Timemachine is a great solution for a full pcap system. Nothing fancy, but extremely good at it’s job.
https://www.bro.org/community/time-machine.html
#Install EPEL.
http://mirror.umd.edu/fedora/epel/6/i386/repoview/epel-release.html
http://mirror.umd.edu/fedora/epel/6/i386/repoview/epel-release.html
sudo yum install cmake swig python-devel byacc kernel-devel libtool subversion automake make autoconf pcre-devel libpcap-devel libpcap flex bison byacc gcc gcc-c++ zlib-devel numactl numactl-devel GeoIP GeoIP-devel gperftools
# install PF_RING. Grab 6.0.2. http://sourceforge.net/projects/ntop/files/PF_RING/
#Compile as non root.
cd pfring-svn/kernel
make && sudo make install
#Compile and install the rest as root
sudo -i
cd ../userland/lib
./configure –prefix=/opt/pfring && make && make install
cd ../libpcap-1.1.1-ring
./configure –prefix=/opt/pfring && make && make install
cd ../tcpdump-4.1.1
./configure –prefix=/opt/pfring && make && make install
sudo -i
cd ../userland/lib
./configure –prefix=/opt/pfring && make && make install
cd ../libpcap-1.1.1-ring
./configure –prefix=/opt/pfring && make && make install
cd ../tcpdump-4.1.1
./configure –prefix=/opt/pfring && make && make install
#Load it
modprobe pf_ring enable_tx_capture=0 min_num_slots=65534
#Grab timemachine
git clone –recursive git://git.bro.org/time-machine
#Run these or it wont compile with PF_RING
export LDFLAGS=”-Wl,–no-as-needed -lrt”
export LIBS=”-lrt -lnuma”
#Then configure and install.
./configure –prefix=/opt/timemachine-pfring –with-pcap=/opt/pfring/
make && make install
Configure via the other timemachine post 😛
0 Comments