NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network.
NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network.
The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).
Version 2.0 comes with new features:
- SMB/CIFS parser now supports file extraction from SMB write operations
- Added parser for SMB2 protocol (read and write)
- Additional IEC-104 commands implemented
- Added Modbus/TCP parser
- Improved SMTP parser
- Improved FTP parser
- Improved DNS parser
- GUI flickering is heavily reduced when loading PCAP files or doing live sniffing
- Extraction of web server favicon images.