Erik Hjelmvik
Thursday, 12 April 2012 21:55:00 (UTC/GMT)

NetworkMiner 1.3 Released

NetworkMiner 1.3 was released earlier today, and there was much rejoicing!

NetworkMiner with web_recon.pcap and hmi_web_recon.pcap loaded
HTTP Digest credentials from USCC's web_recon.pcap and hmi_web_recon.pcap

Some of the features added to this new release of NetworkMiner include:

  • Extraction of user names from HTTP Digest Authentication (RFC 2617), such as those found in US Cyber Challenge “Cyber Quest February 2012”.
  • HTTP headers are shown on the Parameters tab (including common headers like “Host” and “User-Agent” as well as rare ones).
  • HTTP X headers are shown for hosts under the “Host Details” > “Extra Details” node. These X headers include “x-up-calling-line-id” and “HTTP_X_UP_CALLING_LINE_ID”, which can be used to identify the phone number of the mobile device used to access a web page. This type of information leakage can be detected with Collin Mulliner's MNO Privacy Checker.
  • Support for the Null / Loopback link layer packets that are written when sniffing localhost on BSD operating systems.
  • Ability to select a custom cleartext dictionary file for the "Cleartext" tab. This feature can be used in order to look for text in a specific language.
  • Files with “.raw” extension are now treated as pcap files since this is the extension used by Sguil (hat tip to Doug Burks for this idea).
  • The alert window about WinPcap not being installed has been removed.
Several bugs have also been corrected, thanks to TCB13 and Aivar Liimets for notifying us about two of them.

NetworkMiner Professional

The professional edition of NetworkMiner additionally includes a new feature for performing offline whois lookups of IP addresses against the RIPE database. This offline whois lookup can be used to find out which organization that owns the IP network for a particular IP address. The whois information can be found in the “Host Details” node in the “Hosts” tab.

NetworkMiner Professional 1.3 showing offline RIPE lookup
Offline RIPE lookup of IP address belonging to Danish TDC A/S

There is at this point only support for whois lookups of European IP addresses. NetworkMiner Professional is also not shipped with the RIPE database installed. Downloading the RIPE database to NetworkMiner Professional is very easy though, simply click “Tools” > “Download RIPE DB”.

Download RIPE database
How to download the RIPE database to NetworkMiner Professional

Customers who have purchased a previous version of NetworkMiner Professional can download an update for free from our customer portal. If you are unable to log in, then please send an email to info [at] netresec.com with your current version number as well as license number (which you can find under the menu “Help” > “About Network Miner”).

Posted by Erik Hjelmvik on Thursday, 12 April 2012 21:55:00 (UTC/GMT)

Tags: #NetworkMiner

Share: Facebook   Twitter   Reddit   Hacker News Short URL: https://netresec.com/?b=1240207

Recent Posts

» Network Forensics training at x33fcon

» Hunting for Cobalt Strike in PCAP

» Network Forensics Training - Spring 2024

» CapLoader 1.9.6 Released

» Forensic Timeline of an IcedID Infection

Blog Archive

» 2024 Blog Posts

» 2023 Blog Posts

» 2022 Blog Posts

» 2021 Blog Posts

» 2020 Blog Posts

» 2019 Blog Posts

» 2018 Blog Posts

» 2017 Blog Posts

» 2016 Blog Posts

» 2015 Blog Posts

» 2014 Blog Posts

» 2013 Blog Posts

» 2012 Blog Posts

» 2011 Blog Posts

List all blog posts

Video blog posts

News Feeds

» Google News

» FeedBurner

» RSS Feed

X / twitter

NETRESEC on X / Twitter: @netresec

Mastodon

NETRESEC on Mastodon: @netresec@infosec.exchange