Image is based on the ubuntu base image
Designed to get up and running quickly. Loads the viewer by default allowing you to parse large PCAPS within minutes.
https://github.com/MathieM/docker-moloch
https://github.com/MathieM/docker-compose-moloch
https://github.com/danielguerra69
Step 0 Prerequisites. Install Docker // Docker Compose // Configure Kernel
#Install Docker
curl -fsSL get.docker.com -o get-docker.sh
sudo sh get-docker.sh
#Install Docker Compose
sudo curl -L https://github.com/docker/compose/releases/download/1.21.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
#Increase Max Map Count for Elastic Search
sysctl -w vm.max_map_count=262144
- Clone the repository
git clone https://github.com/piesecurity/docker-moloch.git
cd ./docker-moloch
- Change this line in docker-compose.yml
MOLOCH_PASSWORD=PASSWORDCHANGEME
- Bring up the Moloch Viewer
sudo docker-compose up
- Visit http://127.0.0.1:8005 with your favorite web browser
username: admin
password: Defined in Step #2
- Place all PCAPs in the folder ./tcpdump
- Run the following command with the container running
docker exec docker-moloch_moloch_1 moloch-parse-pcap-folder.sh
Change this line in docker-compose.yml from 'true' to 'false'
INITALIZEDB=
Run the following command with the container running
docker exec docker-moloch_moloch_1 wipemoloch.sh
Change this line in docker-compose.yml from 'true' to 'false'
INITALIZEDB=
Change this line in docker-compose.yml from 'true' to 'false'
WIPEDB=