View Issue Details

IDProjectCategoryView StatusLast Update
0000313Kali Linux[All Projects] New Tool Requestspublic2020-03-18 17:50
Reporternetresec Assigned To 
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status closedResolutionreopened 
Product Version 
Target VersionFixed in Version 
Summary0000313: NetworkMiner
DescriptionPlease include NetworkMiner to simplify analysis of PCAP files.
NetworkMiner is available from SourceForge:

Please DON'T install Wine to run NetworkMiner, use Mono instead. More info here:




2013-05-03 02:05

reporter   ~0000437

NetworkMiner is already packaged on Ubuntu:


2013-05-03 05:22

reporter   ~0000438

Good call @2xyo!

However, please use the NetworkMiner package in the stable branch instead:

This is the debian package created by Doug Burks for the Security Onion Live DVD.


2013-10-15 21:20

administrator   ~0001015

This doesn't sniff on a live interface as it should and even the Security Onion package won't either.
If you wish to have it included in Kali, you will need to do the leg-work in getting it running properly. If you can do so, feel free to re-open this ticket.


2013-10-17 18:13

reporter   ~0001020

The purpose of having NetworkMiner in Kali is not in order to sniff packets. Tools like tcpdump and even the meterpreter sniffer already do a fine job capturing network packets to a PCAP file.

What makes NetworkMiner useful for Kali is its ability to parse PCAP files and extract interesting details such as passwords, downloaded files, browser cookies, lanman hashes, emails etc.


2013-10-17 21:01

administrator   ~0001021

We are not going to deliberately include a partially functional tool in the distribution.
If there comes a point where it can fully work, reopen the ticket.


2014-11-10 21:59

reporter   ~0002694

The old way of doing live sniffing with NetworkMiner has now been completely removed from the application in version 1.6 and newer.

Here's a screenshot of the updated GUI without annoying non-functional sniffing buttons:

Also, recommended practice for analyzing network traffic with NetworkMiner is to do one of the following:
1. Load a PCAP file
2. Use Pcap-over-IP to do live sniffing:

I hope these changes make NetworkMiner qualify for being part of Kali!


2018-01-29 15:06

administrator   ~0008434

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool?
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [How to install] - How do you compile it?
- [How to use] - What are some basic commands/functions to demonstrate it?


2018-02-02 19:21

reporter   ~0008610

Name and version: NetworkMiner 2.2
Website: (link to source code available, GPLv2)
Download link:
Author: Erik Hjelmvik
License: GPLv2
Description: Network Forensics tool for parsing PCAP files. Extracts files, usernames, passwords, hashes, emails etc. from PCAP files.
Similar tools: Wireshark, Xplico
How to install:
How to use: mono /opt/NetworkMiner_2-2/NetworkMiner.exe ~/Downloads/dump.pcap

You'll find more examples of how to use NetworkMiner here:


2020-03-18 17:01

administrator   ~0012431

Last Update: 2015-08-07


2020-03-18 17:50

administrator   ~0012457

No update from upstream since 2015

Issue History

Date Modified Username Field Change
2013-04-28 19:40 netresec New Issue
2013-05-03 02:05 2xyo Note Added: 0000437
2013-05-03 05:22 netresec Note Added: 0000438
2013-10-15 21:20 dookie Note Added: 0001015
2013-10-15 21:20 dookie Status new => closed
2013-10-15 21:20 dookie Assigned To => dookie
2013-10-15 21:20 dookie Resolution open => won't fix
2013-10-17 18:13 netresec Note Added: 0001020
2013-10-17 18:13 netresec Status closed => feedback
2013-10-17 18:13 netresec Resolution won't fix => reopened
2013-10-17 18:20 netresec Status feedback => new
2013-10-17 21:01 dookie Note Added: 0001021
2013-10-17 21:01 dookie Status new => closed
2013-10-17 21:01 dookie Resolution reopened => no change required
2014-11-10 21:59 netresec Note Added: 0002694
2014-11-10 21:59 netresec Status closed => feedback
2014-11-10 21:59 netresec Resolution no change required => reopened
2014-11-21 20:03 haider Issue cloned: 0001901
2018-01-29 10:34 g0tmi1k Summary Include NetworkMiner => NetworkMiner
2018-01-29 15:06 g0tmi1k Note Added: 0008434
2018-01-29 15:06 g0tmi1k Assigned To dookie =>
2018-01-29 15:06 g0tmi1k Status feedback => new
2018-02-02 19:21 netresec Note Added: 0008610
2019-12-09 13:30 g0tmi1k Severity minor => feature
2020-03-18 17:01 g0tmi1k Note Added: 0012431
2020-03-18 17:50 g0tmi1k Status new => closed
2020-03-18 17:50 g0tmi1k Note Added: 0012457