[Product Introduction] NetworkMiner Professional | Network Forensic Packet Capture Tool

A tool for network analysis and forensics is available on the Unipos website.NetworkMiner Professionalpage has been added.

NetworkMiner is a network forensic tool that can collect (sniff) network traffic and analyze PCAP (Packet CAPture) files. Rather than collecting data about traffic on a network, it collects data about hosts (such as forensic evidence).

The main user interface views also present data in a host-centric manner (information grouped by host) rather than packet-centric (information displayed as a list of packets/frames).

NetworkMiner host inventory


NetworkMiner main features

  • Discover hosts such as devices and servers on your network and collect information about them (IP addresses, MAC addresses, hostnames, etc.)
  • By reconstructing communication sessions using protocols such as HTTP, FTP, and SMTP (*), you can understand the websites visited and files downloaded/uploaded.
  • Automatically extract media files such as images, videos, and document files from network traffic for analysis and evidence collection
  • Detect usernames and passwords sent in clear text to identify security risks


Main uses

  • Network monitoring and analysis
  • forensic analysis
  • Data breach detection and investigation
  • Evaluating network performance
  • Education and training regarding network security and management


NetworkMiner Professional Edition

NetworkMiner Free Edition can be used free of charge, but Unipos offers “NetworkMiner Professional” is handled.

The Professional version allows you to analyze PcapNG files, use a packet carving function to extract network packets from memory dumps, export to CSV or XML, use a DNS whitelist function, and use a command line interface.

NetworkMiner Professional Edition Specifications

Capture file formats PCAP, PcapNG, ETL
Receive from Pcap-over-IP Yes
Receive from PacketCache Yes
Live sniffing Yes
Carve packets from memory dumps Yes
Export file formats CSV (for Excel) / JSON-LD / XML
Network layer protocols IPv4 and IPv6
Decapsulation protocols GRE, 802.1Q, PPPoE, VXLAN, OpenFlow, SOCKS, MPLS, EoMPLS and ERSPAN
File extraction from protocols FTP, TFTP, HTTP, HTTP/2, SMB, SMB2, SMTP, POP3, IMAP and LPR
Port Independent Protocol Identification (PIPI) Yes
Extracted Artifacts
Image extraction and preview Yes
Artifacts extracted from TLS traffic X.509 certificates, JA3 hashes, JA3S hashes, SNI
Audio extraction from unencrypted VoIP calls Yes
Emails extraction from SMTP, POP3 and IMAP
Network Inventory and Asset Identification
Passive OS fingerprinting Yes
NIC Vendor Identification Yes
Hostname Extraction Yes
Browser User-Agent Extraction Yes
Open ports per host Yes
OSINT lookup for artifacts file hashes, IP addresses, domain names and URLs
GeoIP Localization Yes
Command-line scripting support Yes, through NetworkMinerCLI

*The above table is based on "NetworkMiner Professional Specifications version 220712.1" which can be downloaded from the manufacturer's website.

For the differences in functions and specifications between the Free Edition and Professional Edition, please check the feature comparison table posted on the manufacturer's website (Click on the image below to go to the manufacturer's website)



About License

NetworkMiner Professional has the following two types of licenses depending on the usage type.

Single User License

A license associated with a user. One license is required per user.

– From purchaseValid for 3 yearssubscription license for
– Includes updates and support for the duration of your license

Corporate License

A license tied to a company/organization. It can be used by an unlimited number of employees who belong to the company/organization that owns the license.

- Perpetual license
– Includes updates and support for the first year (optional add-on from year 2 onwards)


About Exploratory

Swedish company NETRESEC AB is an independent software vendor (ISV) specializing in network security monitoring and network forensics. We develop and sell software products specifically designed to capture and analyze network traffic. We also conduct research and development in the fields of network traffic analysis and IT security.

In addition to NetworkMiner, which we introduced this time, “CapLoader” and a transparent TLS and SSL inspection proxy “PolarProxy” are developed by NETRESEC.