Recently I got a chance to try NetworkMiner. It’s a network forensics program. It can be used as a passive network sniffer to detect :
- operating systems
- open ports
It can also be used to analyze PCAP files.
The main purpose of NetworkMiner is to collect hosts data.
One drawback of this tool is that it needs .NET Framework. :( Other than that it’s a great tool to help you in network forensics.
Before you can use NetworkMiner, you have to make sure your system already has the following software packages :
- .NET Framework 2 or higher. I am using the SP1 version.
- If you want to do live-packet capture using WinPcap adapter you also need to install WinPcap.
To install NetworkMiner just download the package from http://sourceforge.net/projects/networkminer/
The latest version at the time of this writing is version 0.88.
After download the package, unzip it, and you will find a NetworkMiner.exe file. Just do a double-click on that file to run NetworkMiner.
Here is my NetworkMiner in action, analyzing a PCAP file :