelix.com)

Network Forensics - Dfs (Distributed File System)

• Distributed File System Best Practices and Troubleshooting Guide (Microsoft Corporation)
• Configuring and Using Dfs Replication by Mitch Tullock
• Configuring Dfs Namespaces by Mitch Tullock
• Definitely Dfs by Kathy Ivens
• Designing Distributed File Systems (Microsoft Corporation)
• Dfs - A Logical View of Physical Resources by Tim Daniels and Sean Deuby
• Dfs in Windows 2000 by Mitch Tullock
• Dfs Operations Guide - Using the DFSRadmin Tool (Microsoft Corporation)
• Dfs Step-by-Step Guide for Windows Server 2008 (Microsoft Corporation)
• Dfs vs DFS by John Enck
• Disaster Recovery with Dfs by Douglas Toombs
• Distributed File System - A Logical View of Physical Storage (Microsoft Corporation)
• Distributed File System Frequently Asked Questions (Microsoft Corporation)
• File Replication Service Stops Responding When Staging Area is Full (Microsoft Corporation)
• Get a Head Start on NT 5 with DFS by Douglas Toombs
• Get Going with Dfs by John Savill
• Implementing DFS Namespaces by Mitch Tullock
• Implementing DFS Replication by Mitch Tullock
• Organizing Your Files With Microsoft Distributed File System Version 4.1 by Brien M. Posey
• Overview of the Distributed File System Solution in Microsoft Windows Server 2003 R2 (Microsoft Corporation)
• Simplifying Infrastructure Complexity with the Windows Distributed File System (Microsoft Corporation)
• Step-by-Step Guide to DFS in Windows Server 2003 R2 (Microsoft Corporation)
• Windows 2003 Dfs by Andrew Z. Tabona

Network Forensics - Storage Networks (NAS and SAN)

• FreeNAS Setup and User Guide by Olivier Cochard-Labb and Bob Jaggard
• Introduction to Storage Area Networks by Jon Tate, Rajani Kanth, and Andre Telles
• Quick and Easy NAS Using FreeNAS (NetAdmin Tools.com)
• SAN Configuration (JNI)
• SAN LUN Security by Hu Yoshida (Hitachi)

Network Forensics - Authentication

• Definitive Guide to Identity Management by Arcie Reed
• Eliminating Root with Sudo by Michael Lucas

Network Forensics - Authentication - Kerberos, RADIUS (Remote Authentication Dial In User Service), and TACACS (Terminal Access Controller Access Control System)

• RADIUS Protocol Security and Best Practices by unknown
• RADIUS Whitepaper by unknown
• TACACS Device Access Control (Cisco Systems)
• Tacacs+ and RADIUS Comparison (Cisco Systems)

Network Forensics - Authentication - PAM (Plugable Authentication Modules)

• Linux-PAM System Administors Guide by Andrew G. Morgan and Thorsten Kukuk
• Making Login Services Independent of Authentication Technologies by Vipin Samar and Charlie Lai
• PAM Administration (Sun Microsystems)
• PAM by Kurt Seifried
• Understanding PAM by unknown

Network Forensics - Authentication - Microsoft

• All About NULL Sessions or Ananymous Logins by Mark E. Donaldson
• Cracking NTLMv2 Authentication by urity (SecurityFriday)
• Optimized Attack for NTLM2 Session Response by Daiji Sanai and Hidenobu Seki (SecurityFriday)
• The NTLM Authentication Protocol by unknown
• Windows Authentication Schemes by Mark Minasi
• Windows Null Sessions and MSRPC by Todd Sabin
• Introduction to NAP (Microsoft Corporation)
• NAP Policies Windows Server 2008 (Microsoft Corporation)

Network Forensics - SCADA (Supervisory Control and Data Acquisition)

• Vulnerabilities in Some SCADA Server Software by Luigi Auriemma and Dan Goodin

Network Forensics - Monitoring

Network Forensics - Automation and Convergence - Cfengine

• Big Engine by Brendan Strejcek
• Cfengine Cookbook by Neil H. Watson
• Cfengine Engine 2 Concepts Guide by Mark Burgess
• Cfengine 2 Reference Manual by Mark Burgess
• Cfengine Engine 3 Concepts Guide by Mark Burgess
• Cfengine 3 Reference Manual by Mark Burgess
• System Monitoring with Cfengine by Mark Burgess

Whitepapers from SecurityFocus.com

• Click Here to Access Whitepapers from SecurityFocus.com

  

Technical Books