NetworkMiner is a network forensics tool primarily developed for Windows OS's, but it actually runs just fine also in other operating systems with help of the Mono Framework. This guide shows how to install NetworkMiner in three different Linux distros (Ubuntu, Fedora and Arch Linux).
STEP 1: Install Mono
Ubuntu (also other Debian based distros like Xubuntu and Kali Linux)
sudo apt-get install libmono-system-windows-forms4.0-cilIf you're on an old version of Debian/Ubuntu (e.g. Ubuntu 14.04) then you first need to add the Mono Project GPG signing key and the package repository.
sudo apt-get install libmono-system-web4.0-cil
sudo apt-get install libmono-system-net-http4.0-cil
Fedora (credit Renegade0x6)
sudo yum -y install mono-core
sudo yum -y install mono-basic mono-winforms expect
ArchLinux (credit: Tyler Fisher)
sudo pacman -Sy mono
STEP 2: Install NetworkMiner
wget www.netresec.com/?download=NetworkMiner -O /tmp/nm.zip
sudo unzip /tmp/nm.zip -d /opt/
sudo chmod +x NetworkMiner.exe
sudo chmod -R go+w AssembledFiles/
sudo chmod -R go+w Captures/
STEP 3: Run NetworkMiner
NetworkMiner 1.2 running under Ubuntu Linux, with “day12-1.dmp” from the M57-Patents Scenario loaded.
Live sniffing with NetworkMiner
In order to capture packets (sniff traffic) in Linux you will have to use the “PCAP-over-IP” feature. NetworkMiner is, however, not really designed for packet capturing; it is primarily a tool for parsing and analyzing PCAP files containing previously sniffed traffic.
Posted by Erik Hjelmvik on Saturday, 01 February 2014 20:45:00 (UTC/GMT)