Network Security Analysis With Network Miner

Network Miner is a portable Open Source network security analysis tool that can monitor the traffic of a connected network adapter in the Windows operating system.

It utilizes a build in passive network sniffer / packet capturing tool that can detect IPs, hostnames, operating systems, ports and various other information of every connection. The network security tool requires the - separate - installation of WinPcap to function properly and reliable.

The main purpose of Network Miner is data collection for future analysis (such as forensic evidence analysis) rather than collecting data regarding the traffic on the network. Information are grouped by host rather than by packets or frames although it is possible to switch the view modes easily in the software interface.

Network Miner can - among other things - extract files and certificates transferred over the network. This can be used to save media files that are streamed across the network.

network security

Another interesting ability is the extraction of user credentials - that is usernames and passwords for supported protocols which are then displayed in the credentials tab in Network Miner.

Note that you may need to run the program with elevated privileges -- by right-clicking on it and selecting run as administrator -- as you may not be able otherwise to select network adapters that you want to monitor.

Once you hit the start button a list of hostnames, files and credentials are populated in tabs in the program window.  The biggest limitation of the free version is that you cannot export the data, and since there is no search, it may be difficult to go through it effectively or find specific information.

Read also:  Lessmsi: view and extract Windows MSI files

It is however possible to add keywords to the program that you want monitored. You can add keywords manually from within the program or by loading a keyword list. The application displays all matches automatically in its interface which is one of the best options to find data points of interest.

Another interesting feature is the cleartext listing. Here you find all information that are transmitted in clear text. You can use it to analyze the network traffic to find out if important information are transmitted in clear text.

Network Miner is a sophisticated program even as the limited free version. The professional version -- available for $700 -- supports command line scripting, port independent protocol identification, host coloring, DNS whitelisting and GEO IP localization among other features on top of what the free version offers.

Summary
Author Rating
no rating based on votes
Software Name
Network Miner
Operating System
Windows
Landing Page
Advertisement
Please share this article

Facebooktwittergoogle_plusredditlinkedinmail


Filed under:


Responses to Network Security Analysis With Network Miner

  1. me January 28, 2009 at 7:31 am #

    Don't work on Win Server 2003 or Win XP x64 keeps coming up with an error cant find winpcap even if you install it, then it comes up with an error saying it cant find .Net 2.0 which i also have installed. Bad Job!!

  2. me January 28, 2009 at 7:33 am #

    oh no take it back it works on Win Server 2003, i was running it form a share.

  3. Nessy23 May 20, 2010 at 4:26 pm #

    I prefer to work on Mac and I use ProteMac Meter for it.

Leave a Reply