Firstly, it is aimed at gathering information about the hosts on the network, rather than the packets going across it, so you can build up a good picture of a network simply by passivly sniffing, and letting it pick up all the broadcast traffic. It also displays the information nicely, rather than having to dig through by hand, as you would with Wireshark.
However, the really unique thing about Network Miner is that is re-assembles the packets into files, and stores those locally for you to view. This includes web pages, pictures, audio and downloaded files.
The program takes two kinds of input. The first is to set it sniffing on a network adaptor, but unless you've done some APR (Cain or Ettercap work well here), you're only going to get local and broadcast traffic, so this is of limited use, despite telling you build up information without being detected.
The other is that you can open up a previous capture, (.pcap from Wireshark, Ettercap, tcpdump, etc), and it can parse it for files and information. You can easily search packets, and it tries to pick out passwords, but in this area, Cain is the best around.
Take Network Miner and Cain into school on a laptop, sniff your technincians PC (or, if you're feeling daring, redirect all the traffic going to/from the main gateway through your laptop, but this will lag you, slow the network down, and be very conspicous). You need winpcap installed, but that comes with Wireshark/Cain, so you should have it. Also seems to need .NET 2.0. Windows only, I'm afraid.
~muto
- Code: Select all
http://networkminer.wiki.sourceforge.net/NetworkMiner
