NetworkMiner – Network Forensic Analysis Tool

NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network.

NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files. since the first release in 2007, become a popular tool among incident response teams as well as law enforcement.

NetworkMiner - Network Forensic Analysis Tool
NetworkMiner – Network Forensic Analysis Tool

NetworkMiner makes it easy to perform advanced Network Traffic Analysis (NTA) by providing extracted artifacts in an intuitive user interface. The way data is presented not only makes the analysis simpler, it also saves valuable time for the analyst or forensic investigator.

Supported features with the free version are:

  • Live sniffing
  • Parse PCAP files
  • Parse PcapNG files
  • IPv6 support
  • Extract files from FTP , TFTP , HTTP , HTTP/2 , SMB , SMB2 , SMTP, POP3 and IMAP traffic
  • Extract X.509 certificates from SSL encrypted traffic like HTTPS, SMTPS, IMAPS, POP3S, FTPS etc.
  • Decapsulation of GRE, 802.1Q, PPPoE, VXLAN, OpenFlow, SOCKS, MPLS and EoMPLS
  • Receive Pcap-over-IP
  • Runs in Windows and Linux
  • OS Fingerprinting

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments