Our Products


NetworkMiner logo

NetworkMiner

NetworkMiner is a popular network forensics tool that can parse pcap files as well as perform live sniffing of network traffic on Ethernet and WiFi networks.

NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

NetworkMiner has, since the first release in 2007, become a popular tool among incident response teams as well as law enforcement. NetworkMiner is today used by companies and organizations all over the world.


CapLoader logo

CapLoader

CapLoader is a Windows tool designed to handle large amounts of captured network traffic in the tcpdump/libpcap format (PCAP). CapLoader displays the contents of opened PCAP files as a list of TCP and UDP flows. Users can select the flows of interest and quickly filter out those packets from the loaded PCAP files. Sending the selected flows/packets to a packet analyzer tool like Wireshark or NetworkMiner is then just a mouse click away.

CapLoader is the ideal tool to use when handling big data PCAP files in sizes up to many gigabytes (GB). The contents of individual flows can be exported to tools like Wireshark and NetworkMiner in just a matter of seconds after having loaded one or multiple large PCAP files.


PacketCache logo

PacketCache

PacketCache is a free Windows service designed to continuously monitor the network interfaces of a computer and store the captured packets in memory (RAM).

The idea is to make full-content packets available for post-event incident response and network forensic analysis. PacketCache can be used either as a complement to solutions for centralized network packet capturing, or without any other network monitoring solution in place.


RawCap logo

RawCap

RawCap is a tiny command line sniffer for Windows. You can sniff packets with RawCap without having special network drivers (like WinPcap) installed.

RawCap also has the unique ability to capture packets from localhost (127.0.0.1) on Windows.


findject logo

findject.py

Findject is a simple pyhton script that can find injected TCP packets in HTTP sessions, such as the QUANTUMINSERT Man-on-the-Side (MOTS) attacks.

SPID

The Statistical Protocol IDentification (SPID) tool is a proof-of-concept (PoC) of how the SPID algorithm can be used in order to identify application layer protocols based on statistical measurements rather than port numbers. SPID PoC can even be used to identify obfuscated protocols as shown in the technical report "Breaking and Improving Protocol Obfuscation".

SplitCap

SplitCap is a command line tool designed to split large PCAP files into smaller ones, where each IP address or even individual session will be placed in a separate PCAP file. SplitCap can also be used to perform fast filtering of pcap files based on TCP or UDP port numbers.

SPID

The Statistical Protocol IDentification (SPID) tool is a proof-of-concept (PoC) of how the SPID algorithm can be used in order to identify application layer protocols based on statistical measurements rather than port numbers. SPID PoC can even be used to identify obfuscated protocols as shown in the technical report "Breaking and Improving Protocol Obfuscation".

PCAP T-shirt

PCAP T-shirt

T-shirt specs:

  • Color: Black
  • Print: RJ45 socket in silver, "PCAP or it didn't happen" in white
  • Fabric: 100% cotton