NetworkMiner 1.5 was released on August 7th, but we haven't yet provided any details regarding the new functionality that has been added.
NetworkMiner (free edition)
New features in the free and open source version of NetworkMiner:
- Parser for PPPoE (RFC 2615)
- Keywords can be loaded from text file (useful in investigations where you have lots of strings to search for)
- Support for LLMNR DNS (RFC 4795) queries over UDP 5355
The professional version of NetworkMiner additionally contains the following new features:
- NetworkMinerCLI generates a Keywords CSV file when one or several keywords are detected
- NetworkMinerCLI can read a custom keyword list and cleartext dictionary from file using command line arguments
- Parsing of PcapNG (aka pcap-ng) files
- Extraction of metadata from PcapNG files (including stored name resolution blocks)
- Alexa top 1M check for DNS responses
DNS tab in NetworkMiner Professional with eee.pcapng from CloudShark loaded.
Metadata window in NetworkMiner Professional
In order to bring up the metadata window, simply right-click a PcapNG file in NetworkMiner's case panel and select "Show Metadata". The extracted metadata will normally contain info about the machine used to create the capture file, such as the OS and what sniffer that was used. Also, please note that some PcapNG files additionally contain name resolution blocks with cached DNS entries even if the corresponding traffic has been filtered from the capture file.
We hope you will find these new features useful!
Posted by Erik Hjelmvik on Sunday, 15 September 2013 21:03:00 (UTC/GMT)