My favorites | Sign in
Project Logo
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
Search
for
Updated Jun 29, 2008 by eburszt...@gmail.com
Labels: Featured, Phase-Deploy
GettingStarted  
A little guide to help you start with netAnalyzer

Introduction

This tutorial will guide you through the installation process and your first use of netAnalyzer.

Installation

Currently the programm have been successfully installed and running on

The BSD build should work but haven't been through fully tested.

Dependencies

netAnalyzer requires two libraries to work:

These two libraries are fairly common therefore if they are not installed on your system you can find them in your distribution repository.

Debian/Ubuntu

Here is how to install them on a Debian/Ubuntu system:

OSX

libpcap and pcre can be installed on OSX thanks to macport (http://www.macports.org/)

  • To install the libpcap:sudo port install libpcap
  • To install the libpcre:sudo port install pcre

Once the libpcap and the libpcre are installed you can proceed to the installation itself.

Installing netAnalyzer

You can install netAnalyzer by doing the following:

  • Download its sources
  • Unpack them: tar vxzf netananalyzer-vx.x.x.tgz
  • Change directory to the extract directory : cd netanalyzer-vx.xx.xx
  • Compile it: make
  • Install it (as root): make install
If everything went well you should have a copy of the netAnalyzer binary installed in the the /usr/bin directory and the configuration directory in /etc/netAnalyzer/conf

First use

A quick summary of the set of available option is always available through the -h option.

netAnalyzer need as least one option: which type of data to report. The three most used type of data reported are:

If you want to know which flows (also called session) currently occur in your network you use the following command:

netAnalyzer -F

This will report all the flows that the analyzer see.It does include application layer information. By default they are turned on, if you wish to turn them off by default you can modify the configuration file located in /etc/netAnalyzer/. When they are turned off by default you can enable dynamically by adding the "-A" command line switch:

netAnalyzer -F -A

If you wish to limit the number of flows reported you can add the option -f. For each data reported an independent limiting option exist: it is the lowercaps letter. Hence to limit host (-H) number you use -h. Reporting 20 flows with advanced information is done by using the command:

netAnalyzer -F -A -f 20 which can be abreviated as netAnalyzer -f20 -A

You can see UsageExamples for more common uses of netAnalyzer or read a more detailed guide of possible option by looking at netAnalyzerOptions.


Sign in to add a comment
Hosted by Google Code