To run it on macosx, just grap the mono pkg and install it. Than from the cli you run "mono networkMiner.exe after downloading the binary
NOTE: on a small macbookAir it can take some time to open and if your running against a large pcap.file the time to load is dependent on the size and number of entries in the pcap.
NetworkMiner can now be used to grab pertain information from traffic flows.
e,g
- conversation details
- ssl-certificate-details to include protocol and handshake cer names
- client+server information
- credentials used
- tcp-ports inused
- http headers can easily be filter for match
- reconstruct file information
- inspect and sniff open email communications
Here's a few screenshots on example how we can inspect traffic details. This is a great tool to use if you want to find session that are using a particular SSL certificate by serial# or date.
Details and OS identifications
Inspecting for bluecoat proxy x-header
Finding Server header strings from a ADC
Determing web-auth methods support by a web-server
loading a pcap file can be time consuming on smaller systems, but it's readily easy to replay pcap files for traffic analysis
Viewing the certificate values
Display certificate serial numbers
Searching on User-Agent strings
finding a certificate in use via the expiration date
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment