Network Security Analysis With Network Miner

Martin Brinkmann
Jan 27, 2009
Updated • Nov 23, 2017
Software, Windows software

Network Miner is a portable Open Source network security analysis tool that can monitor the traffic of a connected network adapter in the Windows operating system.

It utilizes a build in passive network sniffer / packet capturing tool that can detect IPs, hostnames, operating systems, ports and various other information of any connection. The network security tool requires the - separate - installation of WinPcap to function properly and reliable.

The main purpose of Network Miner is data collection for future analysis (such as forensic evidence analysis) rather than collecting data regarding the traffic on the network. Information is grouped by host rather than by packets or frames although it is possible to switch the view modes easily in the software interface.

Network Miner

Network Miner can - among other things - extract files and certificates transferred over the network. This can be used to save media files that are streamed across the network.

Another interesting ability is the extraction of user credentials - that is usernames and passwords for supported protocols which are then displayed in the credentials tab in Network Miner.

Note that you may need to run the program with elevated privileges -- by right-clicking on it and selecting run as administrator -- as you may not be able otherwise to select network adapters that you want to monitor.

Once you hit the start button a list of hostnames, files and credentials are populated in tabs in the program window.  The biggest limitation of the free version is that you cannot export the data, and since there is no search, it may be difficult to go through it effectively or find specific information.

It is however possible to add keywords to the program that you want monitored. You can add keywords manually from within the program or by loading a keyword list. The application displays all matches automatically in its interface which is one of the best options to find data points of interest.

Another interesting feature is the cleartext listing. Here you find all information that are transmitted in clear text. You can use it to analyze the network traffic to find out if important information are transmitted in clear text.

Network Miner is a sophisticated program even as the limited free version. The professional version -- available for $700 -- supports command line scripting, port independent protocol identification, host coloring, DNS whitelisting and GEO IP localization among other features on top of what the free version offers.

software image
Author Rating
no rating based on 0 votes
Software Name
Network Miner
Operating System
Software Category
Landing Page

Tutorials & Tips

Previous Post: «
Next Post: «


  1. neelu patel said on April 24, 2020 at 8:46 am

    can we extract pdf and docs files from pcap file using NetworkMiner

  2. Nessy23 said on May 20, 2010 at 4:26 pm

    I prefer to work on Mac and I use ProteMac Meter for it.

  3. me said on January 28, 2009 at 7:33 am

    oh no take it back it works on Win Server 2003, i was running it form a share.

  4. me said on January 28, 2009 at 7:31 am

    Don’t work on Win Server 2003 or Win XP x64 keeps coming up with an error cant find winpcap even if you install it, then it comes up with an error saying it cant find .Net 2.0 which i also have installed. Bad Job!!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.