PeqApps

Forensic Information Items

DNS, MDNS, and LLMNR Forensics

  • Amplification Attack
  • Any IP
  • ANY Query
  • Bad Name Label
  • Bad Name Pointer
  • Bad Record Count
  • Bad Time to Live
  • Cache Flush
  • Class Unknown
  • Error Format
  • Error Non-Existent Domain
  • Error Other
  • Error Query Refused
  • Error Response Flood
  • Error Server Failure
  • Extraneous Data
  • Header Truncated
  • Loopback IP
  • Malformed Over TCP
  • Many Records
  • Message Over TCP
  • Multicast IP
  • Multiple Questions
  • Name Forward Pointer
  • Name Pointer Loop
  • Name Too Long
  • No Error
  • Nonzero Reserved Bit
  • Null Query
  • OpCode Unknown
  • Private IP
  • Query
  • Record Malformed
  • Record Truncated
  • Record Type A
  • Record Type AAAA
  • Record Type CNAME
  • Record Type HTTPS
  • Record Type MX
  • Record Type NS
  • Record Type NSEC
  • Record Type Other
  • Record Type PTR
  • Record Type SOA
  • Record Type SRV
  • Record Type TXT
  • Record Type Unknown
  • Response
  • Truncation Flag
  • UDP Zero-Payload
  • Unanswered Query Flood
  • Unsolicited Response Flood

TCP Forensics

  • All Flags
  • Bad Header Length
  • Bad Option Length
  • Bad Window Scale
  • Checksum Error
  • Connection Reset
  • D-SACK Sequence
  • Data Truncated
  • Duplicate ACK
  • Flow End FIN
  • Flow No Data
  • Flow Start SYN
  • Flow Start SYN + ACK
  • Header Truncated
  • Keep-Alive
  • Keep-Alive ACK
  • Known-to-Known Ports
  • LAND Attack
  • MSS Option No SYN
  • Nonzero ACK No Flag
  • Nonzero Option Pad
  • Nonzero Urgent No Flag
  • Null Scan
  • Partial Checksum
  • Port Loopback
  • Port Scan
  • Prior Segment
  • Prior Segment + New Data
  • Reused Port Number
  • SACK Perm Option No SYN
  • Segment Gap
  • SYN + FIN Flags
  • SYN + URG Flags
  • SYN Flood
  • SYN No MSS Option
  • SYN No SACK Perm Option
  • SYN No Window Scale Option
  • Unidirectional Flow
  • Urgent Flag
  • Window Exceeded
  • Window Full
  • Window Scale Option No SYN
  • Window Update
  • Xmas Tree Scan
  • Zero Window
  • Zero Window Probe

UDP Forensics

  • Bad Length
  • Checksum Error
  • Data Truncated
  • Flow No Data
  • Known-to-Known Ports
  • Partial Checksum
  • Port Loopback
  • Port Scan
  • Unidirectional Flow
  • Zero Checksum

IPv4 Forensics

  • 4 Consecutive NOPs
  • Bad Header Length
  • Bad Length Field
  • Bad Option Length
  • Bad Route Option
  • Bad Timestamp Option
  • Bad Version Field
  • Checksum Error
  • Fragment Bad Length
  • Fragment Count
  • Fragment Empty
  • Fragment Overlap
  • Fragment Too Big
  • Loopback Flow
  • Option Deprecated
  • Option Unknown
  • Payload Truncated
  • Protocol Unknown
  • TTL Too Small

IPv6 Forensics

  • Atomic Fragment
  • Bad Jumbo Option
  • Bad Jumbogram
  • Bad Payload Length
  • Bad Version Field
  • Dest Option Deprecated
  • Dest Option Jumbo
  • Dest Option Unknown
  • Fragment Bad Length
  • Fragment Count
  • Fragment Empty
  • Fragment Excess Headers
  • Fragment Overlap
  • Fragment Too Big
  • Hop-by-Hop Option Deprecated
  • Hop-by-Hop Option Unknown
  • Jumbogram
  • Loopback Flow
  • Misplaced Hop-by-Hop
  • Payload Truncated
  • Protocol Unknown
  • Route Type Deprecated
  • Route Type Unknown
  • Zero Payload Length

ICMP Forensics

  • Bad IP Header Length
  • Echo (ping) Reply
  • Echo (ping) Request
  • Host Prohibited Unreachable
  • Host Unreachable
  • Network Unreachable
  • Ping Flood
  • Ping Sweep
  • Port Unreachable
  • Protocol Unreachable
  • Time Exceeded
  • Timestamp
  • Timestamp Reply
  • Type Deprecated
  • Type Other
  • Type Unknown
  • Unreachable Other

ICMPv6 Forensics

  • Address Unreachable
  • Bad IP Header Length
  • Echo (ping) Reply
  • Echo (ping) Request
  • Neighbor Advert
  • Neighbor Solicit
  • No Route Unreachable
  • Packet Too Big
  • Ping Flood
  • Ping Sweep
  • Port Unreachable
  • Router Advert
  • Router Solicit
  • Time Exceeded
  • Type Other
  • Unreachable Other

DHCP Forensics

  • Ack Message
  • Bad Option Length
  • Boot File Missing Null
  • Boot File Overload
  • Boot Reply
  • Boot Request
  • Bootp Vendor Options
  • Discover Flood
  • Discover Message
  • End Option Missing
  • Large Message
  • Message Other
  • Message Truncated
  • Message Unknown
  • Offer Message
  • Operation Unknown
  • Option Overflow
  • Overload End Option Missing
  • Request Message
  • Request to Client
  • Response to Server
  • Server Name Missing Null
  • Server Name Overload

DHCPv6 Forensics

  • Advertise Message
  • Bad Option Length
  • Client Request
  • Message Other
  • Message Truncated
  • Message Unknown
  • Option Overflow
  • Option Unknown
  • Release Message
  • Renew Message
  • Renew Message Flood
  • Reply Message
  • Request Message
  • Request Message Flood
  • Request to Client
  • Response to Server
  • Server Response
  • Solicit Message
  • Status No Addrs Avail
  • Status No Binding
  • Status No Prefix Avail
  • Status Not On Link
  • Status Other
  • Status Success
  • Status Unknown
  • Status Unspec Fail
  • Status Use Multicast

ARP Forensics

  • Any IP Target
  • Bad Hardware Length
  • Duplicate IP Address
  • Hardware Type Unknown
  • OpCode Other
  • OpCode Unknown
  • Probe
  • Reply
  • Request
  • Request Storm

SNMP Forensics

  • Agent Messages
  • Authentication Failure
  • Authorization Error
  • Bad Community
  • Bad Enterprise Tag
  • Bad Error Index
  • Bad Error Status
  • Bad Generic Trap
  • Bad Length
  • Bad Max Repetitions
  • Bad Non Repeaters
  • Bad Object Name
  • Bad Object Value
  • Bad PDU Type
  • Bad Request ID
  • Bad Specific Trap
  • Bad Trap Address
  • Bad Trap Timestamp
  • Bad V3 Message
  • Bad V3 Scoped PDU
  • Bad V3 USM
  • Bad Value
  • Bad Varbind List
  • Bad Variable Binding
  • Bad Version
  • Cisco Systems
  • Cold Start
  • Commit Failed
  • EGP Neighbor Loss
  • Empty Community
  • Enterprise Trap
  • Error Status Unknown
  • Gen Error
  • Get Bulk Request
  • Get Next Request
  • Get Request
  • IBM
  • Inconsistent Name
  • Inconsistent Value
  • Inform Request
  • Large Max Repetitions
  • Link Down
  • Link Up
  • Long Community
  • Malformed Length
  • Manager Messages
  • Message Truncated
  • MIB Unknown
  • mib-2 at
  • mib-2 dot1dBridge
  • mib-2 entityMIB
  • mib-2 host
  • mib-2 icmp
  • mib-2 ifMIB
  • mib-2 interfaces
  • mib-2 ip
  • mib-2 Other
  • mib-2 printmib
  • mib-2 rmon
  • mib-2 snmp
  • mib-2 system
  • mib-2 tcp
  • mib-2 udp
  • Missing Field
  • Negative Request ID
  • No Access
  • No Creation
  • No Error
  • No Such Name
  • Not Writable
  • NULL In Community
  • PDU In Wrong Version
  • Popular Community
  • Private Enterprise
  • Read Only
  • Report
  • Resource Unavailable
  • Response
  • Set Request
  • SNMPv1
  • snmpV2
  • SNMPv2 Trap
  • SNMPv2c
  • SNMPv2u
  • SNMPv3
  • Too Big
  • Trap
  • Trap Other
  • UDP Zero-Payload
  • Undo Failed
  • Warm Start
  • Wrong Encoding
  • Wrong Length
  • Wrong Type
  • Wrong Value

Telnet Forensics

  • Abort Output
  • Are You There
  • Bad Baud Rate
  • Bad COM Port Cmd
  • Bad Control
  • Bad Data Size
  • Bad Line State
  • Bad Modem State
  • Bad Option Data
  • Bad Option Length
  • Bad Parity
  • Bad Purge Data
  • Bad Stop Size
  • Bad Terminal Type
  • Break
  • Command Unknown
  • Data Mark
  • DO
  • DON’T
  • Environment Variable
  • Erase Character
  • Erase Line
  • Go Ahead
  • Interrupt Process
  • Kerberos v4
  • Kerberos v5
  • Loki
  • Long Auth Name
  • Long Password
  • Long Terminal Type
  • Long User Name
  • NOP
  • NTLM
  • NULL
  • Option Malformed
  • Option Unknown
  • Password
  • RSA
  • SB
  • SE
  • Server Packets
  • SPX
  • SSL
  • Total
  • Type Other
  • Type Unknown
  • User Name
  • User Packets
  • WILL
  • WON’T

TFTP Forensics

  • Access Violation
  • Acknowledgment
  • Amplification Attack
  • Bad Block Size
  • Bad Window Size
  • Block Size
  • Client Packets
  • Data Packet
  • Disk Full
  • Duplicate Acknowledgment Block
  • Duplicate Data Block
  • Empty Filename
  • Empty Transfer Mode
  • Error Code Unknown
  • Error Message
  • Error Msg Missing Null
  • Extraneous Data
  • File Already Exists
  • File Ext .bin
  • File Ext .boot
  • File Ext .c32
  • File Ext .cert
  • File Ext .cfg
  • File Ext .cmd
  • File Ext .conf
  • File Ext .cpio
  • File Ext .crt
  • File Ext .deb
  • File Ext .efi
  • File Ext .efi32
  • File Ext .efi64
  • File Ext .exe
  • File Ext .gz
  • File Ext .image
  • File Ext .ini
  • File Ext .initrd
  • File Ext .iso
  • File Ext .jar
  • File Ext .kernel
  • File Ext .key
  • File Ext .linux
  • File Ext .load
  • File Ext .log
  • File Ext .map
  • File Ext .pem
  • File Ext .pkg
  • File Ext .plist
  • File Ext .raw
  • File Ext .rom
  • File Ext .rpm
  • File Ext .sh
  • File Ext .so
  • File Ext .tar
  • File Ext .txt
  • File Ext .xml
  • File Ext .zip
  • File Ext Unrecognized
  • File Not Found
  • Filename Missing Null
  • Illegal Operation
  • Large Block Size
  • Long Error Message
  • Long Filename
  • Long Option
  • Long Transfer Mode
  • mail
  • Missing Acknowledgment Block
  • Missing Data Block
  • Missing Field
  • Multicast
  • netascii
  • No Such User
  • Not Defined
  • octet
  • Opcode Unknown
  • Option Acknowledgment
  • Option Missing NULL
  • Option Negotiation Failed
  • Option Unknown
  • Packet Truncated
  • Prior Acknowledgment Block
  • Prior Data Block
  • Read Data
  • Read Request
  • Server Packets
  • Timeout Interval
  • Transfer Mode Missing Null
  • Transfer Mode Unknown
  • Transfer Size
  • Unknown Transfer ID
  • Window Size
  • Write Data
  • Write Request

traceroute Forensics

  • Hop 1
  • Hop 2
  • Hop 3
  • Hop 4
  • Hop 5
  • Hop 6
  • Hop 7
  • Hop 8
  • Hop 9
  • Hop 10
  • Hop 11+
  • Udp Packets