Author : Tomáš Mokoš NetworkMiner is a Network forensic analysis tool (NFAT) for Windows operating systems. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. NetworkMiner’s primary…

Authors : Tomáš Mokoš, Marek Brodec Version : 0.7.4 Nload is a console application which monitors network traffic and bandwidth usage in real time. The gathered statistics are displayed in two separate graphs (one for uplink and one for downlink)….

Author : Tomáš Mokoš Moloch offers many distinct usage possibilities, the set of which is not limited to the ones mentioned down below and can be expanded by individual users, provided they can find other applications of this service: DOS…

Moloch consists of three components: Elasticsearch – search engine powering the Moloch system. It is distributed under the terms of Apache license. Requests are handled using HTTP and results are returned in JSON file format. Elasticsearch supports database sharding, making…

Authors : Tomáš Mokoš, Marek Brodec Operating system : Ubuntu 16.04 Elasticsearch version : 5.5.1 Suricata version : 4.0.1 This article is outdated, see the newer installation guides below. Installation of Suricata Akime (former Moloch) Installatioon Integrating Moloch and Suricata…

Considering the possibility of packet loss at high traffic flows, it is recommended for the packet capture interface to NOT be the same as the interface connected to the internet, in this case, the interface assigned with static IP address….

The architecture of Moloch enables it to be distributed on multiple devices. For small networks, demonstrations or home deployment, it is possible to host all the tools necessary on a single device; however, for capturing large volumes of data at…

Author : Tomáš Mokoš, Marek Brodec Considering the fact that the formulas that we used to calculate for how many days can Moloch archive network traffic and what hardware should we use were only approximate, we have decided to measure…

Author : Tomáš Mokoš, Marek Brodec In our topology, the server running Moloch was connected to a 100Mbps switch, therefore, even though the generated network traffic reached 140Mbps, the flow was subsequently limited on switch. At first, while generating packets…

Authors : Tomáš Mokoš, Marek Brodec Tested version : 0.20.0 Operating system : Ubuntu 14.04.5 Note: this guide is obsolete, for a more up-to-date version visit Moloch v1.7.0 – Installation Installation of Moloch is no trivial matter, that is why…