NETWORK MINER
Last updated
Last updated
NetworkMiner is mainly used to gain an overview of the network traffic and to grab the "low hanging fruit" (Looking for commonly used patterns such as ports & services used in enumeration & exploitation) before diving into deeper investigation with WireShark.
the "HOSTS" menu is an invaluable section which shows the identified hosts in the pcap file. it can identify the following:
IP address
MAC address
OS type
Open ports
Sent/Received packets
Incoming/Outgoing sessions
Host details
this section shows detected sessions in the pcap file.
Kerberos hashes
NTLM hashes
RDP cookies
HTTP cookies
HTTP requests
IMAP
FTP
SMTP
MS SQL
this section shows extracted credentials and password from investigated pcaps. below are a listing of credential sources that can be extracted by NetworkMiner
