NetworkMiner

NetworkMiner has been created as a network tool that can be used for forensic analysis that can be used on multiple platforms.

Its purpose is to detect operating systems, host names, sessions, or open ports without sending any traffic into the network.

Basically is works as a passive network sniffing tool and it does not capture network traffic. However, it can be used for parsing Pcap files for offline forensic analysis of the traffic.

Installing the application is a simple job that can be completed by any type of user, regardless of their computer knowledge.

The interface does not feature any bells and whistles and provides the means for immediate capture of the information. Suffice to select the network card and start the session and data about the hosts is immediately pulled in.

It should show the number of hosts detected and for each of them there are details such as the IP and MAC addresses, the host name, operating system available, TCP ports that are open and the TTL (time to live) value.

The hosts can be organized in various ways so that they are grouped according to the desired relevance.

If all the details have been obtained the screen of the application can be cleared in order to make room for new information. There is no configuration panel to enable setting up the application for other tasks.

NetworkMiner is not difficult to work with, but understanding some of the information it makes available requires some network knowledge. It is not a sniffing tool for network traffic but it can work with offline Pcap data.