From 48739d4fcaa2700a73f1f4eb556d68b77a9add1c Mon Sep 17 00:00:00 2001
From: lgandx <laurent.gaffie@gmail.com>
Date: Mon, 19 Apr 2021 23:50:35 -0300
Subject: [PATCH] Created Network traffic analyze mode (markdown)

---
 Network-traffic-analyze-mode.md | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 Network-traffic-analyze-mode.md

diff --git a/Network-traffic-analyze-mode.md b/Network-traffic-analyze-mode.md
new file mode 100644
index 0000000..2b53f83
--- /dev/null
+++ b/Network-traffic-analyze-mode.md
@@ -0,0 +1,9 @@
+# Responder Analyze Mode
+
+Responder has a built-in functionality which allows you to monitor without poisoning anything what is going on the subnet. This mode allows you to see who is looking for what on the network, and consequently build an attack. 
+
+This mode also has a Browser protocol listener analyzing all Browser protocol messages (port 138) and performs Browser backup requests to retrieve the complete list of workstation name and capabilities (server, workstation, mssql, PDC, etc) on the network.
+
+Responder's analyze mode can be used by clients who wanted to see if NBT-NS/LLMNR remediation was successful or not, prior a retest. 
+
+[![Analyze-mode-Browser.png](https://i.postimg.cc/FR6YrsCf/Analyze-mode-Browser.png)](https://postimg.cc/Q9p8Ss3s)
\ No newline at end of file