NetworkMiner is a passive network sniffing or network forensic tool. It is called a passive tool as it does not send out requests—it sits silently on the network, capturing every packet in the promiscuous mode.
NetworkMiner is host-centric. This means that it will classify data based on hosts rather than packets, which is what most sniffers such as Wireshark do.
The different steps to NetworkMiner usage are as follows:
NetworkMiner is available for download at SourceForge: http://sourceforge.net/projects/networkminer/.
Though NetworkMiner is not as well known as it should be, it's host-centric ...