View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000313||Kali Linux||[All Projects] New Tool Requests||public||2013-04-28 19:40||2020-03-18 17:50|
|Priority||normal||Severity||feature||Reproducibility||have not tried|
|Target Version||Fixed in Version|
|Description||Please include NetworkMiner to simplify analysis of PCAP files.|
NetworkMiner is available from SourceForge: http://sourceforge.net/projects/networkminer/
Please DON'T install Wine to run NetworkMiner, use Mono instead. More info here:
NetworkMiner is already packaged on Ubuntu:
Good call @2xyo!
However, please use the NetworkMiner package in the stable branch instead:
This is the debian package created by Doug Burks for the Security Onion Live DVD.
This doesn't sniff on a live interface as it should and even the Security Onion package won't either.
If you wish to have it included in Kali, you will need to do the leg-work in getting it running properly. If you can do so, feel free to re-open this ticket.
The purpose of having NetworkMiner in Kali is not in order to sniff packets. Tools like tcpdump and even the meterpreter sniffer already do a fine job capturing network packets to a PCAP file.
What makes NetworkMiner useful for Kali is its ability to parse PCAP files and extract interesting details such as passwords, downloaded files, browser cookies, lanman hashes, emails etc.
We are not going to deliberately include a partially functional tool in the distribution.
If there comes a point where it can fully work, reopen the ticket.
The old way of doing live sniffing with NetworkMiner has now been completely removed from the application in version 1.6 and newer.
Here's a screenshot of the updated GUI without annoying non-functional sniffing buttons:
Also, recommended practice for analyzing network traffic with NetworkMiner is to do one of the following:
1. Load a PCAP file
2. Use Pcap-over-IP to do live sniffing: http://netresec.com/?b=119B126
I hope these changes make NetworkMiner qualify for being part of Kali!
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):
- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool?
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [How to install] - How do you compile it?
- [How to use] - What are some basic commands/functions to demonstrate it?
Name and version: NetworkMiner 2.2
Website: http://networkminer.com/ (link to source code available, GPLv2)
Download link: https://www.netresec.com/?download=NetworkMiner
Author: Erik Hjelmvik
Description: Network Forensics tool for parsing PCAP files. Extracts files, usernames, passwords, hashes, emails etc. from PCAP files.
Similar tools: Wireshark, Xplico
How to install: http://netres.ec/?b=142AA47
How to use: mono /opt/NetworkMiner_2-2/NetworkMiner.exe ~/Downloads/dump.pcap
You'll find more examples of how to use NetworkMiner here:
||Last Update: 2015-08-07|
||No update from upstream since 2015|
|2013-04-28 19:40||netresec||New Issue|
|2013-05-03 02:05||2xyo||Note Added: 0000437|
|2013-05-03 05:22||netresec||Note Added: 0000438|
|2013-10-15 21:20||dookie||Note Added: 0001015|
|2013-10-15 21:20||dookie||Status||new => closed|
|2013-10-15 21:20||dookie||Assigned To||=> dookie|
|2013-10-15 21:20||dookie||Resolution||open => won't fix|
|2013-10-17 18:13||netresec||Note Added: 0001020|
|2013-10-17 18:13||netresec||Status||closed => feedback|
|2013-10-17 18:13||netresec||Resolution||won't fix => reopened|
|2013-10-17 18:20||netresec||Status||feedback => new|
|2013-10-17 21:01||dookie||Note Added: 0001021|
|2013-10-17 21:01||dookie||Status||new => closed|
|2013-10-17 21:01||dookie||Resolution||reopened => no change required|
|2014-11-10 21:59||netresec||Note Added: 0002694|
|2014-11-10 21:59||netresec||Status||closed => feedback|
|2014-11-10 21:59||netresec||Resolution||no change required => reopened|
||Issue cloned: 0001901|
|2018-01-29 10:34||g0tmi1k||Summary||Include NetworkMiner => NetworkMiner|
|2018-01-29 15:06||g0tmi1k||Note Added: 0008434|
|2018-01-29 15:06||g0tmi1k||Assigned To||dookie =>|
|2018-01-29 15:06||g0tmi1k||Status||feedback => new|
|2018-02-02 19:21||netresec||Note Added: 0008610|
|2019-12-09 13:30||g0tmi1k||Severity||minor => feature|
|2020-03-18 17:01||g0tmi1k||Note Added: 0012431|
|2020-03-18 17:50||g0tmi1k||Status||new => closed|
|2020-03-18 17:50||g0tmi1k||Note Added: 0012457|