NetworkMiner is a Network Forensic Analysis Tool (NFAT)
for Windows. NetworkMiner can be used as a passive network
sniffer/packet capturing tool in order to detect operating systems,
sessions, hostnames, open ports etc. without putting any traffic on the
network. NetworkMiner can also parse PCAP files for off-line analysis
and to regenerate/reassemble transmitted files and certificates from
PCAP files.

NetworkMiner collects data (such as forensic evidence) about hosts on
the network rather than to collect data regarding the traffic on the
network. The main user interface view is host centric (information
grouped per host) rather than packet centric (information showed as a
list of packets/frames).

NetworkMiner has, since the first release in 2007, become popular tool
among incident response teams as well as law enforcement. NetworkMiner
is today used by companies and organizations all over the world.

[You must be registered and logged in to see this link.]

This video was made to show some of the extra features of NetworkMiner
Professional, like Pcap-over-IP, running on OS X under Mono, Export
results to CSV / Excel, Geo IP localization, Host coloring support, and
Command line scripting support.

[You must be registered and logged in to see this link.]