This guide walks through a standard WireTrace deployment from initial server installation to first assets appearing on the dashboard. The entire process — server, sensor, and verification — takes under 15 minutes with no internet dependency.
Copy the WireTrace self-extracting installer to the server host. The installer is a single .run file (~1.3 GB) that contains all components, container images, and configuration.
scp wiretrace-server-v1.2.2.run tracer@<SERVER_IP>:/tmp/
Execute the installer with root privileges. It will extract all components, load container images, configure the environment, and start all services. No internet required.
chmod +x /tmp/wiretrace-server-v1.2.2.run
sudo /tmp/wiretrace-server-v1.2.2.run
The installer prompts for: installation directory (default: /opt/wiretrace), server IP address, and deployment mode (clean install or upgrade). All defaults are safe to accept.
Once installation completes, open the WireTrace UI in a browser. Log in with the default admin credentials provided by the installer.
https://<SERVER_IP>
All services should show healthy in the system status. The dashboard will be empty until a sensor is connected.
In the WireTrace UI, navigate to Settings → Sensors → Add Sensor. Enter a name for the sensor and generate an activation token. Copy the token — it is used once during sensor enrollment.
Transfer the sensor package to the sensor host and run the setup script. Provide the server IP and activation token when prompted.
sudo ./setup-sensor.sh
The sensor installs, enrolls with the server using the activation token, and begins capturing traffic from the configured SPAN/TAP interface immediately.
Within 30 seconds of the sensor connecting to a SPAN port with active traffic, devices will begin appearing in the WireTrace dashboard. Each device is classified with vendor, model, OS, and protocol details as traffic is observed.
Navigate to Asset Inventory and verify that discovered devices match expected network assets. Check that vendor, device type, and protocol assignments are accurate. Classification confidence improves over time as more traffic patterns are observed.
Navigate to Security Insights to review automated findings: cleartext credentials, TLS certificate issues, exposed management interfaces, and protocol-level observations. Findings are generated continuously as traffic is analyzed.
Repeat Step 2 for each additional network segment. Each sensor requires its own activation token. Sensors can be added at any time without restarting the server or disrupting existing monitoring.
Set up email alerts, syslog forwarding, or webhook notifications for security findings, behavioral deviations, and threat detections. Navigate to Settings → Integrations to configure output channels.
Over the first 24–48 hours, WireTrace builds behavioral baselines for every discovered device. Classification accuracy improves as more protocol patterns are observed. Security insights, compliance evidence, and threat detections become richer as the platform accumulates traffic history. No additional configuration required — the platform learns continuously from observed traffic.
Need deployment assistance or have questions? sales@wiretrace.io