
A tool for network analysis and forensics is available on the Unipos website.NetworkMiner Professionalpage has been added.
NetworkMiner is a network forensic tool that can collect (sniff) network traffic and analyze PCAP (Packet CAPture) files. Rather than collecting data about traffic on a network, it collects data about hosts (such as forensic evidence).
The main user interface views also present data in a host-centric manner (information grouped by host) rather than packet-centric (information displayed as a list of packets/frames).

NetworkMiner main features
- Discover hosts such as devices and servers on your network and collect information about them (IP addresses, MAC addresses, hostnames, etc.)
- By reconstructing communication sessions using protocols such as HTTP, FTP, and SMTP (*), you can understand the websites visited and files downloaded/uploaded.
- Automatically extract media files such as images, videos, and document files from network traffic for analysis and evidence collection
- Detect usernames and passwords sent in clear text to identify security risks
*Supports FTP, TFTP, HTTP, HTTP/2, SMB, SMB2, SMTP, POP3, IMAP, LPR
Main uses
- Network monitoring and analysis
- forensic analysis
- Data breach detection and investigation
- Evaluating network performance
- Education and training regarding network security and management
NetworkMiner Professional Edition
NetworkMiner Free Edition can be used free of charge, but Unipos offers “NetworkMiner Professional” is handled.
The Professional version allows you to analyze PcapNG files, use a packet carving function to extract network packets from memory dumps, export to CSV or XML, use a DNS whitelist function, and use a command line interface.
NetworkMiner Professional Edition Specifications
Input | |
Capture file formats | PCAP, PcapNG, ETL |
Receive from Pcap-over-IP | Yes |
Receive from PacketCache | Yes |
Live sniffing | Yes |
Carve packets from memory dumps | Yes |
output | |
Export file formats | CSV (for Excel) / JSON-LD / XML |
Protocols | |
Network layer protocols | IPv4 and IPv6 |
Decapsulation protocols | GRE, 802.1Q, PPPoE, VXLAN, OpenFlow, SOCKS, MPLS, EoMPLS and ERSPAN |
File extraction from protocols | FTP, TFTP, HTTP, HTTP/2, SMB, SMB2, SMTP, POP3, IMAP and LPR |
Port Independent Protocol Identification (PIPI) | Yes |
Extracted Artifacts | |
Image extraction and preview | Yes |
Artifacts extracted from TLS traffic | X.509 certificates, JA3 hashes, JA3S hashes, SNI |
Audio extraction from unencrypted VoIP calls | Yes |
Emails extraction from | SMTP, POP3 and IMAP |
Network Inventory and Asset Identification | |
Passive OS fingerprinting | Yes |
NIC Vendor Identification | Yes |
Hostname Extraction | Yes |
Browser User-Agent Extraction | Yes |
Open ports per host | Yes |
Other | |
OSINT lookup for artifacts | file hashes, IP addresses, domain names and URLs |
GeoIP Localization | Yes |
Command-line scripting support | Yes, through NetworkMinerCLI |
*The above table is based on "NetworkMiner Professional Specifications version 220712.1" which can be downloaded from the manufacturer's website.
For the differences in functions and specifications between the Free Edition and Professional Edition, please check the feature comparison table posted on the manufacturer's website (Click on the image below to go to the manufacturer's website)
About License
NetworkMiner Professional has the following two types of licenses depending on the usage type.
Single User License
A license associated with a user. One license is required per user.
– From purchaseValid for 3 yearssubscription license for
– Includes updates and support for the duration of your license
Corporate License
A license tied to a company/organization. It can be used by an unlimited number of employees who belong to the company/organization that owns the license.
- Perpetual license
– Includes updates and support for the first year (optional add-on from year 2 onwards)
About Exploratory
Swedish company NETRESEC AB is an independent software vendor (ISV) specializing in network security monitoring and network forensics. We develop and sell software products specifically designed to capture and analyze network traffic. We also conduct research and development in the fields of network traffic analysis and IT security.
In addition to NetworkMiner, which we introduced this time, “CapLoader” and a transparent TLS and SSL inspection proxy “PolarProxy” are developed by NETRESEC.
■ Click here for product details and inquiries NetworkMiner Professional | Network Forensic Packet Capture Tool |