Networkminer Professional 158: A Powerful Tool for Network Forensics
Network forensics is the process of analyzing network traffic to find evidence of malicious activity, security breaches, or other incidents. Network forensics can help investigators identify the source, destination, and content of network communications, as well as extract artifacts such as files, images, emails, passwords, certificates, and more.
One of the most popular and effective tools for network forensics is Networkminer, an open source software developed by Netresec. Networkminer can parse PCAP files or capture live network traffic by sniffing a network interface. It can also receive Pcap-over-IP from other sources. Networkminer can extract various types of data from network traffic, such as:
Files from FTP, TFTP, HTTP, HTTP/2, SMB, SMB2, SMTP, POP3, IMAP and LPR traffic
X.509 certificates from SSL encrypted traffic like HTTPS, SMTPS, IMAPS, POP3S, FTPS etc.
User credentials (usernames and passwords) for supported protocols
Audio from VoIP calls
OSINT lookups of file hashes, IP addresses, domain names and URLs
JA3 and JA3S hashes for TLS client and server fingerprinting
DNS TXT and SRV records
OS fingerprinting using databases from Satori and p0f
Port Independent Protocol Identification (PIPI)
Web browser tracing
Online ad and tracker detection
Networkminer also provides a host inventory that shows detailed information about each IP address in the analyzed network traffic. This can be used for passive asset discovery as well as to get an overview of which devices are communicating.
Host inventory in NetworkMiner
The latest version of Networkminer is 2.7.3 , which was released in April 2022. This version introduces several new features and improvements, such as:
Extraction of meterpreter payloads from reverse shells
Offline lookups of JA3 hashes and TLS certificates
A packet carver that extracts network packets from memory dumps (only available in Networkminer Professional)
Extraction of documents from print traffic (only available in Networkminer Professional)
Improved file extraction from SMB2 and HTTP POST traffic (only available in Networkminer Professional)
If you are interested in network forensics and want to try out Networkminer yourself, you can download the free edition from Netresec's website. However, if you want to access the full potential of Networkminer and enjoy more advanced features and support, you should consider purchasing Networkminer Professional 158, which is the latest commercial version of Networkminer.
Networkminer Professional 158 is a powerful tool that can help you perform network forensics more efficiently and effectively. It comes with a license that allows you to install it on up to five machines. It also includes one year of free updates and support. You can buy Networkminer Professional 158 for $1200 USD from aa16f39245