This guide walks through a standard WireTrace deployment from initial server installation to first assets appearing on the dashboard. The entire process - server, sensor, and verification - takes under 15 minutes with no internet dependency.
Copy the WireTrace installer to the server host. The installer is a single file (~1.3 GB) that contains all components and configuration.
scp wiretrace-server-v1.2.4.run tracer@<SERVER_IP>:/tmp/
Execute the installer with root privileges. It will extract all components, configure the environment, and start all services. The installer auto-detects upgrade vs. clean install. No internet required.
chmod +x /tmp/wiretrace-server-v1.2.4.run
sudo /tmp/wiretrace-server-v1.2.4.run
The installer prompts for: installation directory (default: /opt/wiretrace), server IP address, and deployment mode (clean install or upgrade). All defaults are safe to accept.
Once installation completes, open the WireTrace UI in a browser. Log in with the default admin credentials provided by the installer.
https://<SERVER_IP>
All services should show healthy in the system status. The dashboard will be empty until a sensor is connected.
In the WireTrace UI, navigate to Settings → Sensors → Add Sensor. Enter a name for the sensor and generate an activation token. Copy the token - it is used once during sensor enrollment.
Transfer the sensor package to the sensor host and run the setup script. Provide the server IP and activation token when prompted.
sudo ./setup-sensor.sh
The sensor installs, enrolls with the server using the activation token, and begins capturing traffic from the configured SPAN/TAP interface immediately.
Within 30 seconds of the sensor connecting to a SPAN port with active traffic, devices will begin appearing in the WireTrace dashboard. Each device is classified with vendor, model, OS, and protocol details as traffic is observed.
Navigate to Asset Inventory and verify that discovered devices match expected network assets. Check that vendor, device type, and protocol assignments are accurate. Classification confidence improves over time as more traffic patterns are observed.
Navigate to Security Insights to review automated findings: cleartext credentials, TLS certificate issues, exposed management interfaces, and protocol-level observations. Findings are generated continuously as traffic is analyzed.
Repeat Step 2 for each additional network segment. Each sensor requires its own activation token. Sensors can be added at any time without restarting the server or disrupting existing monitoring.
Set up email alerts, syslog forwarding, or webhook notifications for security findings, behavioral deviations, and threat detections. Navigate to Settings → Integrations to configure output channels.
Over the first 24-48 hours, WireTrace builds behavioral baselines for every discovered device. The 411-rule classification engine with 68 device types improves accuracy as more protocol patterns are observed. 12 ransomware kill chain detection rules are active immediately. File activity monitoring begins tracking operations across SMB, FTP, TFTP, NFS, HTTP, and DICOM. The AI agent with 21 query tools is ready to answer natural language questions in under 200ms - ask "How many devices are on the network?" and get answers from real data. Streaming reports generate progressively. Adaptive storage retention keeps data as long as disk allows. Optional active enrichment (SNMP polling, AD correlation) can be enabled from Settings. Platform images build in under 60 seconds for rapid updates. No additional configuration required for passive features.
Need deployment assistance or have questions? [email protected]