NetworkMiner v0.88 released
A passive network sniffer/packet capturing tool for Windows. NetworkMiner can detect OSâ€™s, hostnames, open ports, sessions and extract files without putting any traffic on the network. NetworkMiner can also parse PCAP files for offline forensic analysis
NetworkMiner performs OS fingerprinting based on TCP SYN and SYN+ACK packet by using OS fingerprinting databases from p0f (by Michal Zalewski) and Ettercap (by Alberto Ornaghi and Marco Valleri). NetworkMiner can also perform OS fingerprinting based on DHCP packets (which usually are broadcast packets) by making use of the Satori (by Eric Kollmann) OS fingerprinting database from FingerBank. NetworkMiner also uses the MAC-vendor list from Nmap (by Fyodor).Erik Hjelmvik, "Forensisk analys av nÃ¤tverkstrafik med NetworkMiner", May 7, 2009
NetworkMiner can extract files and certificates transferred over the network by parsing a PCAP file or by sniffing traffic directly from the network. This is a neat function that can be used to extract and save media files (such as audio or video files) which are streamed across a network. Supported protocols for file extraction are FTP, HTTP and SMB.