Netresec naturbild

Network Forensics and
Network Security Monitoring

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Our most well known product is NetworkMiner, which is available in a professional as well as open source version. We also develop and maintain other software tools, such as CapLoader (for big pcap files) and RawCap (a lightweight sniffer).

We at Netresec additionally maintain a comprehensive list of publicly available pcap files.

Network Forensics Training in Stockholm

We are running a two-day Network Forensics class in Stockholm on 15-16th of September.

The Network Forensics class consists of a mix of theory and hands-on labs, where students will learn to analyze Full Packet Capture (FPC) files. The scenarios in the labs are primarily focused at network forensics for incident response, but are also relevant for law enforcement/internal security etc. where the network traffic of a suspect or insider is being monitored.

You can find more information about the class here: http://www.netresec.com/?page=Training

NetworkMiner logo

NetworkMiner

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.

CapLoader logo

CapLoader

CapLoader is a Windows tool designed to handle large amounts of captured network traffic in the tcpdump/libpcap format (PCAP). CapLoader displays the contents of opened PCAP files as a list of TCP and UDP flows. Users can select the flows of interest and quickly filter out those packets from the loaded PCAP files. Sending the selected flows/packets to a packet analyzer tool like Wireshark or NetworkMiner is then just a mouse click away.

RawCap logo

RawCap

RawCap is a tiny (23 kB) command line sniffer for Windows. You can sniff packets with RawCap without having special network drivers (like WinPcap) installed. No installation is required, just download RawCap.exe and start sniffing!


rss

Headlines from our Network Security Blog:


Rinse-Repeat Intrusion Detection
I am a long time skeptic when it comes to blacklists and other forms of signature based detection mechanisms. The information security industry has also declared the signature based anti-virus approach dead several times during the past 10 years. Yet, we still rely on anti-virus signatures, IDS rule[...]

Two-day Network Forensics Class in Stockholm
We are running a two-day Network Forensics class in Stockholm on 15-16th of September. Our class is held the days before the SEC-T conference, which is a great technical information security conference in Stockholm, and at the same venue (Nalen). Visitors can thereby plan 4 days of training and conf[...]

T-shirt : PCAP or it didn't happen
We received the first batch of our awesome 'PCAP or it didn't happen' T-shirts today! Want one for yourself? Simply send an email to sales@netresec.com and let us know: Your size: S / M / L / XL / XXLYour shipping address Tshirt specs:Color: BlackPrint: RJ45 socket in silver, 'PCAP or it didn't happ[...]

China's Man-on-the-Side Attack on GitHub
On March 27 The following message was posted on the official GitHub blog: We are currently experiencing the largest DDoS (distributed denial of service) attack in github.com's history. The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These inc[...]