Netresec naturbild

Network Forensics and
Network Security Monitoring

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Our most well known product is NetworkMiner, which is available in a professional as well as free open source version. We also develop and maintain other software tools, such as CapLoader (for big pcap files) and RawCap (a lightweight sniffer).

We at Netresec additionally maintain a comprehensive list of publicly available pcap files.

NetworkMiner logo

NetworkMiner

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.

CapLoader logo

CapLoader

CapLoader is a Windows tool designed to handle large amounts of captured network traffic in the tcpdump/libpcap format (PCAP). CapLoader displays the contents of opened PCAP files as a list of TCP and UDP flows. Users can select the flows of interest and quickly filter out those packets from the loaded PCAP files. Sending the selected flows/packets to a packet analyzer tool like Wireshark or NetworkMiner is then just a mouse click away.

RawCap logo

RawCap

RawCap is a tiny (23 kB) command line sniffer for Windows. You can sniff packets with RawCap without having special network drivers (like WinPcap) installed. No installation is required, just download RawCap.exe and start sniffing!


rss

Headlines from our Network Security Blog:


Detecting Periodic Flows with CapLoader 1.4
I am happy to announce a new release of our super-fast PCAP handling tool CapLoader! One of the new features in CapLoader makes it even easier to detect malicious network traffic without having to rely on blacklists, such as IDS signatures. The new version of CapLoader includes new features such as:[...]

Packet Injection Attacks in the Wild
I have previously blogged about packet injection attacks, such as the Chinese DDoS of GitHub and Covert Man-on-the-Side Attacks. However, this time I've decided to share some intelligence on real-world packet injection attacks that have been running for several months and that are still active today[...]

Analyzing Web Browsing Activity
One of the features included in the newly released version 2.0 of NetworkMiner Professional is a new tab called 'Browsers'. This tab shows web browsing requests and reponses in a hierarchical tree view, with the identified web browsers as root nodes. The idea of tracking browser activity this way wa[...]

NetworkMiner 2.0 Released
I'm proud to announce the release of NetworkMiner 2.0 today! There are several longed-for features that are part of this major release, such as: SMB/CIFS parser now supports file extraction from SMB write operations.Added parser for SMB2 protocol (read and write). Additional IEC-104 commands impleme[...]