10/01/2024, 17:02 NetworkMiner - LetsDefend

Home Learn Practice Challenge PricingStart a 1-day free trial 9

Network Packet Analysis

All Lessons Structure
Introduction to Network Packet Analysis
TcpDump
Wireshark
Tshark
NetworkMiner

https://app.letsdefend.io/training/lesson_detail/networkminer 1/14
10/01/2024, 17:02 NetworkMiner - LetsDefend

NetworkMiner
Home Learn Practice Challenge PricingStart a 1-day free trial 9
NetworkMiner is a network monitoring and packet analysis tool that can run on Windows and Linux operating systems. It is
designed to capture and analyze network traffic while also detecting potential attacks, exploits, and malware on the network.
NetworkMiner automatically reconfigures data packets and extracts files on the network, so you can easily analyze file downloads,
web pages, emails, and other types of data.
NetworkMiner stands out from the other tools we have discussed due to its unique approach to processing and reporting
intercepted packets. It offers several key capabilities that distinguish it from other tools such as “File Extraction”, “Web Page
Monitoring”, “Malware Detection”.
Let's take a look at the basic features of NetworkMiner together:

Packet Analysis: NetworkMiner captures network traffic and allows for an in-depth examination of individual packets. It provides
detailed information about the transmitted data, connections, protocol details, and other relevant packet information.
File Extraction: NetworkMiner facilitates the extraction of files from network traffic, enabling further analysis and investigation.
This feature is particularly valuable for identifying potentially malicious files or tracking specific file types of interest.

Web Page Tracking: With NetworkMiner, you can capture and visually display the contents of web pages accessed on the
network. This capability aids in monitoring web-based attacks and analyzing user behaviors.
Malware Detection: NetworkMiner includes features designed to detect malware activity during network traffic analysis. It can
identify potentially harmful files, monitor suspicious commands, and control traffic, enhancing overall network security.

Protocol Support: NetworkMiner offers support for a wide range of network protocols. This versatility allows for analyzing diverse
network traffic types and observing interactions across protocols.

https://app.letsdefend.io/training/lesson_detail/networkminer 2/14
 Initialization, Interface Selection, and Packet Capture9
10/01/2024, 17:02 NetworkMiner - LetsDefend

Home Learn Practice Challenge PricingStart a 1-day free trial

Like other packet capture tools we have covered before, NetworkMiner needs administrator access to perform its functions and
work smoothly. Keeping this in mind, we can move on to the initial screen when launching NetworkMiner.

Area #1, is a drop-down menu found by NetworkMiner that contains a list of network interfaces used to capture packets.
Area #2, This area in NetworkMiner displays the classified data based on the analysis of captured packets. The data is organized
into different tabs, each representing a specific category. For example, if NetworkMiner detects an image file in the network
traffic, it will be displayed in the Images tab. Similarly, if credentials are captured from payload data, they will be shown in the
Credentials tab.
Area #3, Is the area where we can apply the necessary filters to search among the collected packets.

https://app.letsdefend.io/training/lesson_detail/networkminer 3/14
10/01/2024, 17:02 NetworkMiner - LetsDefend

Home Learn Practice Challenge PricingStart a 1-day free trial 9

Packet Capture, Filtering

Now that we are familiar with the interface, let's take a look at the presentation of captured packets.
https://app.letsdefend.io/training/lesson_detail/networkminer 4/14
10/01/2024, 17:02 NetworkMiner - LetsDefend

Once packet capture begins, NetworkMiner starts displaying the captured traffic on the screen. We can use the Sorting menu to
sort the captured packets basedHome
on various
Learncriteria.
Practice Challenge PricingStart a 1-day free trial 9

For each captured packet, you can click on the (+) icon in the display window to expand and view the decoded data that
NetworkMiner can provide for that packet:

https://app.letsdefend.io/training/lesson_detail/networkminer 5/14
10/01/2024, 17:02 NetworkMiner - LetsDefend

Home Learn Practice Challenge PricingStart a 1-day free trial 9

https://app.letsdefend.io/training/lesson_detail/networkminer 6/14
10/01/2024, 17:02 NetworkMiner - LetsDefend

Home Learn isPractice

One of the notable features of NetworkMiner its filteringChallenge In theStart
capability.Pricing Hostsa 1-day
tab, which is the main9screen, the filtering
free trial
feature provides us with three options:
String: Allows us to search for a specific string in the captured packets and displays the results accordingly.
Regex: Enables us to perform regex searches instead of string searches. (Time to check out the regex course if you haven't
already)
CIDR: Allows us to filter packets based on specific IP addresses using CIDR notation.

Tabs and their Contents

In the Files tab, you can access and view the files extracted from the captured network streams, and their details. Similarly, in the
Images tab, you have the option to preview image files.

https://app.letsdefend.io/training/lesson_detail/networkminer 7/14
10/01/2024, 17:02 NetworkMiner - LetsDefend

Home Learn Practice Challenge PricingStart a 1-day free trial 9

In the Credentials Tab, you can view authentication data extracted from network traffic in a readable format.
In the Sessions Tab, you can access a list of traffic that occurred in the "established" state during the packet capture.
https://app.letsdefend.io/training/lesson_detail/networkminer 8/14
10/01/2024, 17:02 NetworkMiner - LetsDefend

In the DNS Tab, you can examine detailed information about the DNS queries captured during the packet capture process,
including the corresponding responses.
Home Learn Practice Challenge PricingStart a 1-day free trial 9 HTTP header
In the Parameters Tab, you can explore various protocol-specific strings, such as DHCP, Netbios, SMB, and
information, associated with the captured traffic.

https://app.letsdefend.io/training/lesson_detail/networkminer 9/14
10/01/2024, 17:02 NetworkMiner - LetsDefend

Home Learn Practice Challenge PricingStart a 1-day free trial 9

https://app.letsdefend.io/training/lesson_detail/networkminer 10/14
10/01/2024, 17:02 NetworkMiner - LetsDefend

Home Learn Practice Challenge PricingStart a 1-day free trial 9

Case Structure
Finally, NetworkMiner evaluates each packet capture process you start or each pcap file you open as a “CASE” and lists them in
the section on the right side providing a swift transition between them.

https://app.letsdefend.io/training/lesson_detail/networkminer 11/14
10/01/2024, 17:02 NetworkMiner - LetsDefend

Home Learn Practice Challenge PricingStart a 1-day free trial 9

Can you help us make this course better for future people?

Network Packet Analysis

Sure I can press Enter ↵

Takes 3 minutes

Lab Environment
Connect

https://app.letsdefend.io/training/lesson_detail/networkminer 12/14
10/01/2024, 17:02 NetworkMiner - LetsDefend

Home Learn Practice Challenge PricingStart a 1-day free trial 9

Questions Progress

By analyzing the networkMiner.pcap file on the desktop, find the username information having this HASH beginning like this:
$krb5tgs$23$a277c612423a69c58597...
Answer Format: ****/***-******* Submit

Hint

Back

https://app.letsdefend.io/training/lesson_detail/networkminer 13/14
 LetsDefend
10/01/2024, 17:02 NetworkMiner - LetsDefend

Home Learn Practice Challenge PricingStart a 1-day free trial 9

Social

Resources
Support
Community
Plans
Roles

https://app.letsdefend.io/training/lesson_detail/networkminer 14/14