Compiling PackterAgent
Compiling Packter Agent requiers standard UNIX development and pcap, openssl and glib2 libraries and headers. For enabling IPv6, use ./configure --enable-ipv6
% tar zxvf /anywhere/PackterAgent-2.5.tar.gz % cd PackterAgent-2.5 % ./configure % make
Setup PackterAgent
Packter Agent sends a packter control message to Packter Viewer.
% pt_agent -v [ Viewer IP address ] -p [ Viewer Port number ] (optiona: default 11300) -i [ Monitor device ] (optional) -r [ Pcap dump file ] (optional) -u [ Run as another username optional) ] -d ( Show debug information: optional) -s ( enable PACKERSE: optional) Note: This option is experimental. -f [ Set flag base ] (optional: default 0) -R [ Random droprate ] (optional) -T [ Traceback Client ] (optional) -U ( Read from Snort's UNIX domain socket: optional) [ pcap filter expression ] (optional) (if -U option was specified, you need to specify [ UNIX domain socket ])
To collaborate with Snort, you should run snort with "-A unsock" and "-B" option. (Snort 2.8 or higher is recommanded.)
Setup Packter sFlow
Packter sFlow collects data from sFlow Agent, and provides the information to PACKTER viewer.
$ pt_sflow -v [ Viewer IP address ] -p [ Viewer Port number ] (optional: default 11300) -b [ sFlow Bind IP address ] (optional: default 0.0.0.0) -l [ sFlow Listen port number ] (optional: default 6343) -u [ Run as another username ] (optional) -g [ Run as another groupname ] (optional) -f [ Flag base ] (optional: default 0) -R [ Random droprate ] (optional) -T [ Traceback Client ] (optional)
Setup Packter NetFlow
Packter NetFlow collects data from NetFlow Agent, and provides the information to PACKTER viewer.
$ pt_netflow -v [ Viewer IP address ] -p [ Viewer Port number ] (optional: default 11300) -b [ sFlow Bind IP address ] (optional: default 0.0.0.0) -l [ sFlow Listen port number ] (optional: default 2055) -u [ Run as another username ] (optional) -g [ Run as another groupname ] (optional) -f [ Flag base ] (optional: default 0) -R [ Random droprate ] (optional)
PACKTER NetFlow did not support IP traceback yet (because of the specification of SPIE)
Setup PackterThmon
Packter Thmon is a threshold monitoring tool and notify Packter Viewer when the monitoring score exceeds the given threshold. Each threshold is a float variable higher than 0 and less than 1.
% pt_thmon -v [ Viewer IP address ] -p [ Viewer Port number ] (optional: default 11300) -i [ Monitor device ] (optional) -r [ Pcap dump file ] (optional) -d ( Show debug information: optional) -w [ Wait Interval ] (optional: default 30) -c [ config file ] (optional: default /usr/local/etc/packter.conf) -s ( Enable Sound: optional: default no) -C [ Number of couting packet ] (optional: default 500) -S [ TCP SYN Threshold ] (optional) -F [ TCP FIN Threshold ] (optional) -R [ TCP RST Threshold ] (optional) -I [ ICMP Threshold ] (optional) -U [ UDP Threshold ] (optional) -P [ PPS Threshold ] (optional) [ pcap filter expression ] (optional)
Configuration sample is availabe at: Here
Setup Packter TC (This is used for TC Traceback (TC is Traceback Client)
Packter TC is a component for receiving Trace Request. The trace request is along with InterTrack, a hash-based IP traceback system. Packter TC supports to connect DP (Decision Point) in the InterTrack systems.
To run Packter TC, installing XML::Pastor is necessary.
% ./packter_tc.pl -v [ Viewer IP address ] (must) -d [ DP IP address ] (must) -l [ Listening IP address ] (must) -c [ Config file ] (optional: default "./packter.conf") -s ( Enable Sound )(optional: default no)
Configuration sample is availabe at: Here