tag:blogger.com,1999:blog-13777170.post157337447495019616..comments2024-03-11T02:35:50.848-05:00Comments on grand stream dreams: Network Miner Updating on Ubuntu 12.04Unknownnoreply@blogger.comBlogger7125tag:blogger.com,1999:blog-13777170.post-42384739060154632172012-11-21T12:40:47.025-06:002012-11-21T12:40:47.025-06:00Just a heads up to anyone giving this method a go,...Just a heads up to anyone giving this method a go, as of this post the securityonion PPA repo does not have 12.10 (quantal) packages, this will only work with 12.04.Anonymoushttps://www.blogger.com/profile/09749466486267740211noreply@blogger.comtag:blogger.com,1999:blog-13777170.post-65055465450907467502012-09-11T06:02:41.246-05:002012-09-11T06:02:41.246-05:00Just in case you didn't notice, I should also ...Just in case you didn't notice, I should also mention that we now have a "stable" repo that users should use instead of the "test" repo. So the install command (as listed in Erik's blog post) is now:<br /><br />sudo add-apt-repository -y ppa:securityonion/stable && sudo apt-get update && sudo apt-get -y install securityonion-networkminer<br /><br />Thanks,<br />DougDoug Burkshttps://www.blogger.com/profile/09074300658047188367noreply@blogger.comtag:blogger.com,1999:blog-13777170.post-71159767005065679072012-09-11T05:10:05.585-05:002012-09-11T05:10:05.585-05:00Yep, we've get Xplico in our repo as well :)
...Yep, we've get Xplico in our repo as well :)<br /><br />Thanks,<br />DougDoug Burkshttps://www.blogger.com/profile/09074300658047188367noreply@blogger.comtag:blogger.com,1999:blog-13777170.post-47003223607271349792012-09-10T20:41:18.416-05:002012-09-10T20:41:18.416-05:00@ Doug -- Looks like you were busy!
I just was pr...@ Doug -- Looks like you were busy!<br /><br />I just was processing through the RSS feed stack and couldn't help but grin to myself when I saw this NetResec blog post in the feed pile tonight.<br /><br /><a href="http://www.netresec.com/?page=Blog&month=2012-09&post=Install-NetworkMiner-with-apt-get" rel="nofollow">Install NetworkMiner with apt-get</a> - NETRESEC Blog<br /><br />This definitely counts in my book as a Good Thing that benefits the NFAT community greatly.<br /><br />It recalls a conversation thread I had with Gianluca Costa of Xplico regarding the hope of having a similar process for getting/updating Xplico in Ubutu.<br /><br />That bore fruit as well:<br /><br /><a href="http://wiki.xplico.org/doku.php?id=ubuntu#from_sourceforge" rel="nofollow">Install Xplico From SourceForge</a> - Xplico Wiki<br /><br />I cannot express just how much these small and well laid out "apt-get" routines mean to those like me who can and want to use the tools outside of Windows but haven't quite mastered some of the knowledge to install these programs in Ubuntu. <br /><br />Well Done!<br /><br />--Claus V.Claushttps://www.blogger.com/profile/11692921474310162470noreply@blogger.comtag:blogger.com,1999:blog-13777170.post-40594754699318209532012-09-10T06:18:36.557-05:002012-09-10T06:18:36.557-05:00I've already been talking to Erik about that. ...I've already been talking to Erik about that. Stay tuned! :)Doug Burkshttps://www.blogger.com/profile/09074300658047188367noreply@blogger.comtag:blogger.com,1999:blog-13777170.post-82153110303797624552012-09-09T14:09:21.624-05:002012-09-09T14:09:21.624-05:00@ Doug - Thanks for the additional feedback.
I re...@ Doug - Thanks for the additional feedback.<br /><br />I really love NetworkMiner and though the majority of my usage is in Windows, having it side-by-side with Xplico in my Ubuntu build lets me do some comparative analysis and look at the pcap from different viewpoints in case I miss something important.<br /><br />The one-liner script you have is really awesome!<br /><br />It is contributions like this that make working in (and learning) Ubuntu so pleasing and encouraging!<br /><br />Nothing is more frustrating to be pretty darn good in Windows, and then transition into another OS and know what you want to do, have a general idea of how you should do it, but just seem to be missing the final bit due to a lack of experience.<br /><br />It's fun learning however!<br /><br />Now if we can just get Erik Hjelmvik to consider adding this great process to his Mono page for NetworkMiner so others can enjoy a more streamlined installation/updating process...or at least as an alternative method for us Ubuntu noobs! <br /><br />Cheers!<br /><br />Claus V.Claushttps://www.blogger.com/profile/11692921474310162470noreply@blogger.comtag:blogger.com,1999:blog-13777170.post-17143907904707172592012-09-09T05:15:37.704-05:002012-09-09T05:15:37.704-05:00Hi Claus,
I've packaged NetworkMiner for my n...Hi Claus,<br /><br />I've packaged NetworkMiner for my new version of Security Onion, based on Ubuntu 12.04. Any standard Ubuntu flavor (Ubuntu, Kubuntu, Xubuntu, Lubuntu, etc.) should be able to add our PPA and install the package with the following one-liner:<br /><br />sudo add-apt-repository -y ppa:securityonion/test && sudo apt-get update && sudo apt-get -y install securityonion-networkminer<br /><br />A few things to note:<br /><br />- it will install to /opt/networkminer/<br />- I include a simple bash script that will invoke mono for you, so you can just run:<br />/opt/networkminer/networkminer<br />(and you can include a pcap file for NetworkMiner to open automatically)<br />- this allows us to do things like right-click an IDS alert in Sguil and send the entire stream to NetworkMiner for analysis :)<br /><br />Please let me know what you think!<br /><br />Thanks,<br />Doug BurksDoug Burkshttps://www.blogger.com/profile/09074300658047188367noreply@blogger.com