Maltrail Documentation

Maltrail is an open-source malicious traffic detection system developed by Marin Kaluža. Designed for network administrators and security analysts, it helps detect and analyze network anomalies, including suspicious or malicious traffic patterns.

Key Features

Components

1. sensor.py

The network traffic monitor and analyzer component:

Running sensor.py

sudo python3 sensor.py

2. server.py

The web interface and log management component:

Running server.py

sudo python3 server.py

Configuration

[Server] Section

Configures the reporting server and web interface:

[Sensor] Section

Configures traffic monitoring and detection:

[All] Section

Global configurations:

Display Options

Show Only Malicious IPs

  1. Set ENABLE_MASK_CUSTOM true
  2. Configure appropriate CAPTURE_FILTER
  3. Use BLACKLIST rules to refine detection

Show All IPs

  1. Use broad capture filter: CAPTURE_FILTER ip or ip6
  2. Disable specific feeds in DISABLED_FEEDS
  3. Set admin UIDs to see all IPs
Note: The default username/password for the web interface is admin:admin - change this in production!