CxTracker – is a passive network connection tracker, auditing and network discovery.
CxTracker (Connection Tracker) is a passive network connection tracker for profiling, history, auditing and network discovery. It can be used as an replacement for sancp in the sguil setup. It handles VLANs (2 layers) and IPv6 out of the box.
cxtracker – v0.9.8.5
Dependecies:
+ libnet-pcap-perl
+ libgetopt-long-descriptive-perl
+ git-core
+ libdatetime-perl
+ libpcap0.8 libpcap0.8-dev
Installation:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
Debian/Ubuntu base system: sudo apt-get install libnet-pcap-perl libgetopt-long-descriptive-perl git-core libdatetime-perl libpcap0.8 libpcap0.8-dev git clone https://github.com/gamelinux/cxtracker && cd cxtracker cd src make ./cxtracker --help #Example Running cxtracker in foreground: Only IPv4 traffic: ./cxtracker -d /nsm_data/sensor1/sancp -u nsm -g nsm -i eth1 -b 'ip' Only VLAN and IPv4 traffic: ./cxtracker -d /nsm_data/sensor1/sancp -u nsm -g nsm -i eth1 -b 'vlan and ip' vlan and IPv4 and IPv6: ./cxtracker -d /nsm_data/sensor1/sancp -u nsm -g nsm -i eth1 |
Source: https://github.com/gamelinux