I found this without intention while searching for tool that can convert pcap format to netflow v5 format, its name is Como, the project which is developed by Intel people. If you want to know more about Como, check out their publications here -
http://como.sourceforge.net/publications.php
Here's the quick way to get it installed on Ubuntu -
shell>sudo apt-get install cmake
shell>wget \
http://como.sourceforge.net/download/como-1.5.tar.gz
shell>tar xvzf como-1.5.tar.gz
shell>mkdir build-como
shell>cd build-como/
shell>cmake -DCMAKE_INSTALL_PREFIX=/usr/local/stow/como-1.5 ../como-1.5
shell>make
shell>sudo make install
Once you have it installed, you can run it via command line interface but make sure you have configured its paths and modules. The configuration file is como.conf which can be found under directory /usr/local/stow/como-1.5/etc/como, you can also enable its module in run time. Here's the available modules -
shell>ls -la /usr/local/stow/como-1.5/libexec/como-1.0/
total 596http://como.sourceforge.net/publications.php
Here's the quick way to get it installed on Ubuntu -
shell>sudo apt-get install cmake
shell>wget \
http://como.sourceforge.net/download/como-1.5.tar.gz
shell>tar xvzf como-1.5.tar.gz
shell>mkdir build-como
shell>cd build-como/
shell>cmake -DCMAKE_INSTALL_PREFIX=/usr/local/stow/como-1.5 ../como-1.5
shell>make
shell>sudo make install
Once you have it installed, you can run it via command line interface but make sure you have configured its paths and modules. The configuration file is como.conf which can be found under directory /usr/local/stow/como-1.5/etc/como, you can also enable its module in run time. Here's the available modules -
shell>ls -la /usr/local/stow/como-1.5/libexec/como-1.0/
drwxr-xr-x 2 root root 4096 2008-05-23 10:34 .
drwxr-xr-x 3 root root 4096 2008-05-23 10:34 ..
-rw-r--r-- 1 root root 21281 2008-05-23 10:34 apps.so
-rw-r--r-- 1 root root 18778 2008-05-23 10:34 assoc.so
-rw-r--r-- 1 root root 23131 2008-05-23 10:34 autofocus.so
-rw-r--r-- 1 root root 15151 2008-05-23 10:34 dhcp.so
-rw-r--r-- 1 root root 21425 2008-05-23 10:34 ethtypes.so
-rw-r--r-- 1 root root 25640 2008-05-23 10:34 ewma.so
-rw-r--r-- 1 root root 16434 2008-05-23 10:34 flowcount.so
-rw-r--r-- 1 root root 27356 2008-05-23 10:34 flow-reassembly.so
-rw-r--r-- 1 root root 16169 2008-05-23 10:34 frames.so
-rw-r--r-- 1 root root 20629 2008-05-23 10:34 hwtm.so
-rw-r--r-- 1 root root 14416 2008-05-23 10:34 ipssi.so
-rw-r--r-- 1 root root 14736 2008-05-23 10:34 macssi.so
-rw-r--r-- 1 root root 13290 2008-05-23 10:34 nfexlist.so
-rw-r--r-- 1 root root 16080 2008-05-23 10:34 pattern-search.so
-rw-r--r-- 1 root root 20117 2008-05-23 10:34 protocol.so
-rw-r--r-- 1 root root 27098 2008-05-23 10:34 scanner-detector.so
-rw-r--r-- 1 root root 17405 2008-05-23 10:34 ssid.so
-rw-r--r-- 1 root root 21645 2008-05-23 10:34 superaddr.so
-rw-r--r-- 1 root root 25659 2008-05-23 10:34 topaddr.so
-rw-r--r-- 1 root root 25433 2008-05-23 10:34 tophwaddr.so
-rw-r--r-- 1 root root 21516 2008-05-23 10:34 topports.so
-rw-r--r-- 1 root root 15122 2008-05-23 10:34 trace.so
-rw-r--r-- 1 root root 19080 2008-05-23 10:34 traffic.so
-rw-r--r-- 1 root root 27192 2008-05-23 10:34 tuple.so
-rw-r--r-- 1 root root 20970 2008-05-23 10:34 unknown-ports.so
-rw-r--r-- 1 root root 39547 2008-05-23 10:34 worm-signature.so
To enable any of module at run time, you can just execute -
shell>/usr/local/stow/como-1.5/bin/como topports
It also provides http access to the data but I keep getting the error below while connect to http://localhost:44444 -
Module "" not found in the current configuration
I believe I have the modules configured properly but I can't get rid of the error, anyway that's all for Como and I will write more about it after some testings.
Peace ;]
Module "" not found in the current configuration
I believe I have the modules configured properly but I can't get rid of the error, anyway that's all for Como and I will write more about it after some testings.
Peace ;]
No comments:
Post a Comment