Henry Dalziel | General Hacking Posts | August 4, 2016
What will you learn in this post?
We’ve been interviewing several pentesting and forensic tool developers over the last few months, such as Marc “van Hauser” Heuse who created THC Hydra and the cURL developer Daniel Stenberg. We’ve also got a bunch of interesting interviews from experienced Penetration Testers here and here as well as Daniel Cid, the co-founder of Sucuri and creator of OSSEC HIDS. In this post we interview Erik Hjelmvik who is the developer of NetworkMiner.
What is NetworkMiner?
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows but it also runs happily on Linux and Mac OS X. NetworkMiner is a tool that can be used as a passive network sniffer/ packet capturing tool in order to detect operating systems (rather like nmap), sessions, hostnames, open ports etc. One of the neat things about NetworkMiner is that when it’s used in passive mode is does so without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
NetworkMiner is an awesome tool. From our understanding it is excellent at automatic extraction of files from a packet capture. Would you say that it compliments Wireshark, and if so – how?
Much of the functionality available in NetworkMiner can also be achieved with Wireshark. The big difference is that NetworkMiner makes it a lot easier to extract things like files, parameters, emails passwords etc. from PCAP files compared to Wireshark. Our goal is is to help analysts find what they are looking for faster. I personally often use NetworkMiner to get the big picture of what is going on, and then run Wireshark in case there are some packets that I wanna look at in more detail.
For all those budding security developers out there trying to create tools, how do you recommend they promote their work? Perhaps presenting research at conferences? Any other ways?
My recommendation would be to provide the software for free, and to write articles, blog posts, video tutorials etc. to show others why your tool is awesome.
What advice would you give to all those trying to break into cybersecurity? What tips would you suggest to ‘get noticed’? Maybe develop a tool? Contribute to Open Source?
My best advice would probably be to allow yourself to take a deep dive into any field you find interesting. Eventually you will find problems that can’t easily be solved with the tools currently available. Solving such problems, and sharing the solution with the community, will most likely get you noticed. It doesn’t matter if your “solution” is a new tool, a patch for an open source product or a new way of attacking the problem.
We’d like to say a big thank you to Erik for being generous with his time and we also encourate you to learn more – and use – NetworkMiner!