Richard, Russ and Adrian trying NetworkMiner Professional

I recently sent out a copy of NetworkMiner Professional to three persons, who I respect for their contributions to different parts of the IT security community.

NetworkMiner Professional USB flash drive

All three persons have now publicly shared their experiences from analyzing network traffic with NetworkMiner Professional.

Richard Bejtlich

First out was Richard Bejtlich – blogger, black hat instructor and CSO at Mandiant.

Richard wrote a blog post titled “Trying NetworkMiner Professional 1.2”, where he analyzes a pcap file from his TCP/IP Weapons School class. Richard also shared some new ideas on new features that he'd like to see in NetworkMiner.

Russ McRee

Russ McRee is a hard-working vulnerability discoverer, blogger and journal author, who also is team leader of Microsoft Online Service’s Security Incident Management team. Russ published his blog post titled “Tool review: NetworkMiner Professional 1.2” shortly after Richard's blog post.

In his blog post Russ looks closer at the features of NetworkMiner Professional that are not included in the free version of NetworkMiner. These features include:

• Port Independent Protocol Identification (PIPI), which is provided through an implementation of the SPID algorithm.
• Geo-IP localization of hosts
• Host coloring
• The command line tool NetworkMinerCLI (more info in our blog post Command-line Network Forensics with NetworkMinerCLI)

Adrian Crenshaw

Adrian Crenshaw, the guy behind Irongeek.com and co-founder of Derbycon, went one step further by recording a video titled “NetworkMiner Professional for Network Forensics”.

In the video Adrian shows features such as:

• PcapOverIP
• Running NetworkMiner on Mac OS X (NetworkMiner 1.2 and later supports both Linux and Mac)
• Exporting results to CSV-files for viewing in Excel
• Command line scripting support

Posted by Richard Bejtlich on Friday, 09 December 2011 18:45:00 (UTC/GMT)

Tags: #NetworkMiner Professional​