Skip to content

UncleZ320/suricata

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
bro
bro
 
 
doc/screenshot
doc/screenshot
 
 
logstash
logstash
 
 
manager
manager
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Real-time Packet Observation Tool (RPOT)

architecture

architecture

Startup

$ echo 'vm.max_map_count = 262144' | sudo tee -a /etc/sysctl.conf
$ sudo sysctl -p
$ cd rpot
$ docker-compose pull

Analysis pcap files

step 1 copy or mount pcap file directory

$ cp /path/to/pcap/*.pcap ./pcap/

step 2 cleanup

$ docker-compose down -v
$ docker-compose up manager

step 3 run docker

$ docker-compose up bro

Protocol coverage

Protocol Decode Payload ElasticSearch Output Kibana Visualization
ARP × ×
AYIYA × ×
BackDoor × ×
BitTorrent × ×
DCE RPC ×
DHCP
DNP3 ×
DNS
File
Finger × ×
FTP ×
Gnutella × ×
GSSAPI × ×
GTPv1 × ×
HTTP
ICMP
Ident × ×
IMAP × ×
IRC
kerberos ×
Login × ×
MIME × ×
Modbus ×
MySQL ×
NCP × ×
NetBios
NTLM
NTP × ×
OpenFlow
POP3 × ×
RADIUS ×
RDP ×
RFB ×
RPC × ×
SIP
SMB
SMTP
SNMP
SOCKS
SSH
SSL
Syslog ×
TCP
Teredo ×
UDP
XMPP × ×
ZIP × ×

Visualization

Access Kibana url (http://localhost:5601) Click [Dashboard] -> [Open] -> [MAIN]

screenshot0 screenshot1 screenshot2 screenshot3 screenshot5 screenshot6 screenshot7

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Languages