This guide describes how to get NetworkMiner running on Mac OS X Mavericks (version 10.9.3).
After the download of “Mono MRE installer” has completed, just run the installer:
Press “Continue” to proceed installing the Mono Framework using the guided installer.
When the Mono Framework has been installed you can extract the downloaded NetworkMiner zip archive. Then start NetworkMiner from the terminal like this:
$ mono NetworkMiner.exe
Live sniffing with NetworkMiner on Mac OS X
Live sniffing with WinPcap or Raw Sockets is only available when running NetworkMiner in Windows.
However, live sniffing can still be achieved on Mac OSX (as well as in Linux) by using the PCAP-over-IP functionality.
Press the “Start Receiving” button and then use tcpdump to do live sniffing and forward all captured packets to NetworkMiner like this:
$ sudo tcpdump -i en0 -s0 -U -w - | nc localhost 57012
The preferred way to use NetworkMiner is, however, to load previously captured packets in a PCAP file and let NetworkMiner dig out all interesting details like transmitted files, images, messages, SSL certificates etc.
Microsoft .NET Windows.Forms GUI applications don't run on 64 bit macOS systems running Mono. This will cause the application to hang/freeze during startup when the GUI window is about to be rendered. However, fortunately the old Mono 2.10.12 package is using an older implementation that will render the GUI even on 64 bit Macs. We'd like to thank Fredrik Pettai for reporting this issue and suggesting the workaround!
Posted by Jonas Lejon on Tuesday, 24 June 2014 21:25:00 (UTC/GMT)