Netresec naturbild

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Our most well known product is NetworkMiner, which is available in a professional as well as open source version. We also develop and maintain other software tools, such as CapLoader (for big pcap files) and RawCap (a lightweight sniffer).

We at Netresec additionally maintain a comprehensive list of publicly available pcap files.

NetworkMiner logo

NetworkMiner

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.

CapLoader logo

CapLoader

CapLoader is a Windos tool designed to handle large amounts of captured network traffic in the tcpdump/libpcap format (PCAP). CapLoader displays the contents of opened PCAP files as a list of TCP and UDP flows. Users can select the flows of interest and quickly filter out those packets from the loaded PCAP files. Sending the selected flows/packets to a packet analyzer tool like Wireshark or NetworkMiner is then just a mouse click away.

RawCap logo

RawCap

RawCap is a tiny (23 kB) command line sniffer for Windows. You can sniff packets with RawCap without having special network drivers (like WinPcap) installed. No installation is required, just download RawCap.exe and start sniffing!


rss

Headlines from our Network Security Blog:


Full Disclosure of Havex Trojans
I did a presentation at the 4SICS conference last week, where I disclosed the results from my analysis of the Havex RAT/backdoor (slides available here). The Havex backdoor is developed and used by a hacker group called Dragonfly, who are also known as "Energetic Bear" and "Crouching Yeti". Dragonf[...]

Chinese MITM Attack on iCloud
Users in China are reporting a MITM attacks on SSL connections to iCloud. GreatFire.org, who monitor the Great Firewall of China (GFW), also published a blog post on their website earlier today saying: This is clearly a malicious attack on Apple in an effort to gain access to usernames and password[...]

Verifying Chinese MITM of Yahoo
GreatFire.org sent out a tweet yesterday saying that “Yahoo appears to under Man-in-the-middle attack in China. 3rd case of country-wide MITM, after Google, Github”. Mashable later ran a story called “China Appears to Attack Yahoo in Latest Censorship of Hong Kong Protests”, where Lorenzo Francesch[...]

Analysis of Chinese MITM on Google
The Chinese are running a MITM attack on SSL encrypted traffic between Chinese universities and Google. We've performed technical analysis of the attack, on request from GreatFire.org, and can confirm that it is a real SSL MITM against www.google.com and that it is being performed from within China[...]

Running NetworkMiner on Mac OS X
The following is a guest blog post written by Jonas Lejon from the Swedish IT security company Triop, which specialize in crypto, reverse engineering and penetration testing. This guide describes how to get NetworkMiner running on Mac OS X Mavericks (version 10.9.3). First of all, download NetworkM[...]

NetworkMiner 1.6 Released
We've released version 1.6 of NetworkMiner today! Image credits: Confetti in Toronto by Winnie Surya The new features in NetworkMiner 1.6 include: Drag-and-DropReassembled files and images can be opened with external tools by drag-and-dropping items from NetworkMiner's Files or Images tabs onto you[...]

PCAP or it didn't happen
The phrase "PCAP or it didn't happen" is often used in the network security field when someone want proof that an attack or compromise has taken place. One such example is the recent OpenSSL heartbleed vulnerability, where some claim that the vulnerability was known and exploited even before it was[...]