NETRESEC Network Security Blog - Tag : Ubuntu


HowTo install NetworkMiner in Ubuntu Fedora and Arch Linux

NetworkMiner Loves Linux NetworkMiner is a network forensics tool primarily developed for Windows OS's, but it actually runs just fine also in other operating systems with help of the Mono Framework. This guide shows how to install NetworkMiner in three different Linux distros (Ubuntu, Fedora and Arch Linux).

STEP 1: Install Mono

Ubuntu (also other Debian based distros like Xubuntu and Kali Linux)

sudo apt-get install libmono-system-windows-forms4.0-cil
sudo apt-get install libmono-system-web4.0-cil
sudo apt-get install libmono-system-net4.0-cil
sudo apt-get install libmono-system-runtime-serialization4.0-cil
sudo apt-get install libmono-system-xml-linq4.0-cil
If you're on an old version of Debian/Ubuntu (e.g. Ubuntu 14.04) then you first need to add the Mono Project GPG signing key and the package repository.

Fedora (credit Renegade0x6)

sudo yum -y install mono-core
sudo yum -y install mono-basic mono-winforms expect

ArchLinux (credit: Tyler Fisher)

sudo pacman -Sy mono

Other Operating Systems
Users of other Linux flavors as well as Mac OS X can download and install the Mono Framwork from www.mono-project.com/Downloads


STEP 2: Install NetworkMiner

wget www.netresec.com/?download=NetworkMiner -O /tmp/nm.zip
sudo unzip /tmp/nm.zip -d /opt/
cd /opt/NetworkMiner*
sudo chmod +x NetworkMiner.exe
sudo chmod -R go+w AssembledFiles/
sudo chmod -R go+w Captures/

STEP 3: Run NetworkMiner

mono NetworkMiner.exe

NetworkMiner in Ubuntu Linux
NetworkMiner 1.2 running under Ubuntu Linux, with “day12-1.dmp” from the M57-Patents Scenario loaded.

Live CD's

Another way to try out NetworkMiner in Linux is to spin up one of the Live CD's that has the tool installed, such as Security Onion, REMnux or NST.

Live sniffing with NetworkMiner

In order to capture packets (sniff traffic) in Linux you will have to use the “PCAP-over-IP” feature. NetworkMiner is, however, not really designed for packet capturing; it is primarily a tool for parsing and analyzing PCAP files containing previously sniffed traffic.

We recommend using other tools such as tcpdump, dumpcap or netsniff-ng in order to reliably capture packets to a PCAP file. You can read more on how to sniff traffic in our Sniffing Tutorial.

Posted by Erik Hjelmvik on Saturday, 01 February 2014 20:45:00 (UTC/GMT)

Tags: #NetworkMiner #Linux #mono #network forensics

More... Share  |  Facebook   Twitter   Reddit   Hacker News Short URL: https://netresec.com/?b=142AA47


Install NetworkMiner with apt-get

Doug Burks has done a great work integrating NetworkMiner into Security Onion. One really cool thing he has done is to build a Debian repository that includes NetworkMiner. This means that NetworkMiner (and its dependencies) can be installed on Debian / Ubuntu machines by using apt-get!

How to install NetworkMiner with a one-liner:

sudo add-apt-repository -y ppa:securityonion/stable && sudo apt-get update && sudo apt-get -y install securityonion-networkminer

You can then start NetworkMiner with the following syntax:

/opt/networkminer/networkminer [optional-pcap-file]

NetworkMiner running on a vanilla Xubuntu machine

NetworkMiner running on a vanilla Xubuntu machine

Users of non-Debian OS's (i.e. other Linux flavors as well as Mac OS X and FreeBSD) will, however, still need to install NetworkMiner and Mono manually.

UPDATE 2014-06-25

NetworkMiner is now available in a few additional Linux packet handlers, such as Fedora's yum and Arch Linux's pacman. For more details, please see our HowTo install NetworkMiner in Ubuntu Fedora and Arch Linux blog post.
There are also instructions available for how to install NetworkMiner on Mac OS X.

Posted by Erik Hjelmvik on Monday, 10 September 2012 13:15:00 (UTC/GMT)

Tags: #NetworkMiner #Linux #Debian #Ubuntu #Security Onion #SecurityOnion

More... Share  |  Facebook   Twitter   Reddit   Hacker News Short URL: https://netresec.com/?b=12951F9


No more Wine - NetworkMiner in Linux with Mono

UPDATE
See our blog post HowTo install NetworkMiner in Ubuntu Fedora and Arch Linux for a more up to date installation guide.

British Street, E3 sticker close-up by George Rex NetworkMiner is a network forensics tool that is primarily designed to run under Windows. But it is now (as of version 1.2 of NetworkMiner) also possible to run NetworkMiner on non-Windows OS's like Linux, Mac, FreeBSD etc. with help of Mono. This means that there is no longer any need to run NetworkMiner under Wine, since Mono is a much better alternative.

So what is Mono? Here is a description from the mono-project's website:

“Mono is a software platform designed to allow developers to easily create cross platform applications. Sponsored by Xamarin, Mono is an open source implementation of Microsoft's .NET Framework based on the ECMA standards for C# and the Common Language Runtime. A growing family of solutions and an active and enthusiastic contributing community is helping position Mono to become the leading choice for development of Linux applications.”
(emphasis added)

Here are some of the features in NetworkMiner that work better under Mono compared to Wine:

  • Drag-and-drop pcap files onto NetworkMiner works under Mono
  • Extracted/reassembled files are put in OS-native folders (under the NetworkMiner/AssembledFiles folder)
  • Right-clicking an extracted file or image and selecting “Open file” or “Open containing folder” works under Mono
  • No big Wine install required, the Mono framework only requires 32 MB to install

Here are the commands required to install Mono and NetworkMiner on Ubuntu Linux:

sudo apt-get install libmono-winforms2.0-cil
wget www.netresec.com/?download=NetworkMiner -O /tmp/networkminer.zip
sudo unzip /tmp/networkminer.zip -d /opt/
cd /opt/NetworkMiner_*
sudo chmod +x NetworkMiner.exe
sudo chmod -R go+w AssembledFiles/
sudo chmod -R go+w Captures/
mono NetworkMiner.exe
The reason for setting write permission to the AssembledFiles folder is because this is the directory to where extracted files are written. If you prefer to instead have the files extracted to /tmp or the user's home directory, then simply move the AssembledFiles directory to your desired location and create a symlink to it in the NetworkMiner directory (hat tip to Lenny Zeltser for this idea).


NetworkMiner 1.2 running under Ubuntu Linux with Mono, with “day12-1.dmp” from the M57-Patents Scenario loaded.

Update: See our blog post HowTo install NetworkMiner in Ubuntu Fedora and Arch Linux for an installation guide for other linux flavors.


Posted by Erik Hjelmvik on Monday, 26 December 2011 20:30:00 (UTC/GMT)

Tags: #NetworkMiner #Mono #Wine #Linux #Ubuntu

More... Share  |  Facebook   Twitter   Reddit   Hacker News Short URL: https://netresec.com/?b=11C135E


Running NetworkMiner on Linux with Wine

UPDATE : We no longer recommend running NetworkMiner under Wine, please see our blog post on HowTo install NetworkMiner in Ubuntu Fedora and Arch Linux instead.

Joshua Smith has written a great blog post on toastresearch.com about how to get NetworkMiner running on BackTrack Linux. C. S. Lee (a.k.a. geek00l) has also written a blog post a couple of years ago explaining how to install NetworkMiner on Ubuntu Linux.

Unfortunately both these blog posts point to URLs with old versions of NetworkMiner (now that version 1.1 is released). I'm therefore posting a simple walkthrough of the required commands in order to install the latest version of NetworkMiner on an Ubuntu machine:

sudo apt-get install winetricks
winetricks corefonts dotnet20 gdiplus
cd /opt
wget www.netresec.com/?download=NetworkMiner
unzip latest
cd NetworkMiner_1-1/
wine NetworkMiner.exe
NetworkMiner in Linux with Wine

I hope this will help you get NetworkMiner running on your Ubuntu analyst station!

We will also be looking into having NetworkMiner fully compatible with mono in a future release. This would allow you to run NetworkMiner “natively” on Linux, Mac OS X as well as BSD (OpenBSD, FreeBSD, NetBSD).

Posted by Erik Hjelmvik on Thursday, 13 October 2011 16:51:00 (UTC/GMT)

Tags: #Netresec #Linux #Wine #Ubuntu

More... Share  |  Facebook   Twitter   Reddit   Hacker News Short URL: https://netresec.com/?b=11A3324

twitter

NETRESEC on Twitter

Follow @netresec on twitter:
» twitter.com/netresec


book

Recommended Books

» The Practice of Network Security Monitoring, Richard Bejtlich (2013)

» Applied Network Security Monitoring, Chris Sanders and Jason Smith (2013)

» Network Forensics, Sherri Davidoff and Jonathan Ham (2012)

» The Tao of Network Security Monitoring, Richard Bejtlich (2004)

» Practical Packet Analysis, Chris Sanders (2017)

» Windows Forensic Analysis, Harlan Carvey (2009)

» TCP/IP Illustrated, Volume 1, Kevin Fall and Richard Stevens (2011)

» Industrial Network Security, Eric D. Knapp and Joel Langill (2014)