January, 2010

  • Annotated Traces for Windows System Behavior

    Microsoft publishes protocol documentation on MSDN that is intended to make it easier for others to develop interoperable implementations. “System Documents” provide overviews of system behavior for key systems such as Active Directory, File Sharing and...
  • SMB2 Data Fields and Properties

    Properties: Property.SMBFileIDPersistent - For SMB2, the file ID can be one of two types. This represents the Persistent type. Property.SMBFileIDColatile - For SMB2, the file ID can be one of two types. This represents the Volitle type. Property...
  • IPv4 Data Fields and Properties

    Fields: IPv4.Address - Useful for filtering on an address independent of the direction. IPV4.SourceAddress - Represents the source address and is useful for filtering for traffic from a specific source. IPV4.DestinationAddress - Represents the...
  • Capturing a Trace at Boot Up

    Capturing a trace during a boot is a common task that can be difficult to accomplish. In fact the most fool proof way to capture all traffic at boot is to capture the traffic from a 3rd party capturing machine in promiscuous mode. But this requires you...