This guide describes how to get NetworkMiner running on Mac OS X Mavericks (version 10.9.3).
After the download of “Mono MRE installer” has completed, just run the installer:
Press “Continue” to proceed installing the Mono Framework using the guided installer.
When the Mono Framework has been installed you can extract the downloaded NetworkMiner zip archive. Then start NetworkMiner from the terminal like this:
$ mono NetworkMiner.exe
Live sniffing with NetworkMiner on Mac OS X
Live sniffing with WinPcap or Raw Sockets is only available when running NetworkMiner in Windows.
However, live sniffing can still be achieved on Mac OSX (as well as in Linux) by using the PCAP-over-IP functionality.
Press the “Start Receiving” button and then use tcpdump to do live sniffing and forward all captured packets to NetworkMiner like this:
$ sudo tcpdump -i en0 -s0 -U -w - | nc localhost 57012
The preferred way to use NetworkMiner is, however, to load previously captured packets in a PCAP file and let NetworkMiner dig out all interesting details like transmitted files, images, messages, SSL certificates etc.
Posted by Jonas Lejon on Tuesday, 24 June 2014 21:25:00 (UTC/GMT)