NETRESEC has shipped NetworkMiner 2.0, the latest edition of its powerful network forensic analysis tool.
The update does a better job of interpreting your network traffic, with new parsers for SMB2 and Modbus/TCP, file extraction from SMB writes, and improved parsing for SMTP, FTP and DNS traffic.
A keyword filter in the Files, Parameters and DNS tabs allows you to quickly zoom in on important network data.
The program now extracts website favicon images and displays them in the HOSTS tab.
This release also sees the project move from SourceForge to NETRESEC’s site. (Older editions are still available there, but no longer supported.)
While this all sounds technical, it’s still extremely easy for absolutely anyone to use. If you want to understand how your network is being used, it could be as easy as downloading and unzipping the program, running NetworkMiner.exe as an administrator, choosing a network adapter and clicking Start.
Open a browser window, visit a site or two, and NetworkMiner sniffs the traffic and analyses it across various ways: DNS queries, hosts accessed, files downloaded, even images are extracted from the traffic and displayed in thumbnail form.
Live network sniffing isn’t always reliable, but if this doesn’t work then the program can also analyse PCAP files with the same level of detail.
The free build delivers all this with minimal restrictions, while a $900 Professional edition adds even more (Geo IP localisation, browser tracing, host coloring, export to CSV/ Excel, XML, more).
NetworkMiner 2.0 is available for Windows XP and later.