NetSleuth is an opensource network forensics and analysis tool, designed for triage in incident response situations. It can identify and fingerprint network hosts and devices from pcap files captured from Ethernet or WiFi data (from tools like Kismet).
It also includes a live mode, silently identifying hosts and devices without needing to send any packets or put the network adapters into promiscuous mode ("silent portscanning").
NetSleuth is a free network monitoring, cyber security and network forensics analysis (NFAT) tool that provides the following features:
- An easy realtime overview of what devices and what people are connected to any WiFi or Ethernet network.
- Free. The tool can be downloaded for free, and the source code is available under the GPL.
- Simple and cost effective. No requirement for hardware or reconfiguration of networks.
- “Silent portscanning” and undetectable network monitoring on WiFi and wired networks.
- Automatic identification of a vast array of device types, including smartphones, tablets, gaming consoles, printers, routers, desktops and more.
- Offline analysis of pcap files, from tools like Kismet or tcpdump, to aid in intrusion response and network forensics.