So this past weekend I attended the Security Onion Conference in Augusta, GA. While sitting in the back listening to some great speakers, @pentestfail and I were hacking away on a side project of his that involved analyzing a decent number of PCAP files.
As usual I was doing my analysis using Wireshark. But when trying to get a birds eye view of a network I really like to use something like Capsa (which I’ve only run on Windows) to quickly see the whole picture and let me find interesting bits of traffic.
Then I’ll use Wireshark to dig deeper into the things I want to look at. But I had only brought my laptop which is running Kali Linux.
So welcome NetworkMiner to the rescue. NetworkMiner is also a Windows program but can be run on Linux using mono pretty easily. Here’s how I got it up in running on my Kali Linux box in about 2 minutes.
apt-get install libmono-winforms2.0-cil
wget sourceforge.net/projects/networkminer/files/latest -O /tmp/networkminer
unzip ./networkminer -d /opt
chmod +x NetworkMiner.exe
chmod -R go+w AssembledFiles/
chmod -R go+w Captures/
And that’s it. I love it when a plan comes together!