If you spend any time in Wireshark, you probably know what strings to look for given a certain string of hex information or text capture. You know that a header should look a certain way. Or maybe you’ve spent so much time that you can tell the difference between the types of files being sent in Wireshark. The truly great folks can pick it out of a string of random gibberish, not unlike the operators in The Matrix.
For the rest of us, there’s an awesome new tool to help. Written by Erik Hjelmvik, NetworkMiner does all the hard work of assembling those bits of code into something more familiar. It can reassemble files from packet captures and provide you with a list so you can see if someone was sending things in clear text or using more secure methods. NetworkMiner can also sniff out usernames and passwords that were captured, including email logins and even Kerberos hashes. This means is a great way to see if anyone is still using insecure methods to log into devices and services on your network.
Erik even tells you how easy it is to use:
So why not give NetworkMiner a try next time you want to extract a few files from a capture file or get an overview of what’s going on in a capture? It’s a free tool that doesn’t even require an installation, you just extract the zip file and run it!
If you want to give NetworkMiner a try, check out this blog post for more info: Intro to NetworkMiner