Guys, I apologize for jumping in at the last minute, but this is an awesome post. Im just trying to learn how to get into forensics, and Im learning a great deal. I started by looking at dons post and came up with a port scan but the target is behind a firewall or has iptables set to reject or drop incoming.
You mentioned using TCPDUMP for hex translation. I know that tcpdump is a *nix based program. I may be mistaken but I thought u said that the computer was a winnt or 2k.
Obake: how did u do the hex translation?
thanx guys and I hope to start postin here more often.
10Ded