Network Forensics Packages and Appliances
- Expensive IP geo-location service.
- Enterasys Dragon
- http://www.enterasys.com/products/advanced-security-apps/index.aspx Instrusion Detection System includes session reconstruction.
- IP geolocation service and data provider for off-line geotagging. Free GeoLite country database. Programmable APIs.
- http://www.vmware.com/vmtn/appliances/directory/293 Netflow Appliance (vmWare)
- NetIntercept captures whole packets and reassembles up to 999,999 TCP connections at once, reconstructing files that were sent over your network and creating a database of its findings. It recognizes over 100 types of network protocols and file types, including web traffic, multimedia, email, and IM.
- http://en.wikipedia.org/wiki/Nslookup Name Server Lookup command line tool used to find IP address from domain name
- http://en.wikipedia.org/wiki/WHOIS Web service and command line tool to look up registry information for internet domain.
- http://www.arin.net/registration/agreements/bulkwhois.pdf Bulk WHOIS data request from ARIN
- IP Regional Registries
- http://www.arin.net/index.shtml American Registry for Internet Numbers (ARIN)
- http://www.afrinic.net/ African Network Information Center (AfriNIC)
- http://www.apnic.net/ Asia Pacific Network Information Centre (APNIC)
- http://www.lacnic.net/en/ Latin American and Caribbean IP Address Regional Registry (LACNIC)
- http://www.ripe.net/ RIPE Network Coordination Centre (RIPE NCC)
- Open Source protocol analyzer previously known as ethereal.
arp - view the contents of your ARP cache
ifconfig - view your mac and IP address
ping - send packets to probe remote machines
tcpdump - capture packets
nemesis - create arbitrary packets
arping - transmit ARP traffic
arpdig - probe LAN for MAC addresses
arpwatch - Watch ARP changes