In this tutorial, I will explain how to extract images, files, certificates, etc from network packets flowing through your PC. For this, I will use a free packet sniffer and PCAP (Pre Captured) analyzer software called Network Miner. This free network traffic analyzer software will automatically extract images, certificates, files, etc from packets flowing through a network adapter of your PC. Apart from that, you can also view details of live sessions between your system to different sources and other live network traffic info.
It support HTTP, FTP, SMTP, SMB, SMB 2, and TFTP protocol for file extraction.
Network Miner is a free Network Forensic Analysis Tool that is available for Linux and Mac as well. So, you can use the method explained in this tutorial to extract images, certificates, etc from these platforms as well.
How to extract images, messages, from network packets using this free Network packet analyzer software:
Getting started with this free packet sniffer is really easy, download it from the link provided at the end of this tutorial and then execute its application file. Please make sure that you have launched its application file with full admin rights. After that, you will see its main interface as shown in the main screenshot. Now, you just have to select your network adapter and it will then automatically start sniffing network packets from your network adapter and analyze them. It then displays images, files, credentials, etc from network packets flowing through your network adapter. After that, you can save images, files, etc and see certificates, cookies, etc received from different websites.
Let’s see the steps in detail to extract images, certificates, etc from network packets:
Step 1: In this first step, you have to select a network adapter to monitor. You can select a network adapter from “—Select a network adapter in the list—” drop-down list. If you receive an error after selecting a network adapter then please restart this free network traffic analyzer software with admin rights.
Step 2: After you have selected a network adapter, click on the Start button that appears on its main interface.
After that, it will start analyzing network packets flowing through the selected network adapter and will parse them for analyzing. As per your network traffic, it will then extract images, files, credentials, certificates, etc and will show them in different tabs on its main interface.
To extract an image, move to the Images tab. In this tab you’ll see all of the extracted images, as you can see in the screenshot below.
Hover you mouse over an image, to view its reconstructed path (where the image file is saved). You can also open the image directly from its interface. Right-click on any image and select the Open image option.
If you want to see the certificates received then switch to the files tab, from there you can view digital certificates received from different websites. You can directly open a certificate to view its content, as you can see in the screenshot below.
As per my testing of this software, I was able to successfully extract images, certificates, and see all live sessions between my system and different websites. To see whether it can extract credentials from my network packets, I logged into Facebook and Gmail a couple of times but it wasn’t able to do that. In its credentials tab, it showed cookies received from different sources.
How to analyze PCAP files using this free PCAP analyzer software:
As I mentioned, Network Miner can also analyze PCAP files and extract images, messages, credentials, etc from it. To test this feature of Network Miner, I downloaded several sample PCAP files and then opened each of them in Network Miner. It then parses the PCAP file and regenerate sessions, certificates, etc from it. It can also regenerate messages, images, files, credentials, etc from a PCAP file, as shown in the screenshot below. So it is a pretty handy software if you want to regenerate several parameters that I mentioned from a PCAP file for offline analysis.
It also gives you the option to receive PCAP over IP. This feature will allow you to receive PCAP files from a remote source and use it to analyze it at your end.
Verdict:
This tutorial explains how to extract images, certificates, files, etc from network packets flowing through a network adapter of your PC. Apart from that, you can also use this method to analyze PCAP files or even receive PCAP files from a remote resource to analyze it directly from its GUI. I found this software very efficient and it can be a very handy software to analyze network traffic.