Netresec naturbild

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Our most well known product is NetworkMiner, which is available in a professional as well as open source version. We also develop and maintain other software tools, such as CapLoader (for big pcap files) and RawCap (a lightweight sniffer).

We at Netresec additionally maintain a comprehensive list of publicly available pcap files.

NetworkMiner logo

NetworkMiner

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.

CapLoader logo

CapLoader

CapLoader is a Windos tool designed to handle large amounts of captured network traffic in the tcpdump/libpcap format (PCAP). CapLoader displays the contents of opened PCAP files as a list of TCP and UDP flows. Users can select the flows of interest and quickly filter out those packets from the loaded PCAP files. Sending the selected flows/packets to a packet analyzer tool like Wireshark or NetworkMiner is then just a mouse click away.

RawCap logo

RawCap

RawCap is a tiny (23 kB) command line sniffer for Windows. You can sniff packets with RawCap without having special network drivers (like WinPcap) installed. No installation is required, just download RawCap.exe and start sniffing!


rss

Headlines from our Network Security Blog:


Keyword Search in PCAP files
A new function in the free version of CapLoader 1.2 is the "Find Keyword" feature. This keyword search functionality makes it possible to seek large capture files for a string or byte pattern super fast! You might say, so what? PCAP string search can already be done with tools like tcpflow, ngrep a[...]

Carving Network Packets from Memory Dump Files
A new feature in the recently released CapLoader 1.2 is the ability to carve network packets from any file and save them in the PCAP-NG format. This fusion between memory forensics and network forensics makes it possible to extract sent and received IP frames, with complete payload, from RAM dumps[...]

Search and Carve Packets with CapLoader 1.2
CapLoader version 1.2 was released today, with lots of new powerful features. The most significant additions in CapLaoder 1.2 are: Network packet carving, i.e. the ability to carve full content network packets from RAM dumps, disk images etc. Flows can be hidden/filtered in the user interface. Full[...]

HowTo install NetworkMiner in Ubuntu Fedora and Arch Linux
NetworkMiner is a network forensics tool primarily developed for Windows OS's, but it actually runs just fine also in other operating systems with help of the Mono Framework. This guide shows how to install NetworkMiner in three different Linux distros (Ubuntu, Fedora and Arch Linux). STEP 1: Insta[...]

Command-line Forensics of hacked PHP.net
Update: October 29@StopMalvertisin recently published a great blog post that covered the five binaries that were served with help of the PHP.net compromise. We've therefore updated this blog post with a few of their findings in order to give a more complete picture of the events. The good people fro[...]

DNS whitelisting in NetworkMiner
One of the new features in NetworkMiner Professional 1.5 is the ability to check if domain names in DNS requests/responses are “normal” or malicious ones. This lookup is performed offline using a local copy of Alexa's top 1 million domain name list. We got the idea for this feature via Jarno Niemel[...]