i How to install moloch – All things in moderation

How to install moloch

Hi all!
Moloch is an open source, large scale IPv4 packet capturing (PCAP), indexing and database system. A simple web interface is provided for PCAP browsing, searching, and exporting. APIs are exposed that allow PCAP data and JSON-formatted session data to be downloaded directly. Simple security is implemented by using HTTPS and HTTP digest password support or by using apache in front. Moloch is not meant to replace IDS engines but instead work along side them to store and index all the network traffic in standard PCAP format, providing fast access. Moloch is built to be deployed across many systems and can scale to handle multiple gigabits/sec of traffic.
How to install?
Installation environment:
– Ubuntu 16.04LTS
Install now! 😀
– You must install zip.

$sudo apt-get install zip
  • Add ppa
$sudo add-apt-repository ppa:webupd8team/java
  • Maybe the new system will not understand this command. More installation:
$sudo apt-get install software-properties-common python-sofware-properties
$sudo add-apt-repository ppa:git-core/ppa
$sudo apt-get update
$sudo apt-get install git
  • Update system
$sudo apt-get update
  • Upgrade system
$sudo apt-get upgrade
  • dist-upgrade system
$sudo apt-get dist-upgrade
  • Install java8
$sudo apt-get install oracle-java8-installer
  • Download moloch via wget
wget https://github.com/aol/moloch/archive/master.zip
  • Config network interfaces
$sudo nano /etc/network/interfaces

Content of interfaces:

auto eth0
iface eth0 inet static
address ip-server
gateway 
netmask
dns-nameserver ip-server 8.8.8.8

auto eth1
iface eth1 inet manual
up ip link set $IFACE promisc on arp off up
down ip link set $IFACE promisc off down
post-up ethtool –G $IFACE rx 4096; for i in rx tx sg tso ufo gso gro lro;  do ethtool –K $IFACE $i off; done
post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6

network_interfaces

  • Reboot system
$sudo reboot
  • Unzip moloch
$unzip master.zip
  • Install moloch
$cd moloch-master/
$sudo ./easybutton-singlehost.sh 

install-moloch

  • Run moloch
$sudo ./run_es.sh
$sudo ./run_capture.sh
$sudo ./run_viewer.sh

Install complete! You can access Moloch with link: https://ip_server:8005 with username/password: admin/admin.
Moloch interface

Tag session

Map IP:

map_ip

View file .pcap

Node connection

Tag Users

2 Comments

  1. ayub February 12, 2017
    • Stephen Stinson April 1, 2017

Leave a Reply