NetworkMiner
Comparison of tools that extract files from PCAP
One of the premier features in NetworkMiner is the ability to extract files from captured network traffic in PCAP files. NetworkMiner reassembles the file contents by parsing protocols that are used to ...
Decoding njRAT traffic with NetworkMiner
I investigate network traffic from a Triage sandbox execution of njRAT in this video. The analysis is performed using NetworkMiner in Linux (REMnux to be specific). About njRAT / Bladabindi njRAT is ...
How to Install NetworkMiner in Linux
This guide shows how to install the latest version of NetworkMiner in Linux. To install an older NetworkMiner release, prior to version 3.0, please see our legacy NetworkMiner in Linux guide. STEP ...
NetworkMiner 3.0 Released
I am very proud to announce the release of NetworkMiner 3.0 today! This version brings several new protocols as well as user interface improvements to NetworkMiner. We have also made significant changes ...
Remote Sniffing from Mikrotik Routers
One of the new features in NetworkMiner 2.9 is a TZSP streaming server. It is designed to read a real-time stream of sniffed packets from Mikrotik routers. This method for remote sniffing ...
NetworkMiner 2.9 Released
NetworkMiner 2.9 brings several new and improved features to help analysts make sense of network traffic from malware, criminals and industrial control systems. Highlights from this new version include: TZSP supportStealC extractorImproved ...
Forensic Timeline of an IcedID Infection
The BackConnect and VNC parsers that were added to NetworkMiner 2.8.1 provide a unique possibility to trace the steps of an attacker with help of captured network traffic from a hacked computer ...
NetworkMiner 2.8.1 Released
I am happy to announce the release of NetworkMiner 2.8.1 today! This new release brings a VNC parser to NetworkMiner, so that screenshots, keystrokes and clipboard data can be extracted from unencrypted ...
EvilExtractor Network Forensics
I analyzed a PCAP file from a sandbox execution of the Evil Extractor stealer malware earlier today. This stealer collects credentials and files of interest from the victim's computer and exfiltrates them ...
NetworkMiner 2.8 Released
I am happy to announce the release of NetworkMiner 2.8 today! This new version comes with an improved user interface, better parsing of IEC-104 traffic and decapsulation of CAPWAP traffic. The professional ...
