1. Summary
  2. Files
  3. Support
  4. Report Spam
  5. Create account
  6. Log in

NetworkMiner

From networkminer

(Difference between revisions)
Jump to: navigation, search
 
(4 intermediate revisions not shown)
Line 1: Line 1:
-
[[image:Networkminer-0.84-sourceforge_details.jpg|right|alt=NetworkMiner screenshot|link=https://sourceforge.net/project/screenshots.php?group_id=189429]][http://www.netresec.com/?page=NetworkMiner NetworkMiner] is a [[Network Forensics|Network Forensic Analysis Tool (NFAT)]] for Windows. [http://networkminer.sourceforge.net/ NetworkMiner]can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse [[Publicly available PCAP files|PCAP files]] for off-line analysis and to regenerate/reassemble/rebuild transmitted files, directory structures and certificates from PCAP files.
+
[[image:Networkminer-0.84-sourceforge_details.jpg|right|alt=NetworkMiner screenshot|link=https://sourceforge.net/project/screenshots.php?group_id=189429]][http://www.netresec.com/?page=NetworkMiner NetworkMiner] is a [[Network Forensics|Network Forensic Analysis Tool (NFAT)]] for Windows. [http://networkminer.sourceforge.net/ NetworkMiner] can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse [http://www.netresec.com/?page=PcapFiles PCAP files] for off-line analysis and to regenerate/reassemble/rebuild transmitted files, directory structures and certificates from PCAP files.
The purpose of NetworkMiner is to collect data (such as [[Network Forensics|forensic evidence]]) about hosts on the network rather than to collect data regarding the traffic on the network. The main view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames). NetworkMiner also comes in very handy when analyzing malware traffic, such as C&C (command-and-control) traffic from a BotNet, since uploaded and downloaded files are extracted to disk.
The purpose of NetworkMiner is to collect data (such as [[Network Forensics|forensic evidence]]) about hosts on the network rather than to collect data regarding the traffic on the network. The main view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames). NetworkMiner also comes in very handy when analyzing malware traffic, such as C&C (command-and-control) traffic from a BotNet, since uploaded and downloaded files are extracted to disk.
Line 28: Line 28:
=Articles and Papers=
=Articles and Papers=
 +
* [http://www.softwarecrew.com/2011/05/capture-and-analyse-your-network-traffic-with-the-free-networkminer/ "Capture and analyse your network traffic with the free NetworkMiner". SoftwareCrew, May 12 2011]
 +
* [http://www.downloadcrew.com/article/22483-networkminer "NetworkMiner 1.0". DownloadCrew, May 12 2011]
 +
 +
===2010===
* [http://www.cio.com/article/print/638513 Erik Hjelmvik, "Network neutrality and protocol discrimination". CIO.com, November 22 2010] [http://www.cio.com.au/article/368941/network_neutrality_protocol_discrimination/ alt. link (cio.com.au)]
* [http://www.cio.com/article/print/638513 Erik Hjelmvik, "Network neutrality and protocol discrimination". CIO.com, November 22 2010] [http://www.cio.com.au/article/368941/network_neutrality_protocol_discrimination/ alt. link (cio.com.au)]
* [http://arstechnica.com/tech-policy/news/2010/08/encrypted-and-obfuscated-your-p2p-protocol-can-still-be-ided.ars Nate Anderson, "Encrypted and obfuscated? Your P2P protocol can still be IDed". Ars Technica, August 25 2010]  
* [http://arstechnica.com/tech-policy/news/2010/08/encrypted-and-obfuscated-your-p2p-protocol-can-still-be-ided.ars Nate Anderson, "Encrypted and obfuscated? Your P2P protocol can still be IDed". Ars Technica, August 25 2010]  
Line 62: Line 66:
=Videos and Screencasts=
=Videos and Screencasts=
 +
* [http://www.youtube.com/watch?v=7CysHUdkKeY Anton Schieffer, "Network Miner Tutorial" (February 2011)]
* [http://www.irongeek.com/i.php?page=videos/networkminer-for-network-forensics Adrian Crenshaw (Irongeek), "NetworkMiner for Network Forensics", Irongeek.com "Hacking Illustrated Videos" (December 2008)]
* [http://www.irongeek.com/i.php?page=videos/networkminer-for-network-forensics Adrian Crenshaw (Irongeek), "NetworkMiner for Network Forensics", Irongeek.com "Hacking Illustrated Videos" (December 2008)]
* [http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1343240,00.html Peter Giannoulis, "How to gather host-level data with Network Miner", SearchSecurity.com "Network Security Tactics" (December 2008)]
* [http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1343240,00.html Peter Giannoulis, "How to gather host-level data with Network Miner", SearchSecurity.com "Network Security Tactics" (December 2008)]
* [http://www.hak5.org/episodes/episode-514 Mubix, "Network Tap Analyzers, Streaming Music with Netcat and Wii Homebrew on System Menu 4.0", Hak5 - Episode 514 (May 2009)] [http://revision3.com/hak5/mubix alt. link]
* [http://www.hak5.org/episodes/episode-514 Mubix, "Network Tap Analyzers, Streaming Music with Netcat and Wii Homebrew on System Menu 4.0", Hak5 - Episode 514 (May 2009)] [http://revision3.com/hak5/mubix alt. link]

Current revision as of 11:01, 19 September 2012

NetworkMiner screenshot
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble/rebuild transmitted files, directory structures and certificates from PCAP files.

The purpose of NetworkMiner is to collect data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames). NetworkMiner also comes in very handy when analyzing malware traffic, such as C&C (command-and-control) traffic from a BotNet, since uploaded and downloaded files are extracted to disk.


Contents

Features

NetworkMiner performs OS fingerprinting based on TCP SYN and SYN+ACK packet by using OS fingerprinting databases from p0f (by Michal Zalewski) and Ettercap (by Alberto Ornaghi and Marco Valleri). NetworkMiner can also perform OS fingerprinting based on DHCP packets (which usually are broadcast packets) by making use of the Satori (by Eric Kollmann) OS fingerprinting database from FingerBank. NetworkMiner also uses the MAC-vendor list from Nmap (by Fyodor).

NetworkMiner can extract files and certificates transferred over the network by parsing a PCAP file or by sniffing traffic directly from the network. This is a neat function that can be used to extract and save media files (such as audio or video files) which are streamed across a network. Supported protocols for file extraction are FTP, HTTP and SMB.

User credentials (usernames and passwords) for supported protocols are extracted by NetworkMiner and displayed under the "Credentials" tab. Please be considerate when displaying the contents of this tab to the public.

Another very useful feature is that the user can search sniffed or stored data for keywords. NetworkMiner allows the user to insert arbitrary string or byte-patterns that shall be searched for with the keyword search functionality.

Version 0.84 (and newer) of NetworkMiner support sniffing and parsing of WLAN (IEEE 802.11) traffic. NetworkMiner does however currently only support WiFi sniffing with AirPcap adapters.

Download

You can download NetworkMiner packet analyzer here.

NetworkMiner logo
NetworkMiner Logo

Troubleshooting and Bug Reports

Are you experiencing errors or crashes when running NetworkMiner? A common problem is not having .NET Framework 2.0 installed. Please feel free to submit any bugs or instability issues you might experience to the NetworkMiner bug tracker. Requests for new features or new protocols you'd like to see implemented in NetworkMiner can be submitted to the NetworkMiner feature request tracker.

Articles and Papers

2010

2009

2008

Presentations

Videos and Screencasts

Personal tools