Network Miner is a portable Open Source network security analysis tool that can monitor the traffic of a connected network adapter in the Windows operating system.
It utilizes a build in passive network sniffer / packet capturing tool that can detect IPs, hostnames, operating systems, ports and various other information of any connection. The network security tool requires the - separate - installation of WinPcap to function properly and reliable.
The main purpose of Network Miner is data collection for future analysis (such as forensic evidence analysis) rather than collecting data regarding the traffic on the network. Information is grouped by host rather than by packets or frames although it is possible to switch the view modes easily in the software interface.
Network Miner can - among other things - extract files and certificates transferred over the network. This can be used to save media files that are streamed across the network.
Another interesting ability is the extraction of user credentials - that is usernames and passwords for supported protocols which are then displayed in the credentials tab in Network Miner.
Note that you may need to run the program with elevated privileges -- by right-clicking on it and selecting run as administrator -- as you may not be able otherwise to select network adapters that you want to monitor.
Once you hit the start button a list of hostnames, files and credentials are populated in tabs in the program window. The biggest limitation of the free version is that you cannot export the data, and since there is no search, it may be difficult to go through it effectively or find specific information.
It is however possible to add keywords to the program that you want monitored. You can add keywords manually from within the program or by loading a keyword list. The application displays all matches automatically in its interface which is one of the best options to find data points of interest.
Another interesting feature is the cleartext listing. Here you find all information that are transmitted in clear text. You can use it to analyze the network traffic to find out if important information are transmitted in clear text.
Network Miner is a sophisticated program even as the limited free version. The professional version -- available for $700 -- supports command line scripting, port independent protocol identification, host coloring, DNS whitelisting and GEO IP localization among other features on top of what the free version offers.
If you like our content, and would like to help, please consider making a contribution: