NETWORK MINER

NetworkMiner is mainly used to gain an overview of the network traffic and to grab the "low hanging fruit" (Looking for commonly used patterns such as ports & services used in enumeration & exploitation) before diving into deeper investigation with WireShark.

HOSTS SECTION

the "HOSTS" menu is an invaluable section which shows the identified hosts in the pcap file. it can identify the following:

  • IP address

  • MAC address

  • OS type

  • Open ports

  • Sent/Received packets

  • Incoming/Outgoing sessions

  • Host details

SESSION SECTION

this section shows detected sessions in the pcap file.

CREDENTIALS SECTION

this section shows extracted credentials and password hashes from investigated pcaps. below are a listing of credential sources that can be extracted by NetworkMiner

  • Kerberos hashes

  • NTLM hashes

  • RDP cookies

  • HTTP cookies

  • HTTP requests

  • IMAP

  • FTP

  • SMTP

  • MS SQL

PreviousNETWORK FORENSICSNextFILE SYSTEM

Last updated