Packetbeat

The value of a network packet analytics system such as Packetbeat can be best understood by trying it on your traffic.

To download and install Packetbeat, use the commands that work with your system (deb for Debian/Ubuntu, rpm for Red Hat/CentOS/Fedora, macOS for OS X, Docker for any Docker platform, and win for Windows):

• Ubuntu:

sudo apt-get install libpcap0.8
curl -L -O https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-6.2.1-amd64.deb
 sudo dpkg -i packetbeat-6.2.1-amd64.deb

• Red Hat:

sudo yum install libpcap
 curl -L -O https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-6.2.1-x86_64.rpm
 sudo rpm -vi packetbeat-6.2.1-x86_64.rpm

• macOS:

curl -L -O https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-6.2.1-darwin-x86_64.tar.gz
 tar xzvf packetbeat-6.2.1-darwin-x86_64.tar.gz

• Windows:
  1. Download and install WinPcap from this page. WinPcap is a library that uses a driver to enable packet capturing.
  2. Download the Packetbeat Windows ZIP file from the downloads page.
  3. Extract the contents of the ZIP file into C:\Program Files.
  4. Rename the packetbeat-<version>-windows directory to Packetbeat.
  5. Open a PowerShell prompt as an administrator (right-click the PowerShell icon and select Run as administrator). If you are running Windows XP, you may need to download and install PowerShell.
  6. From the PowerShell prompt, run the following commands to install Packetbeat as a Windows service:

PS > cd 'C:\Program Files\Packetbeat'
PS C:\Program Files\Packetbeat> .\install-service-packetbeat.ps1

Before starting Packetbeat, you should look at the configuration options in the configuration file; for example, C:\Program Files\Packetbeat\packetbeat.yml or /etc/packetbeat/packetbeat.yml.