NetworkMiner

There are many Network Forensic Analysis Tools (NFAT) currently available. NetworkMiner is a powerful tool that has many features that are not as well implemented in other tools. Among these features are: NetworkMiner allows you to parse libcap files or to do a live packet capture of the network traffic. NetworkMiner also allows you to reconstruct FTP, SMB, HTTP, and TFTP data streams so that you can see a comprehensive view of what data was being sent over the network.

Core Features
NetworkMiner can allow you to do the following:
 * Capture data from several different network interfaces
 * View the credential data of the connections
 * Use the DNS info to see what sites people are accessing
 * Search for keywords (string, or hex) within the packets
 * See all clear text that it monitored
 * Recontruct and view files that were transfered based on the data stream
 * Create thumbnails of all the images that were sent over the network for easy monitoring
 * It is a passive tool. It dPlaceholder't actively target devices on the network
 * Capture and view frame data about the packets
 * Passive OS detection
 * And much more