There are many Network Forensic Analysis Tools (NFAT) currently available. NetworkMiner is a powerful tool that has many features that are not as well implemented in other tools. Among these features are: NetworkMiner allows you to parse libcap files or to do a live packet capture of the network traffic. NetworkMiner also allows you to reconstruct FTP, SMB, HTTP, and TFTP data streams so that you can see a comprehensive view of what data was being sent over the network.  

Core FeaturesEdit

NetworkMiner can allow you to do the following:

  • Capture data from several different network interfaces
  • View the credential data of the connections
  • Use the DNS info to see what sites people are accessing
  • Search for keywords (string, or hex) within the packets
  • See all clear text that it monitored
  • Recontruct and view files that were transfered based on the data stream
  • Create thumbnails of all the images that were sent over the network for easy monitoring
  • It is a passive tool. It doesn't actively target devices on the network
  • Capture and view frame data about the packets
  • Passive OS detection
  • And much more