Netresec naturbild

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Our most well known product is NetworkMiner, which is available in a professional as well as open source version. We also develop and maintain other software tools, such as CapLoader (for big pcap files) and RawCap (a lightweight sniffer).

We at Netresec additionally maintain a comprehensive list of publicly available pcap files.

NetworkMiner logo


NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.

CapLoader logo


CapLoader is a Windos tool designed to handle large amounts of captured network traffic in the tcpdump/libpcap format (PCAP). CapLoader displays the contents of opened PCAP files as a list of TCP and UDP flows. Users can select the flows of interest and quickly filter out those packets from the loaded PCAP files. Sending the selected flows/packets to a packet analyzer tool like Wireshark or NetworkMiner is then just a mouse click away.

RawCap logo


RawCap is a tiny (23 kB) command line sniffer for Windows. You can sniff packets with RawCap without having special network drivers (like WinPcap) installed. No installation is required, just download RawCap.exe and start sniffing!


Headlines from our Network Security Blog:

Analysis of Chinese MITM on Google
The Chinese are running a MITM attack on SSL encrypted traffic between Chinese universities and Google. We've performed technical analysis of the attack, on request from, and can confirm that it is a real SSL MITM against and that it is being performed from within China[...]

Running NetworkMiner on Mac OS X
The following is a guest blog post written by Jonas Lejon from the Swedish IT security company Triop, which specialize in crypto, reverse engineering and penetration testing. This guide describes how to get NetworkMiner running on Mac OS X Mavericks (version 10.9.3). First of all, download NetworkM[...]

NetworkMiner 1.6 Released
We've released version 1.6 of NetworkMiner today! Image credits: Confetti in Toronto by Winnie Surya The new features in NetworkMiner 1.6 include: Drag-and-DropReassembled files and images can be opened with external tools by drag-and-dropping items from NetworkMiner's Files or Images tabs onto you[...]

PCAP or it didn't happen
The phrase "PCAP or it didn't happen" is often used in the network security field when someone want proof that an attack or compromise has taken place. One such example is the recent OpenSSL heartbleed vulnerability, where some claim that the vulnerability was known and exploited even before it was[...]

Keyword Search in PCAP files
A new function in the free version of CapLoader 1.2 is the "Find Keyword" feature. This keyword search functionality makes it possible to seek large capture files for a string or byte pattern super fast! You might say, so what? PCAP string search can already be done with tools like tcpflow, ngrep a[...]

Carving Network Packets from Memory Dump Files
A new feature in the recently released CapLoader 1.2 is the ability to carve network packets from any file and save them in the PCAP-NG format. This fusion between memory forensics and network forensics makes it possible to extract sent and received IP frames, with complete payload, from RAM dumps[...]