Problem with WinPcap in NetworkMiner

[Blkprometheus]

SO,

So, I just installed the latest version of SO, which includes Network
Miner. When I open Network Miner I receive the following error
message:

"Unable to find any WinPcap adapter, live sniffing with Raw Sockets is
still possible tough. Please install WinPcap, or Wireshark if you
wish to sniff with a WindPcap adapter. wpcap.dll.

Once I click on "ok" and I'm in the Network Miner interface, the
interface that I'm using to monitor with "eth1", isn't listed. My
"eth0" and loopback interfaces are listed though.

Can I get some help with this?

Thanks

[Doug Burks]

Hi Blkprometheus,

The error message is normal. NetworkMiner was originally Windows-only
and was recently rewritten to run under Mono on Linux. It's looking
for WinPcap which is only available on Windows systems, not Linux
systems.

My intention for including NetworkMiner in Security Onion is as an
analysis tool (not a sniffing tool). Since you already have
daemonlogger doing full packet capture, Network Miner would be used to
analyze one of the existing pcaps generated by daemonlogger.

Hope that helps!

Regards,
Doug

--
Doug Burks
SANS GSE and Community Instructor
Security Onion | http://securityonion.blogspot.com
President, Greater Augusta ISSA | http://augusta.issa.org
Please vote for Security Onion for 2011 Toolsmith Tool of the Year! |
http://goo.gl/PwTDi

[Blkprometheus]

Doug,

Thanks for your response. I understand now.