Thursday, October 16, 2008

Network Miner

One program that is currently using parts of Satori is NetworkMiner, which is actually where most of the other news about Satori has been coming out from lately.

NetworkMiner uses the dhcp fingerprinting DB in the currently released version at:
http://sourceforge.net/projects/networkminer/

I believe the next version that is released should also have the tcp fingerprinting piece from Satori based on emails with the author in the past.

Some good articles on NetworkMiner and what all it can do can be found here:
http://holisticinfosec.org/toolsmith/docs/august2008.pdf
http://www.net-security.org/dl/insecure/INSECURE-Mag-18.pdf

The 2nd one you'll need to jump to page 18.

NetworkMiner is a very nice program to pull information off the network and rebuild the files that are being downloaded. Driftnet for windows along with a lot of other nice features. Its OS identification is not nearly as polished as Satori, in my opinion at least, but that is not what it is geared towards.

Check it out

1 comment:

sCORPINo said...

hi Eric,
Thanks for sake of your notice.
I updated my post.
cheers,