This document discusses the network analysis tools Network Miner and Wireshark. Network Miner is described as a powerful tool that allows users to parse libcap files, do live packet captures, and reconstruct FTP, SMB, HTTP and TFTP data streams. It can capture data from multiple network interfaces, view credential data, use DNS information, search for keywords, view clear text, and reconstruct files transferred. Wireshark is an open source network protocol analyzer that allows users to interactively browse network data traffic. It supports live data reading, display filters to organize data, and new protocol analysis through plugins. The document concludes by stating it will look at using Network Miner and Wireshark in practice.

1. WORKING MODULE
ON
NETWORK_MINER & WIRESHARK
Submitted by:
S. Venkata Sreeram

2. TYPES & FEATURES OF INVESTIGATION
TOOLS
•Email analysis
•File type detection
•Media playback
•Registry analysis
•Photos recovery from memory card
•Extract web activity from browser
•Show system events in graphical interface
•Timeline analysis
•Extract data from Android – SMS, call logs, contacts, etc.

3. There are many Network Forensic Analysis Tools
(NFAT) currently available. Network Miner is a
powerful tool that has many features that are not as
well implemented in other tools. Among these
features are: Network Miner allows you to parse
libcap files or to do a live packet capture of the
network traffic. Network Miner also allows you to
reconstruct FTP, SMB, HTTP, and TFTP data
streams so that you can see a comprehensive view
of what data was being sent over the network.
NetworkMiner

4. Capture data from several different network
interfaces
View the credential data of the connections
Use the DNS info to see what sites people are
accessing
Search for keywords (string, or hex) within the
packets
See all clear text that it monitored
Reconstruct and view files that were transfered
based on the data stream
Create thumbnails of all the images that were sent
over the network for easy monitoring
It is a passive tool.
It doesn't actively target devices on the network
Capture and view frame data about the packets
Passive OS detection.
Features

5. Hosts, Files, Images
Messages, Credentials
Usernames
Passwords [ Mask ]
DNS
Keywords [ Network ]
Anomalies.

6. Phishing
Phishing is the practice of sending fraudulent emails that resemble emails from
reputable sources. The aim is to steal sensitive data like credit card numbers and
information. It’s the most common type of cyber attack. You can help protect
through education or a technology solution that filters malicious emails.
Learn how technology can help
Ransomware
Ransomware is a type of malicious software. It is designed to extort money by blocking access to files or the
computer system until the ransom is paid. Paying the ransom does not guarantee that the files will be recovered or
the system restored.
Stop ransomware in its tracks
Social engineering
Social engineering is a tactic that adversaries use to trick you into revealing sensitive information. They can solicit a
monetary payment or gain access to your confidential data. Social engineering can be combined with any of the
threats listed above to make you more likely to click on links, download malware, or trust a malicious source.
Malware
Malware is a type of software designed to gain unauthorized access or to cause damage to a computer.

8. How To Capture And Analyze Network Traffic Using
NetworkMiner
NetworkMiner is a
host centric network
analysis tool with
passive sniffing
capabilities. Host
centric means that it
sorts data with respect
to the hosts rather
than the packets

9. Wireshark is a free and open source network
protocol analyzer that enables users to interactively
browse the data traffic on a computer network. The
development project was started under the name
Ethereal, but was renamed Wireshark in 2006.
Many networking developers from all around the
world have contributed to this project with network
analysis, troubleshooting, software development and
communication protocols. Wireshark is used in
many educational institutions and other industrial
sectors.

10.  To share use cases and
knowledge among members
of the Wireshark user and
developer communities in a
relaxed, informal milieu.
 To remain a self-funded,
independent, educational
conference hosted by a
corporate sponsor.

11. •Data is analyzed either from the wire over the network connection or from data files
that have already captured data packets.
•Supports live data reading and analysis for a wide range of networks (including
Ethernet, IEEE 802.11, point-to-point Protocol (PPP) and loopback).
•With the help of GUI or other versions, users can browse captured data networks.
•For programmatically editing and converting the captured files to the editcap
application, users can use command line switches.
•Display filters are used to filter and organize the data display.
•New protocols can be scrutinized by creating plug-ins.
•Captured traffic can also trace Voice over Internet (VoIP) calls over the network.
•When using Linux, it is also possible to capture raw USB traffic.
FEATURES

12. Lets Have A Look Forward
through Practical Experience
with Network Miner
and
Wireshark.