NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer / packet capturing tool in order to detect operating systems, sessions, hostnames, open ports, etc., without putting any traffic on the network.
Parse PCAP files for off-line analysis and regenerate / reassemble transmitted files or certificates from PCAP files.
Note: If you want to take advantage of all the features the program offers you can purchase NetworkMiner Professional.
Here are some key features of "NetworkMiner":
- Live sniffing
- Parse PCAP files
- OS Fingerprinting
- PCAP parsing speed - 0.581 MB/s
- New features in the free and open source version of NetworkMiner:
- Parser for PPPoE (RFC 2615)
- Keywords can be loaded from text file (useful in investigations where you have lots of strings to search for)
- Support for LLMNR DNS (RFC 4795) queries over UDP 5355