NetworkMiner is a network forensic analysis tool for Mac and other platforms. NetworkMiner can be used as a passive network analyzer or package capture tool to detect operating systems, sessions, hostnames, open ports, etc., without traffic on the network. NetworkMiner can also analyze PCAP files and reassemble transmitted files from them. We will tell you more about this program.

What is this program?

NetworkMiner for Mac is a high-tech and professional tool for forensic network analysis. The application demonstrates the highest performance, flexibility, and intuitive management processes.

What is this program used for?

This program can be a powerful utility to capture network analyzer or passive network packages. You can get information about active sessions, ports, operating systems, hostnames, etc. This product is cross-platform and can be run on different modern operating systems, including macOS. The program also analyzes PCAP file components professionally to recover certificates and extracted files from protocols. The software receives real-time information about the active network hosts and displays the information in the most detailed and convenient form.

Program features and benefits

NetworkMiner for Mac has two versions: Free and Professional. The free version has the following features:

• Traffic capturing;

• PCAP file parsing;

• Receiving PCAP files by IP;

• OS detection.

The professional version has some extra options:

• PcapNG file parsing;

• Port protocol definition;

• Data export to CSV / Excel;

• DNS name-checking;

• IP localization;

• Command line support.

NetworkMiner allows you to monitor established connections and analyze packages transmitted over the network, fishing out helpful information about the hosts and exchanging information with your computer. The TTL, frame size, and flags set in package headers are input data for analysis.

Frame analysis

You can also explore individual frames with NetworkMiner for Mac. The Frames tab is used for this: here, you can find data about frame size, IP addresses and ports of a sender and a receiver, and other helpful information.

Traffic files

NetworkMiner has one more useful feature: it can extract files from traffic streamed via FTP, TFTP, HTTP, HTTP/2, SMB, SMB2, SMTP, POP3, and IMAP protocols. You can use it to intercept files transmitted via email, FTP, local network, or your browser.

Conclusions

NetworkMiner for Mac is a powerful sniffer for performing many practical operations. Fingerprinting and OS detection are its most significant functions. In 2007, this program gained widespread popularity among incident response teams and law enforcement agencies, and today it is used actively by organizations and companies worldwide.