NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
NetworkMiner makes it easy to perform advanced Network Traffic Analysis (NTA) by providing extracted artifacts in an intuitive user interface. The way data is presented not only makes the analysis simpler, it also saves valuable time for the analyst or forensic investigator.
NetworkMiner has, since the first release in 2007, become a popular tool among incident response teams as well as law enforcement. NetworkMiner is today used by companies and organizations all over the world.
NetWorker 2.0.5 – Show network speed and traffic in your menu bar. March 20, 2017 NetWorker is a lightweight and easy-to-use tool that shows either the current download and upload speed or the session traffic of your network adapter. Dell Expert Network. Kensington Pro Fit Low-Profile Desktop Set - Keyboard and mouse set - wireless - 2.4 GHz - US. 2.1 MP - 1920 x 1080 - 1080p - audio - USB. NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD).NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. Without putting any traffic on the network.
| NetworkMiner (free edition) | NetworkMiner Professional | |
|---|---|---|
| Live sniffing | ||
| Parse PCAP files | ||
| Parse PcapNG files | ||
| IPv6 support | ||
| Extract files from FTP, TFTP, HTTP, HTTP/2, SMB, SMB2, SMTP, POP3 and IMAP traffic | ||
| Extract X.509 certificates from SSL encrypted traffic like HTTPS, SMTPS, IMAPS, POP3S, FTPS etc. | ||
| Decapsulation of GRE, 802.1Q, PPPoE, VXLAN, OpenFlow, SOCKS, MPLS and EoMPLS | ||
| Receive Pcap-over-IP | ||
| Runs in Windows and Linux | ||
| OS Fingerprinting (*) | ||
| Audio extraction and playback of VoIP calls | ||
| OSINT lookups of file hashes, IP addresses, domain names and URLs | ||
| Port Independent Protocol Identification (PIPI) | ||
| User Defined Port-to-Protocol Mappings (decode as) | ||
| Export to CSV / Excel / XML / CASE / JSON-LD | ||
| Configurable file output directory | ||
| Configurable time zone (UTC, local or custom) | ||
| Geo IP localization (**) | ||
| DNS Whitelisting (***) | ||
| Advanced OS fingerprinting | ||
| Web browser tracing (4:10 into this video) | ||
| Online ad and tracker detection | ||
| Host coloring support | ||
| Command line scripting support | (through NetworkMinerCLI) | |
| Price | Free | $ 900 USD |
| Download NetworkMiner | ||
| * Fingerprinting of Operating Systems (OS) is performed by using databases from Satori and p0f ** This product includes GeoLite data created by MaxMind, available from http://maxmind.com/ *** Domain names in the DNS tab are checked against the Alexa top 1,000,000 sites | ||
NetworkMiner can extract files, emails and certificates transferred over the network by parsing a PCAP file or by sniffing traffic directly from the network.
NetworkMiner showing files extracted from sniffed network traffic to disk
NetworkMiner showing thumbnails for images extracted to disk
User credentials (usernames and passwords) for supported protocols are extracted by NetworkMiner and displayed under the 'Credentials' tab. The credentials tab sometimes also show information that can be used to identify a particular person, such as user accounts for popular online services like Gmail or Facebook.
Another very useful feature is that the user can search sniffed or stored data for keywords. NetworkMiner allows the user to insert arbitrary string or byte-patterns that shall be searched for with the keyword search functionality.
NetworkMiner Professional comes installed on a specially designed USB flash drive. You can run NetworkMiner directly from the USB flash drive since NetworkMiner is a portable application that doesn't require any installation. We at Netresec do, however, recommend that you copy NetworkMiner to the local hard drive of your computer in order to achieve maximum performance.
» How To Buy NetworkMiner Professional «
Download NetworkMiner
The latest version of NetworkMiner can be downloaded from:
» https://www.netresec.com/?download=NetworkMiner « (executable application)
SHA256 hash: 34d81e42eec33183b79191de165ae506933fa3bb5b1fd836e70ef81468c9c65b
» https://www.netresec.com/?page=NetworkMinerSourceCode « (source code)
SHA256 hash: 8dc5802cd90eb081097398b8b6606e0c56dcf7498616a5a28d01e6b247e168a1
For older releases of NetworkMiner (prior to version 2.0), please visit the NetworkMiner page on SourceForge:
http://sourceforge.net/projects/networkminer/files/networkminer/
However, please note that we no longer release new versions of NetworkMiner on SourceForge.
Change Log
| Version | Release Date | Major Improvements |
|---|---|---|
| JA3 hash extraction and parsers for the HTTP/2, DoH and CIFS browser protocol. | ||
| Username extraction from Kerberos traffic, ICS device fingerprinting and improved Linux support. | ||
| Improved email and VoIP call extraction. | ||
| VoIP call audio extraction and playback as well as OSINT lookups of file hashes, IP addresses, domain names and URLs. | ||
| Faster parsing speed (x2) and CASE export. | ||
| Improved HTTP parser. | ||
| NetworkMiner 2.1 | 2017-01-11 | New protocols: POP3, IMAP, VXLAN, OpenFlow and SOCKS. |
| NetworkMiner 2.0 | 2016-02-09 | New protocols: SMB2 and Modbus/TCP. |
| NetworkMiner 1.6 | 2014-06-16 | Improved SMTP and DNS parsing. |
| NetworkMiner 1.5 | 2013-08-07 | New protocols: PPPoE and LLMNR, fixed two vulnerabilities. |
| NetworkMiner 1.4 | 2012-08-16 | New protocol: IEC 60870-5-104. |
| NetworkMiner 1.3 | 2012-04-12 | Username and password from HTTP Digest Authentication (RFC 2617). |
| NetworkMiner 1.2 | 2011-11-19 | New protocol: GRE, platform independent (works in Linux, Mac OSX etc). |
| NetworkMiner 1.1 | 2011-09-15 | New protocol: PPP. Screen resolution, color depth, browser language and flash version extracted from Google Analytics. |
| NetworkMiner 0.71 | 2007-02-16 | First public release of NetworkMiner. |
NetworkMiner Videos
More Information
There are also several blog posts about NetworkMiner on the NETRESEC Network Security Blog:
⛏
What's new
- Added a fix to s0ix flow to support cable connected case.
- Initial support for the following devices:
Ethernet Connection (13) I219-LM
Ethernet Connection (13) I219-V
Ethernet Connection (14) I219-LM
Ethernet Connection (14) I219-V
Ethernet Connection (15) I219-LM
Ethernet Connection (15) I219-V
Ethernet Connection (16) I219-LM
Ethernet Connection (16) I219-V
Ethernet Connection (17) I219-LM
Ethernet Connection (17) I219-V
Backport to upstream: 0290bd291c (netdev: pass the stuck queue to the timeout handle)
Backport to upstream: b0ddfe2bb2 (intel: correct return from set features callback)
Backport to upstream: ee2e80c194 (e1000e: Use dev_get_drvdata where possible)
Backport to upstream: a702381940 (e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm)
Backport to upstream: daee5598e4 (e1000e: Drop unnecessary __E1000_DOWN bit twiddling)
Backport to upstream: 12299132b3 (net: ethernet: intel: Demote MTU change prints to debug)
Backport to upstream: c557a4b3f7 (e1000e: Use netdev_info instead of pr_info for link messages)
Purpose
This driver includes support for the Intel® Itanium® 2-based and the Intel® EM64T system. This release supports the latest 2.4 series kernel as well as 2.6.x and 3.x versions.
e1000e.x.x.x.tar.gz is designed to work with the Intel® 82563/82566/82567 Gigabit Ethernet PHY, Intel® 82571/82572/82573/82574/82577/82578/82579/82583 Gigabit Ethernet Controller, and I217/I218 controllers under Linux*. The latest version and earlier versions of this driver are available from SourceForge*.
If your adapter/connection is not 82563, 82566, 82567, 82571, 82572, 82573, 82574, 82577, 82578, 82579, or 82583-based, you should use one of the following drivers:
Networker Pro 6 2 0 2970
- igb-x.x.x.tar.gz driver supports all Intel® 82575, 82576, 82580, I350, I210, or I211-based Gigabit Network Adapters/Connections
- e1000-x.x.x.tar.gz driver supports all Intel® 8254x-based PCI and PCI-X Gigabit Network Adapters/Connections
Networker Pro 6 2 0 2
See the readme notes for installation instructions, supported hardware, what is new, bug fixes, and known issues.
About Intel® drivers
The driver or software for your Intel® component might have been changed or replaced by the computer manufacturer. We recommend you work with your computer manufacturer before installing our driver so you don’t lose features or customizations.
See a list of computer manufacturer support websites