Monday, April 21, 2014

Installing NetworkMiner In Linux



  (Image Logo Ref : http://www.netresec.com/images/NetworkMiner_logo_313x313.png )

NetworkMiner is a Network Forensic Analysis Tool. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

In Windows you can install it easily but in Linux its little different. Here's how to install a NetworkMiner in Ubuntu 13.04/13.10



Step 1 : Installing Mono

 sudo apt-get install libmono-winforms2.0-cil


Step 2: Installing NetworkMiner 


wget sourceforge.net/projects/networkminer/files/latest -O /tmp/networkminer.zip




(Above command will download and save the NetworkMiner.zip in /temp/ directory , You can save it to anywhere you like)

sudo unzip /tmp/networkminer.zip -d /opt/

(This command will  unzip and move your saved file to /opt/ directory )

cd /opt/NetworkMiner*
sudo chmod +x NetworkMiner.exe
sudo chmod -R go+w AssembledFiles/
sudo chmod -R go+w Captures/


Step 3 : Running NetworkMiner 

mono NetworkMiner.exe





  2 comments:

  1. Old post, however I'm just getting back around to things...Every since this method was implemented...I've never had the drop down to select interface...I can only load pcap files from another sniffer such as wireshark. The drop down menu simply isn't there...not greyed out anything...

    ReplyDelete