Triaging a PCAP File Using NetworkMiner
Medium – Fredrick Njoroge
Introduction You are a network security analyst, or work in a security operations centre (SOC) and would like to review an incident generated by a set of network events. Or, you are an incident response analyst doing some post-breach work, and youâve requested a network capture from the perimeter firewall Your first guess would be to use the Wireshark GUI (or Tshark for CLI lovers). Triaging a PCAP file using these two may seem intimidating at first, even though a few features on Wireshark may come in handy â the Statistics tab, the Export Objects option, etc.

NetworkMiner is a GUI-based tool by NETRESEC that more easily helps the analyst to obtain a bigger picture of the PCAP data. This post will take you through the components of the tool, and how to use it to quickly know what was going on at the time of the network capture.
Link: https://epikritis.medium.com/triaging-a-pcap-file-using-networkminer-42848d68becd