Netresec naturbild

Network Forensics and
Network Security Monitoring

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Our most well known product is NetworkMiner, which is available in a professional as well as open source version. We also develop and maintain other software tools, such as CapLoader (for big pcap files) and RawCap (a lightweight sniffer).

We at Netresec additionally maintain a comprehensive list of publicly available pcap files.

NetworkMiner logo


NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.

CapLoader logo


CapLoader is a Windows tool designed to handle large amounts of captured network traffic in the tcpdump/libpcap format (PCAP). CapLoader displays the contents of opened PCAP files as a list of TCP and UDP flows. Users can select the flows of interest and quickly filter out those packets from the loaded PCAP files. Sending the selected flows/packets to a packet analyzer tool like Wireshark or NetworkMiner is then just a mouse click away.

RawCap logo


RawCap is a tiny (23 kB) command line sniffer for Windows. You can sniff packets with RawCap without having special network drivers (like WinPcap) installed. No installation is required, just download RawCap.exe and start sniffing!


Headlines from our Network Security Blog:

Port Independent Protocol Detection
Our heavy-duty PCAP analyzer CapLoader comes with a feature called 'Port Independent Protocol Identification', a.k.a. PIPI (see Richard Bejtlich's PIPI blog post from 2006). Academic research in the Traffic Measurement field often use the term 'Traffic Classification', which is similar but not the s[...]

CapLoader 1.3 Released
A new version of our heavy-duty PCAP parser tool CapLoader is now available. There are many new features and improvements in this release, such as the ability to filter flows with BPF, domain name extraction via passive DNS parser and matching of domain names against a local white list. Filtering wi[...]

Covert Man-on-the-Side Attacks
After Edward Snowden exposed NSA's Man-on-the-Side attack capabilities we've started to see IDS signatures that can detect such attacks being released and re-discovered. However, despite these efforts Man-on-the-Side attacks, such as QUANTUM INSERT, can still be carried out without triggering these[...]

Rinse-Repeat Intrusion Detection
I am a long time skeptic when it comes to blacklists and other forms of signature based detection mechanisms. The information security industry has also declared the signature based anti-virus approach dead several times during the past 10 years. Yet, we still rely on anti-virus signatures, IDS rule[...]

Two-day Network Forensics Class in Stockholm
We are running a two-day Network Forensics class in Stockholm on 15-16th of September. Our class is held the days before the SEC-T conference, which is a great technical information security conference in Stockholm, and at the same venue (Nalen). Visitors can thereby plan 4 days of training and conf[...]

T-shirt : PCAP or it didn't happen
We received the first batch of our awesome 'PCAP or it didn't happen' T-shirts today! Want one for yourself? Simply send an email to and let us know: Your size: S / M / L / XL / XXLYour shipping address Tshirt specs:Color: BlackPrint: RJ45 socket in silver, 'PCAP or it didn't happ[...]

China's Man-on-the-Side Attack on GitHub
On March 27 The following message was posted on the official GitHub blog: We are currently experiencing the largest DDoS (distributed denial of service) attack in's history. The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These inc[...]