Using NetworkMiner with a Windows netsh trace File
Before analyzing a network packet trace file, I try to make sure that I've collected information about IP addresses and TCP/UDP port numbers. Even so, I still find that I don't have all the information I need. There are techniques you can use to get the missing information - check NBNS host announcements, explore the names resolved by DNS - but it's all just more hassle.
Recently I noticed a bit of a buzz around NetworkMiner, so I thought I'd check it out. What I found was a simple tool that does just what I need; extract useful host and service information from Wireshark traces. We now analyze a fair number of traces captured with Windows netsh trace, so I thought I'd look at how we can use NetworkMiner with these Windows-native trace files.
In this video we discover how to configure a Workbench Transformer so that NetworkMiner can analyze Windows netsh trace files.
You can still download a free copy of Workbench from the Downloads section of the TribeLab Community website - https://community.tribelab.com