Packet sniffing and analysis using NetworkMiner
NetworkMiner is a passive network sniffing or network forensic tool. It is called a passive tool as it does not send out requests—it sits silently on the network, capturing every packet in the promiscuous mode.
NetworkMiner is host-centric. This means that it will classify data based on hosts rather than packets, which is what most sniffers such as Wireshark do.
The different steps to NetworkMiner usage are as follows:
- Download and install the NetworkMiner.
- Then, configure it.
- Capture the data in NetworkMiner.
- Finally, analyze the data.
NetworkMiner is available for download at SourceForge: http://sourceforge.net/projects/networkminer/.
Though NetworkMiner is not as well known as it should be, it's host-centric approach is refreshingly different and effective. Allowing the users to classify traffic based on the IP addresses and not packets helps us to zero in on activities related to the specific computers that are under suspicion or...
