Forensics and Cyber Threat Research Area

Threat Intelligence | Insider Threat Detection | User Behavior Analytics | Cyber Threat Management | Data Security Intelligence | Cloud Security Intelligence Application Security Intelligence | Anomaly & Pattern Detection |  Security Information Event Management | Digital Forensics | Data Recovery | Malware Investigation | Packet Analytics | Packet Forensics | security operations and analytics platform architecture (SOAPA)

Live Evidence Invetigation

Home » Blog » Installation of MOLOCH

 Posted in Packet Forensics and Analytics

Installation of MOLOCH

   15th October 2015  Leave a Comment on Installation of MOLOCH 0 1173

Installation of MOLOCH

Project Name: Installation of MOLOCH
Description: Packet Analytics includes understanding MOLOCH and Elasticsearch to great extent. In this blog we will try to figure out step by step installation of MOLOCH for Packet Analytics & Packet Forensics. Packet Forensics and Analytics will help you understand MOLOCH for Packet Analytics & Elasticsearch for forensics indexing for packet. 

Author: Rohit D Sadgune

Installation of MOLOCH

# apt-get install zip

# add-apt-repository ppa:webupd8team/java

packet analytics - repo add
packet analytics – repo add

 

# apt-get update

# apt-get & dist-upgrade

Packet Forensics -Disto-Upgrade
Packet Forensics -Disto-Upgrade
Packet Forensics -Disto-Upgrade
Packet Forensics -Disto-Upgrade

# apt-get install oracle-java8-installer

Java-Installer Packet Analytics
Java-Installer Packet Analytics



java-installer Packet Analytics
java-installer Packet Analytics
java-installer Packet Analytics
java-installer Packet Analytics

# nano /etc/network/interfaces

auto eth0

iface eth0 inet static

address 192.168.1.58

gateway           192.168.1.1

netmaks 255.255.255.0

dns-nameservers 192.168.1.1

auto eth1

iface eth1 inet manual

up        ip         link set $IFACE promisc on arp off up

down ip link set $IFACE promisc off down

post-up ethtool -G $IFACE rx 4096; for i in rx tx sg tso ufo gso gro lro; do eththool -K $IFACE $i off; done

post-up echo1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6

Packet Analytics - Network Interfaces Setting
Packet Analytics – Network Interfaces Setting

# reboot

# wget http://github.com/aol/moloch/archive/master.zip

Packet Analytics - MOLOCH Download
Packet Analytics – MOLOCH Download

#unzip master.zip

#cd /moloch-master

Packet Analytics - Unzip MOLOCH
Packet Analytics – Unzip MOLOCH


# ./easybutton-singlehost.sh

Packet Analytics - Moloch Installation
Packet Analytics – Installation of MOLOCH

NodeJS installation :- Elasticsearch requires nodejs fo json input so we are installing NodeJs as dependent package for forensics indexing.

Packet Analytics - NodeJs Installation
Packet Analytics – NodeJs Installation

 

T0 give input to elasticsearch we have install CURL.

Packet Analytics - CURL Installation
Packet Analytics – CURL Installation

 

In Moloch you do analytics with geo location. i.e we can filter the traffic as per the country which help organization to segregate traffic and do deep analysis of Malware, DOS Attack, DDOS Analysis or any potential threats.

GeoIP Installation

Packet Analytics - GeoIP Installation
Packet Analytics – GeoIP Installation

Glib Installation

Packet Analytics - Glib Installation
Packet Analytics – Glib Installation

 

In Moloch Elasticsearch installation 2 packages we need to install

  1. Elasticsearch
  2. Elasticsearch –Head
Packet Analytics - Moloch Installation
Packet Analytics – Moloch Installation
Packet Analytics - Elasticsearch & head installation
Packet Analytics – Elasticsearch & head installation

 

In Moloch you can define the user id and group id. For your reference here I have kept this blank but you have to assign interface on which you want to capture the network traffic for packet analytics.

Packet Analytics - Moloch Userid & GroupI Interface allocation
Packet Analytics – Moloch UserId & GroupId Interface allocation

 

# chmod 777 /data/moloch

# nano /etc/security/limits.conf

*          hard     nofile   500000

*          soft      nofile   500000

Packet Analytics - Moloch Installation Limits.conf
Packet Analytics – Moloch Installation Limits.conf

# apt-get update

# apt-get upgrade

# ./easybutton-singlehost.sh

Packet Analytics - Installation Final Verification
Packet Analytics – Installation Final Verification

For MOLOCH you have to specify the RAM which it can utilize for Packet Analytics.

Installation of Moloch - Memory Allocation
Installation of Moloch – Memory Allocation

URL :- https://127.0.0.1:8005

Default username & password for Moloch is admin:admin

Packet Analytics MOLOCH -Login Window
Packet Analytics MOLOCH -Login Window

MOLOCH Dashboard view

Packet Analytics - Moloch Dashboard
Packet Analytics – Moloch Dashboard

MOLOCH Connection View

Packet Analytics MOLOCH -Connection Window
Packet Analytics MOLOCH -Connection Window

Enjoy Packet Analytics & Packet Forensics with Moloch & Elasticsearch.

 

Back to Packet Analytics

 

Author: Rohit Sadgune
Core Working Areas :- Threat Intelligence, Digital Forensics, Incident Response, Fraud Investigation, Web Application Security Technical Certifications :- Computer Hacking Forensics Investigator | Certified Ethical Hacker | Certified Cyber crime investigator | Certified Professional Hacker | Certified Professional Forensics Analyst | Redhat certified Engineer | Cisco Certified Network Associates | Certified Firewall Solutions | Certified Network Monitoring Solution | Certified Proxy Solutions
Website

Leave a Reply

Your email address will not be published. Required fields are marked *

Enter Captcha Here : *

Reload Image

Indicator of Attacks | Indicator of Compromise

Top SIEM Use Cases | Threat Hunting Hypothesis | Deep Packet Inspection | Insider Threat Hunting | Hunting Data Exfiltration | Banking Fraud | ATM Use Cases | Cross Channel Data Exfiltration | Hunting Endpoint Anomaly | Denial-of-service | Man-in-the-middle (MitM) attack | Spear phishing attacks | Drive-by attack | Eavesdropping attack | Birthday attack