Live Evidence Invetigation
Packet Forensics and Analytics

Installation of MOLOCH

Project Name: Installation of MOLOCH
Description: Packet Analytics includes understanding MOLOCH and Elasticsearch to great extent. In this blog we will try to figure out step by step installation of MOLOCH for Packet Analytics & Packet Forensics. Packet Forensics and Analytics will help you understand MOLOCH for Packet Analytics & Elasticsearch for forensics indexing for packet. 

Author: Rohit D Sadgune

Installation of MOLOCH

# apt-get install zip

# add-apt-repository ppa:webupd8team/java

packet analytics - repo add
packet analytics – repo add

 

# apt-get update

# apt-get & dist-upgrade

Packet Forensics -Disto-Upgrade
Packet Forensics -Disto-Upgrade
 Packet Forensics -Disto-Upgrade
Packet Forensics -Disto-Upgrade

# apt-get install oracle-java8-installer

Java-Installer Packet Analytics
Java-Installer Packet Analytics



java-installer Packet Analytics
java-installer Packet Analytics
java-installer Packet Analytics
java-installer Packet Analytics

# nano /etc/network/interfaces

auto eth0

iface eth0 inet static

address 192.168.1.58

gateway           192.168.1.1

netmaks 255.255.255.0

dns-nameservers 192.168.1.1

auto eth1

iface eth1 inet manual

up        ip         link set $IFACE promisc on arp off up

down ip link set $IFACE promisc off down

post-up ethtool -G $IFACE rx 4096; for i in rx tx sg tso ufo gso gro lro; do eththool -K $IFACE $i off; done

post-up echo1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6

Packet Analytics - Network Interfaces Setting
Packet Analytics – Network Interfaces Setting

# reboot

# wget http://github.com/aol/moloch/archive/master.zip

Packet Analytics - MOLOCH Download
Packet Analytics – MOLOCH Download

#unzip master.zip

#cd /moloch-master

Packet Analytics - Unzip MOLOCH
Packet Analytics – Unzip MOLOCH


# ./easybutton-singlehost.sh

Packet Analytics - Moloch Installation
Packet Analytics – Installation of MOLOCH

NodeJS installation :- Elasticsearch requires nodejs fo json input so we are installing NodeJs as dependent package for forensics indexing.

Packet Analytics - NodeJs Installation
Packet Analytics – NodeJs Installation

 

T0 give input to elasticsearch we have install CURL.

Packet Analytics - CURL Installation
Packet Analytics – CURL Installation

 

In Moloch you do analytics with geo location. i.e we can filter the traffic as per the country which help organization to segregate traffic and do deep analysis of Malware, DOS Attack, DDOS Analysis or any potential threats.

GeoIP Installation

Packet Analytics - GeoIP Installation
Packet Analytics – GeoIP Installation

Glib Installation

Packet Analytics - Glib Installation
Packet Analytics – Glib Installation

 

In Moloch Elasticsearch installation 2 packages we need to install

  1. Elasticsearch
  2. Elasticsearch –Head
Packet Analytics - Moloch Installation
Packet Analytics – Moloch Installation
Packet Analytics - Elasticsearch & head installation
Packet Analytics – Elasticsearch & head installation

 

In Moloch you can define the user id and group id. For your reference here I have kept this blank but you have to assign interface on which you want to capture the network traffic for packet analytics.

Packet Analytics - Moloch Userid & GroupI Interface allocation
Packet Analytics – Moloch UserId & GroupId Interface allocation

 

# chmod 777 /data/moloch

# nano /etc/security/limits.conf

*          hard     nofile   500000

*          soft      nofile   500000

Packet Analytics - Moloch Installation Limits.conf
Packet Analytics – Moloch Installation Limits.conf

# apt-get update

# apt-get upgrade

# ./easybutton-singlehost.sh

Packet Analytics - Installation Final Verification
Packet Analytics – Installation Final Verification

For MOLOCH you have to specify the RAM which it can utilize for Packet Analytics.

Installation of Moloch - Memory Allocation
Installation of Moloch – Memory Allocation

URL :- https://127.0.0.1:8005

Default username & password for Moloch is admin:admin

Packet Analytics MOLOCH -Login Window
Packet Analytics MOLOCH -Login Window

MOLOCH Dashboard view

Packet Analytics - Moloch Dashboard
Packet Analytics – Moloch Dashboard

MOLOCH Connection View

Packet Analytics MOLOCH -Connection Window
Packet Analytics MOLOCH -Connection Window

Enjoy Packet Analytics & Packet Forensics with Moloch & Elasticsearch.

 

Back to Packet Analytics

 

Packet Analytics
Packet Forensics and Analytics
Packet Analytics

Packet Analytics Project Name: Packet Analytics Description: Packet Analytics includes understanding Packet. Both will perform this activity in Real Time so as to resolve many issues like DOS attack, DDOS Attack, Insider Threats, Access Intelligence, Bandwidth Issue and many more. Author: Rohit D Sadgune Frequently Asked Question on MOLOCH Packet …

Digital Evedance
Packet Forensics and Analytics
Moloch Packet Analytics

Moloch Packet Analytics Project Name:  Moloch Packet Analytics Description: Moloch Packet Analytics includes understanding MOLOCH and Elasticsearch to a great extent. Packet Forensics and Analytics will help you to understand MOLOCH for Packet Analytics & Elasticsearch for forensics indexing for packet. Both will perform this activity in Real Time so …

MOLOCH Usage
Packet Forensics and Analytics
Moloch Usage

Moloch Usage Project Name: Moloch Usage Description: Moloch Usage includes understanding packet with respect to system level components, GUI views of MOLOCH Packet Analytics and MOLOCH Use Case. Author: Rohit D Sadgune Summary of Content System Level Concepts of MOLOCH Important Files & Folders Working with MOLOCH USE cases of …

%d bloggers like this: