NetWitness Investigator9.7.5.9

131.5 MB   7,997 downloads
100% CLEAN Freeware    
4.6/5 7
A raw network data analysis application that relies on the power of WinPcap to capture packets and then performs real-time contextual analysis of the data

editor's review





NetWitness Investigator gathers network data captured by the RSA NetWitness network-monitoring platform, providing the tools you need to analyze packets and identify potential threats that might affect the functionality of the interconnected computers.

Making use of the WinPcap capture driver, this application can identify all packets that are transmitted throughout your network, also providing options for analyzing existing raw network data (PCAP, TCP, PCAP.GZ, TCP.GZ files).

The application can process the input file or the real-time captured data and generate complete security-related reports concerning various aspects, such as the informational risk, hostname aliases, source and destination addresses of each transferred packet, events and users, along with data on the connected computers (operating systems, languages, ports, network configurations etc.). Also, you can view the Ethernet source and destination and IP addresses.

Each dataset or capturing session is saved as a separate 'collection' of data, allowing you to easily navigate and manage items.

NetWitness Investigator supports rules for packet capturing and file importing and allows you to configure custom actions (for instance, to look for data on Google or send it to a whois service). Data collections can be easily exported to your computer for later use.

The integrated bookmark manager enables you to quickly access desired sessions, while the 'History' section enables you to search for a previous collection. Provided you have Google Earth installed, you can display the capture locations and the traffic flow on a map.

To summarize, NetWitness Investigator helps you get an overview on the data that travels throughout the network, in the attempt to identify possible threats. Its intelligible GUI, along with the analysis capabilities make it a great tool for network administrators.

NetWitness Investigator was reviewed by Mihaela Teodorovici
Last updated on January 31st, 2014
NetWitness Investigator - You can read the content of the imported PCAP or TCP file using the main window of NetWitness Investigator.NetWitness Investigator - Users can easily create a new local or a remote collection and import packet files to the current collection.NetWitness Investigator - The 'Edit' menu allows you to set capturing and importing rules or configure custom actions.NetWitness Investigator - screenshot #4NetWitness Investigator - screenshot #5NetWitness Investigator - screenshot #6NetWitness Investigator - screenshot #7NetWitness Investigator - screenshot #8NetWitness Investigator - screenshot #9NetWitness Investigator - screenshot #10

top FREE alternatives

0 User reviews so far.