Network-Based Forensics is emerging now, we are seeing more and more NBF tools in active development now, one of the decent NBF tool I would like to mention here is NetworkMiner which is developed by Erik Hjelmvik. NetworkMiner is developed using .net framework, therefore it has Windows version only, I will show you how you can get it running using Wine on *nix based OS especially Ubuntu Linux.
Installing Wine -
shell>sudo apt-get install wine wine-dev cabextract
Configure Wine -
shell>winecfg
In Application tab, change windows version to Windows 2000
shell>wget http://kegel.com/wine/winetricks
Install cofefronts and .net framework 2.0 -
shell>sh winetricks corefonts dotnet20
Download NetworkMiner -
Unzip it and run -
shell>wine NetworkMiner.exe
Here you go -
Installing Wine -
shell>sudo apt-get install wine wine-dev cabextract
Configure Wine -
shell>winecfg
In Application tab, change windows version to Windows 2000
shell>wget http://kegel.com/wine/winetricks
Install cofefronts and .net framework 2.0 -
shell>sh winetricks corefonts dotnet20
Download NetworkMiner -
shell>wget \
http://sourceforge.net/project/showfiles.php?group_id=189429
http://sourceforge.net/project/showfiles.php?group_id=189429
Unzip it and run -
shell>wine NetworkMiner.exe
Here you go -
Cheers (;])
What a great post! I just followed your example and installed NetworkMiner on my Ubuntu machine also. Thank you.
ReplyDeleteThanks for this post CS!
ReplyDeleteI have for some time planned to build a release of NetworkMiner that can be run in *nix OS's through Mono. I do, however, have many other more urgent tasks to solve first, so it's great that you've shown how Linux users can use NetworkMiner already today!
ty dude great guide. really :)
ReplyDeletei wanted to try it so i followed your steps but i received errors. here is le log of: sh winetricks corefonts dotnet20
http://pastebin.ubuntu.com/107126/
and here is the error popup when i launche wive NetworkMiner.exe from X:
http://i43.tinypic.com/2vl5wys.png
and here comes the terminal message when i run wive NetworkMiner.exe:
http://pastebin.ubuntu.com/107128/
P.S. i have a early installed Ubuntu 8.10 intrepid ibex
i really hope you can help me fixing it.
regards conrad
instructions worked great. You da man!
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteHi CS,
ReplyDeleteI've followed your example. And I am able to run NetworkMiner in openSUSE 11.x.
But before it start, it display the following message :
===
Unable to load WinPcap adapter!
Please install WinPcap or Wireshark
Application will now run using only Raw Socket connections.
Unable to load DLL "wpcap.dll"
===
Do I need to install wpcap.dll as suggested by the message ?
Great post. I followed your post and installed it on Slackware 12.0. The one thing I had to do was to download the package cabextract-1.2-i486-1mfb.tgz from www.linuxpackages.net and manually install it. Everything else worked perfectly.
ReplyDeleteHi, when I try to execute NW, I get the following: could not load L"C:\\windows\\system32\\NetworkMiner.exe": Module not found
ReplyDeleteNot sure where I went wrong it looked like wine was loaded just fine as was NM and it extracted from zip. Thanks for any thoughts.
I have been some problem with my connection and I thought could be my network card, how ever i wasn´t sure. So, I decided to looking for information by internet and try to understand the network problem. I am happy because all the solution which advice this blog are very useful and interesting.
ReplyDeletecosta rica investment opportunities gave me another alternatives to do the best investment, but of course i always will need a good network.
Excelent!
ReplyDelete