Experts in network security monitoring and network forensics NETRESEC

Welcome to NETRESEC

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Our most well known product is NetworkMiner, which is available in a professional as well as open source version. We also develop and maintain other software tools, such as RawCap, SplitCap (a tool for splitting pcap files into one per session) and SPID (a "Port Independent Protocol Identification" tool for identifying the application layer protocol in a TCP or UDP session).

NetworkMiner

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.

CapLoader

CapLoader is a Windos tool designed to handle large amounts of captured network traffic in the tcpdump/libpcap format (PCAP). CapLoader displays the contents of opened PCAP files as a list of TCP and UDP flows. Users can select the flows of interest and quickly filter out those packets from the loaded PCAP files. Sending the selected flows/packets to a packet analyzer tool like Wireshark or NetworkMiner is then just a mouse click away.

RawCap

RawCap is a tiny (17 kB) command line sniffer for Windows. You can sniff packets with RawCap without having special network drivers (like WinPcap) installed. No installation is required, just download RawCap.exe and start sniffing!

---

From the NETRESEC Network Security Blog

CapLoader Video Tutorial
Below is a short video tutorial showing some of the cool features in CapLoader 1.0. The functionality showed in the video includes: Loading multiple pcap files into a single flow view Port Independent Protocol Identification (PIPI) Fast extraction of packets related to one or several flows Exportin[...]

NetworkMiner 1.3 Released
NetworkMiner 1.3 was released earlier today, and there was much rejoicing! HTTP Digest credentials from USCC's web_recon.pcap and hmi_web_recon.pcap Some of the features added to this new release of NetworkMiner include: Extraction of user names from HTTP Digest Authentication (RFC 2617), such as th[...]

Fast analysis of large pcap files with CapLoader
Are you working with large pcap files and need to see the “whole picture” while still being able to quickly drill down to individual packets for a TCP or UDP flow? Then this is your lucky day, since we at Netresec are releasing our new tool CapLoader today! Here are the main features of CapLoader:[...]

Security Onion includes NetworkMiner
Doug Burks released a new ISO of his popular IDS/NSM Linux distro "Security Onion" a couple of days ago. This new ISO includes an installation of NetworkMiner straight out of the box. You can retrieve the Live install CD of Security Onion here: http://sourceforge.net/projects/security-onion/files/s[...]

No more Wine - NetworkMiner in Linux with Mono
NetworkMiner is a network forensics tool that is primarily designed to run under Windows. But it is now (as of version 1.2 of NetworkMiner) also possible to run NetworkMiner on non-Windows OS's like Linux, Mac, FreeBSD etc. with help of Mono. This means that there is no longer any need to run Networ[...]

REMnux now includes NetworkMiner
Lenny Zeltser recently released version 3 of his Reverse-Engineering Malware Linux distro REMnux. Here are a few of the improvements in REMnux 3 compared to the previous version: The REMnux distro is now based on UbuntuUpdated versions of Volatility and OrigamiNetworkMiner is included for forensic a[...]

Richard, Russ and Adrian trying NetworkMiner Professional
I recently sent out a copy of NetworkMiner Professional to three persons, who I respect for their contributions to different parts of the IT security community. NetworkMiner Professional USB flash drive All three persons have now publicly shared their experiences from analyzing network traffic with[...]

NetworkMiner 1.2 Released
NetworkMiner 1.2 is now available! For those who are not familiar with the network forensics tool NetworkMiner, it's a portable Windows application that analyzes network traffic. NetworkMiner comes in two flavors; a free open source version and a commercial version called “NetworkMiner Professional”[...]

Passive OS Fingerprinting
Network traffic from a computer can be analyzed to detect what operating system it is running. This is to a large extent due to differences in how the TCP/IP stack is implemented in various operating systems. We will in this blog post explain the different methods that can be used to identify what o[...]

© 2010-2011 NETRESEC AB | Contact Us | Privacy | RSS