Compiling PackterAgent

Compiling Packter Agent requiers standard UNIX development and pcap, openssl and glib2 libraries and headers. For enabling IPv6, use ./configure --enable-ipv6

% tar zxvf /anywhere/PackterAgent-2.5.tar.gz

% cd PackterAgent-2.5

% ./configure

% make 

Setup PackterAgent

Packter Agent sends a packter control message to Packter Viewer.

% pt_agent
      -v [ Viewer IP address ]
      -p [ Viewer Port number ] (optiona: default 11300)
      -i [ Monitor device ] (optional)
      -r [ Pcap dump file ] (optional)
      -u [ Run as another username optional) ]
      -d ( Show debug information: optional)
      -s ( enable PACKERSE: optional) Note: This option is experimental.
			-f [ Set flag base ] (optional: default 0)
      -R [ Random droprate ] (optional)
      -T [ Traceback Client ] (optional)
      -U ( Read from Snort's UNIX domain socket: optional)
      [ pcap filter expression ] (optional)
      (if -U option was specified, you need to specify [ UNIX domain socket ])

To collaborate with Snort, you should run snort with "-A unsock" and "-B" option. (Snort 2.8 or higher is recommanded.)

Setup Packter sFlow

Packter sFlow collects data from sFlow Agent, and provides the information to PACKTER viewer.

$ pt_sflow
      -v [ Viewer IP address ]
      -p [ Viewer Port number ] (optional: default 11300)
      -b [ sFlow Bind IP address ] (optional: default 0.0.0.0)
      -l [ sFlow Listen port number ] (optional: default 6343)
      -u [ Run as another username ] (optional)
      -g [ Run as another groupname ] (optional)
      -f [ Flag base ] (optional: default 0)
      -R [ Random droprate ] (optional)
      -T [ Traceback Client ] (optional)

Setup Packter NetFlow

Packter NetFlow collects data from NetFlow Agent, and provides the information to PACKTER viewer.

$ pt_netflow
      -v [ Viewer IP address ]
      -p [ Viewer Port number ] (optional: default 11300)
      -b [ sFlow Bind IP address ] (optional: default 0.0.0.0)
      -l [ sFlow Listen port number ] (optional: default 2055)
      -u [ Run as another username ] (optional)
      -g [ Run as another groupname ] (optional)
      -f [ Flag base ] (optional: default 0)
      -R [ Random droprate ] (optional)

PACKTER NetFlow did not support IP traceback yet (because of the specification of SPIE)

Setup PackterThmon

Packter Thmon is a threshold monitoring tool and notify Packter Viewer when the monitoring score exceeds the given threshold. Each threshold is a float variable higher than 0 and less than 1.

% pt_thmon
      -v [ Viewer IP address ]
      -p [ Viewer Port number ] (optional: default 11300)
      -i [ Monitor device ] (optional)
      -r [ Pcap dump file ] (optional)
      -d ( Show debug information: optional)
      -w [ Wait Interval ] (optional: default 30)
      -c [ config file ] (optional: default /usr/local/etc/packter.conf)
      -s ( Enable Sound: optional: default no)
      -C [ Number of couting packet ] (optional: default 500)
      -S [ TCP SYN Threshold ] (optional)
      -F [ TCP FIN Threshold ] (optional)
      -R [ TCP RST Threshold ] (optional)
      -I [ ICMP Threshold ] (optional)
      -U [ UDP Threshold ] (optional)
      -P [ PPS Threshold ] (optional)
      [ pcap filter expression ] (optional)

Configuration sample is availabe at: Here

Setup Packter TC (This is used for TC Traceback (TC is Traceback Client)

Packter TC is a component for receiving Trace Request. The trace request is along with InterTrack, a hash-based IP traceback system. Packter TC supports to connect DP (Decision Point) in the InterTrack systems.

To run Packter TC, installing XML::Pastor is necessary.

% ./packter_tc.pl
   -v [ Viewer IP address ] (must)
   -d [ DP IP address ] (must)
   -l [ Listening IP address ] (must)
   -c [ Config file ] (optional: default "./packter.conf")
   -s ( Enable Sound )(optional: default no)

Configuration sample is availabe at: Here