HowTo install NetworkMiner in Ubuntu Fedora and Arch Linux

NetworkMiner Loves Linux NetworkMiner is a network forensics tool primarily developed for Windows OS's, but it actually runs just fine also in other operating systems with help of the Mono Framework. This guide shows how to install NetworkMiner in three different Linux distros (Ubuntu, Fedora and Arch Linux).

STEP 1: Install Mono

Ubuntu (also other Debian based distros like Xubuntu and Kali Linux)

sudo apt-get install libmono-system-windows-forms4.0-cil
sudo apt-get install libmono-system-web4.0-cil
sudo apt-get install libmono-system-net4.0-cil
sudo apt-get install libmono-system-runtime-serialization4.0-cil
sudo apt-get install libmono-system-xml-linq4.0-cil

Fedora (credit Renegade0x6)

sudo yum -y install mono-core
sudo yum -y install mono-basic mono-winforms expect

ArchLinux (credit: Tyler Fisher)

sudo pacman -Sy mono

Verify that you have installed Mono version 5 or later with "mono --version".

mono --version
Mono JIT compiler version 5.18.0.240 (Debian 5.18.0.240+dfsg-2ubuntu2 Wed Apr 17 23:39:09 UTC 2019)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
    TLS:           __thread
    SIGSEGV:       altstack
    Notifications: epoll
    Architecture:  amd64
    Disabled:      none
    Misc:          softdebug
    Interpreter:   yes
    LLVM:          supported, not enabled.
    Suspend:       preemptive
    GC:            sgen (concurrent by default)

The example output above shows Mono 5.18.0.240 is installed, so we're good to go. But if you're stuck on Mono 4.x or wasn't able to install Mono at all from your package manager, then please resort to the "Installing Mono Manually" section below.

Installing Mono Manually
Users of most Linux flavors as well as macOS can download and install the latest stable release of the Mono Framwork from here:
https://www.mono-project.com/download/stable/


STEP 2: Install NetworkMiner

wget https://www.netresec.com/?download=NetworkMiner -O /tmp/nm.zip
sudo unzip /tmp/nm.zip -d /opt/
cd /opt/NetworkMiner*
sudo chmod +x NetworkMiner.exe
sudo chmod -R go+w AssembledFiles/
sudo chmod -R go+w Captures/

Note: If you still haven't installed Mono 5 and "Installing Mono Manually" wasn't a viable option, then the latest NetworkMiner release is not for you. Please download NetworkMiner 2.4 instead, which works fine also with older versions of Mono. You can find NetworkMiner 2.4 here:

https://www.netresec.com/?download=NetworkMiner_2-4


STEP 3: Run NetworkMiner

mono NetworkMiner.exe --noupdatecheck

NetworkMiner in Ubuntu Linux
NetworkMiner 1.2 running under Ubuntu Linux, with “day12-1.dmp” from the M57-Patents Scenario loaded.

Live CD's

Another way to try out NetworkMiner in Linux is to spin up one of the Live CD's that has the tool installed, such as Security Onion, REMnux or NST.

Live sniffing with NetworkMiner

In order to capture packets (sniff traffic) in Linux you will have to use the “PCAP-over-IP” feature. NetworkMiner is, however, not really designed for packet capturing; it is primarily a tool for parsing and analyzing PCAP files containing previously sniffed traffic.

We recommend using other tools such as tcpdump, dumpcap or netsniff-ng in order to reliably capture packets to a PCAP file. You can read more on how to sniff traffic in our Sniffing Tutorial.

Posted by Erik Hjelmvik on Saturday, 01 February 2014 20:45:00 (UTC/GMT)

Tags: #NetworkMiner #Linux #mono #network forensics

More... Share  |  Facebook   Twitter   Reddit   Hacker News Short URL: https://netresec.com/?b=142AA47

twitter

NETRESEC on Twitter

Follow @netresec on twitter:
» twitter.com/netresec


book

Recommended Books

» The Practice of Network Security Monitoring, Richard Bejtlich (2013)

» Applied Network Security Monitoring, Chris Sanders and Jason Smith (2013)

» Network Forensics, Sherri Davidoff and Jonathan Ham (2012)

» The Tao of Network Security Monitoring, Richard Bejtlich (2004)

» Practical Packet Analysis, Chris Sanders (2017)

» Windows Forensic Analysis, Harlan Carvey (2009)

» TCP/IP Illustrated, Volume 1, Kevin Fall and Richard Stevens (2011)

» Industrial Network Security, Eric D. Knapp and Joel Langill (2014)