Table of Contents

NetworkMiner Professional: A Powerful Network Forensics Tool

NetworkMiner Professional is a commercial version of the open source network forensics tool NetworkMiner. It can extract artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files or by sniffing live network traffic. It can also identify the operating system, hostname and open ports of network hosts, as well as perform offline lookups of JA3 hashes and TLS certificates to detect malware or botnet activity.

One of the unique features of NetworkMiner Professional is its packet carver, which can extract network packets from memory dumps and proprietary packet capture formats. This can be useful for forensic analysis of compromised systems or malware infections. NetworkMiner Professional can also extract meterpreter payloads from reverse shell TCP sessions deployed with Metasploit, which can help identify the attacker’s tools and techniques.

NetworkMiner Professional is designed to run in Windows, but can also be used in Linux. It has a user-friendly graphical interface that displays detailed information about each IP address in the analyzed network traffic, as well as a host inventory that can be used for passive asset discovery. NetworkMiner Professional also supports exporting data to CSV, Excel, XML, CASE and JSON-LD formats for further analysis or reporting.

If you are looking for a powerful and versatile network forensics tool that can help you investigate network incidents, monitor network activity or perform ethical hacking tests, then you should consider NetworkMiner Professional. You can buy it for $1200 USD from Netresec’s website[^1^], where you can also download a free trial version and learn more about its features and capabilities.

How NetworkMiner Professional Works

NetworkMiner Professional works by analyzing network packets and extracting various types of information from them. It can parse PCAP, PcapNG and ETL files, as well as capture live network traffic by sniffing a network interface. It can also receive Pcap-over-IP from other tools or devices. NetworkMiner Professional can decapsulate GRE, 802.1Q, PPPoE, VXLAN, OpenFlow, SOCKS, MPLS, EoMPLS and ERSPAN packets to extract the underlying data.

NetworkMiner Professional uses port-independent protocol identification (PIPI) to detect and decode various protocols, such as DNS, FTP, HTTP, HTTP2, IRC, Meterpreter, NetBIOS, SMB, SMTP, POP3, IMAP and SSL. It can extract files from these protocols and save them to disk for further examination. It can also extract X.509 certificates from SSL encrypted traffic and match them against a local copy of the abuse.ch SSL certificate blacklist to identify malicious or suspicious hosts.

NetworkMiner Professional can also extract audio streams from VoIP calls and play them back for listening. It can perform OS fingerprinting based on databases from Satori and p0f to determine the operating system of network hosts. It can also extract JA3 and JA3S hashes from TLS client and server hello messages and match them against a local copy of the abuse.ch JA3 fingerprint blacklist to identify malware or botnet activity.

Why Choose NetworkMiner Professional

NetworkMiner Professional is a network forensics tool that offers many advantages over other tools in the market. Some of the reasons why you should choose NetworkMiner Professional are:

• It is easy to use and does not require any installation or configuration.
• It supports both offline and online analysis of network traffic.
• It can handle large volumes of data and process them quickly.
• It can extract a wide range of artifacts from network traffic and display them in a structured and organized way.
• It can identify malicious or suspicious hosts based on offline lookups of JA3 hashes and TLS certificates.
• It can carve packets from memory dumps and proprietary packet capture formats.
• It can extract meterpreter payloads from reverse shell TCP sessions.
• It can export data to various formats for further analysis or reporting.

NetworkMiner Professional is a network forensics tool that can help you with various tasks, such as incident response, malware analysis, ethical hacking, penetration testing, network monitoring and auditing. It is a tool that you should have in your arsenal if you are a network security professional or enthusiast.