NetWitness Investigator

A raw network data analysis application that relies on the power of WinPcap to capture packets and then performs real-time contextual analysis of the data

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!

What's new in NetWitness Investigator

  • New! 802.11 support
  • New! Right-click custom actions
  • New! Windows 7 support
  • Captures raw packets live from most wired or wireless interfaces
Read full changelog
send us
an update
131.5 MB
NetWitness Corporation
4.6/5 5
C: \ Network Tools \ Network Monitoring
10 NetWitness Investigator Screenshots:
NetWitness Investigator - You can read the content of the imported PCAP or TCP file using the main window of NetWitness Investigator.NetWitness Investigator - Users can easily create a new local or a remote collection and import packet files to the current collection.NetWitness Investigator - The 'Edit' menu allows you to set capturing and importing rules or configure custom actions.NetWitness InvestigatorNetWitness InvestigatorNetWitness InvestigatorNetWitness InvestigatorNetWitness InvestigatorNetWitness InvestigatorNetWitness Investigator
NetWitness Investigator gathers network data captured by the RSA NetWitness network-monitoring platform, providing the tools you need to analyze packets and identify potential threats that might affect the functionality of the interconnected computers.

Making use of the WinPcap capture driver, this application can identify all packets that are transmitted throughout your network, also providing options for analyzing existing raw network data (PCAP, TCP, PCAP.GZ, TCP.GZ files).

The application can process the input file or the real-time captured data and generate complete security-related reports concerning various aspects, such as the informational risk, hostname aliases, source and destination addresses of each transferred packet, events and users, along with data on the connected computers (operating systems, languages, ports, network configurations etc.). Also, you can view the Ethernet source and destination and IP addresses.

Each dataset or capturing session is saved as a separate 'collection' of data, allowing you to easily navigate and manage items.

NetWitness Investigator supports rules for packet capturing and file importing and allows you to configure custom actions (for instance, to look for data on Google or send it to a whois service). Data collections can be easily exported to your computer for later use.

The integrated bookmark manager enables you to quickly access desired sessions, while the 'History' section enables you to search for a previous collection. Provided you have Google Earth installed, you can display the capture locations and the traffic flow on a map.

To summarize, NetWitness Investigator helps you get an overview on the data that travels throughout the network, in the attempt to identify possible threats. Its intelligible GUI, along with the analysis capabilities make it a great tool for network administrators.

NetWitness Investigator was reviewed by , last updated on January 31st, 2014

Runs on: Windows XP / Vista / 7 / 8 / 2003 / 2008

feature list requirements

#PCAP analysis #analyze packet #network analyzer #packet #analysis #investigate #analyze

Add your review!