Information, tools and how-to's for the new intrusion analyst. Mentoring by blogging.
Wednesday, November 25, 2009
Network Miner 0.91
Jim Clausing posted an article on the Storm Center diary today about some updates to network security tools (Jim is always all over that.. he's sort of the Tim "The Tool Man" Taylor of the NetSec world) and mentioned there was an update to Network Miner. I'd never looked at it before, that I remember, so I downloaded the latest version. What a neat tool. It runs on Windows, and uses Winpcap (it doesn't install Winpcap but if you do NetSec you'd probably already have it installed.) Just unzip the archive and fire it up. Tell it what interface to monitor, and it begins to track host connections to your box, showing the IP, fingerprint of the OS, frames received, files transferred, images, messages, credentials, sessions, DNS requests, any clear text and even what it deems anomalies. Very nice. I'll definitely keep this one in my toolkit for Windows hosts. You can get the latest version at SourceForge and if you don't have Winpcap, get that here.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment