Maltrail is an open-source malicious traffic detection system developed by Marin Kaluža. Designed for network administrators and security analysts, it helps detect and analyze network anomalies, including suspicious or malicious traffic patterns.
The network traffic monitor and analyzer component:
sudo python3 sensor.py
The web interface and log management component:
http://<server_ip>:8338
sudo python3 server.py
Configures the reporting server and web interface:
HTTP_ADDRESS
: Listening IP (0.0.0.0 for all interfaces)HTTP_PORT
: Web interface port (default: 8338)USERS
: Defines user accounts (admin/non-admin)ENABLE_MASK_CUSTOM
: Hides custom trail names for non-adminsIP_ALIASES
: Assigns names to IPs for readabilityConfigures traffic monitoring and detection:
PROCESS_COUNT
: Number of analysis processesMONITOR_INTERFACE
: Network interface to monitorCAPTURE_FILTER
: BPF filter for traffic captureUSE_HEURISTICS
: Enables behavior-based detectionUSER_WHITELIST
: Path to whitelist fileGlobal configurations:
LOG_DIR
: Directory for log storagePROXY_ADDRESS
: Proxy for external connectionsTRAILS_FILE
: Path for trail storageENABLE_MASK_CUSTOM true
CAPTURE_FILTER
BLACKLIST
rules to refine detectionCAPTURE_FILTER ip or ip6
DISABLED_FEEDS
admin:admin
- change this in production!