NetworkMiner updated to v1.4.1
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
The purpose of NetworkMiner is to collect data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).
NetworkMiner has, since the first release in 2007, become popular tool among incident responce teams as well as law enforcement. NetworkMiner is today used by companies and organizations all over the world.
The new features in NetworkMiner 1.4 include:
- Better handling of fragmented IPv4 packets.
- Verification of “.pcap” file extension is completely removed. Files with any extension can now be loaded, provided they are valid libpcap files.
- DHCP options are extracted and presented on the parameters tab.
- Parser for the IEC 60870-5-104 protocol. This feature will be covered in more detail in a separate blog post soon.
A long awaited “Clear GUI” menu entry has been added to the “Tools” menu. This feature will be welcomed by users who previously restarted NetworkMiner in order to clear the GUI.
NetworkMiner 1.4 with Clear GUI menu item
The Credentials tab has now gotten a check box that allows the user to show/hide captured HTTP cookies. This provides for a much cleaner view of captured usernames and passwords.