Quick-Start Guide

Deployment Quick-Start

This guide walks through a standard WireTrace deployment from initial server installation to first assets appearing on the dashboard. The entire process - server, sensor, and verification - takes under 15 minutes with no internet dependency.

Total deployment time: under 15 minutes.   Server: ~10 min  |  Sensor: ~60 sec  |  First asset: ~30 sec after sensor connects.

Prerequisites

Server Host

  • Ubuntu 22.04 or 24.04 LTS (physical or VM)
  • Minimum: 4 vCPU, 16 GB RAM, 200 GB SSD
  • SSH access with sudo privileges
  • Network connectivity to sensor host(s)

Sensor Host

  • Ubuntu 22.04 or 24.04 LTS (physical or VM)
  • Minimum: 4 vCPU, 8 GB RAM, 40 GB disk
  • Capture NIC connected to SPAN/TAP port
  • Management NIC with connectivity to server

Step 1 - Install the WireTrace Server

1a Transfer the Installer

Copy the WireTrace installer to the server host. The installer is a single file (~1.3 GB) that contains all components and configuration.

scp wiretrace-server-v1.2.4.run tracer@<SERVER_IP>:/tmp/

1b Run the Installer

Execute the installer with root privileges. It will extract all components, configure the environment, and start all services. The installer auto-detects upgrade vs. clean install. No internet required.

chmod +x /tmp/wiretrace-server-v1.2.4.run
sudo /tmp/wiretrace-server-v1.2.4.run

The installer prompts for: installation directory (default: /opt/wiretrace), server IP address, and deployment mode (clean install or upgrade). All defaults are safe to accept.

1c Verify Server is Running

Once installation completes, open the WireTrace UI in a browser. Log in with the default admin credentials provided by the installer.

https://<SERVER_IP>

All services should show healthy in the system status. The dashboard will be empty until a sensor is connected.

Step 2 - Deploy a Sensor

2a Generate an Activation Token

In the WireTrace UI, navigate to Settings → Sensors → Add Sensor. Enter a name for the sensor and generate an activation token. Copy the token - it is used once during sensor enrollment.

2b Install the Sensor

Transfer the sensor package to the sensor host and run the setup script. Provide the server IP and activation token when prompted.

sudo ./setup-sensor.sh

The sensor installs, enrolls with the server using the activation token, and begins capturing traffic from the configured SPAN/TAP interface immediately.

wiretrace.io | [email protected]Page 1 of 2
Quick-Start Guide

Step 3 - Verify First Assets

3a Check the Dashboard

Within 30 seconds of the sensor connecting to a SPAN port with active traffic, devices will begin appearing in the WireTrace dashboard. Each device is classified with vendor, model, OS, and protocol details as traffic is observed.

3b Validate Classifications

Navigate to Asset Inventory and verify that discovered devices match expected network assets. Check that vendor, device type, and protocol assignments are accurate. Classification confidence improves over time as more traffic patterns are observed.

3c Review Security Insights

Navigate to Security Insights to review automated findings: cleartext credentials, TLS certificate issues, exposed management interfaces, and protocol-level observations. Findings are generated continuously as traffic is analyzed.

Step 4 - Ongoing Operations

4a Add More Sensors

Repeat Step 2 for each additional network segment. Each sensor requires its own activation token. Sensors can be added at any time without restarting the server or disrupting existing monitoring.

4b Configure Alerting

Set up email alerts, syslog forwarding, or webhook notifications for security findings, behavioral deviations, and threat detections. Navigate to Settings → Integrations to configure output channels.

Troubleshooting

No Assets Appearing

  • Verify the SPAN port is mirroring active traffic
  • Confirm the sensor capture NIC is in promiscuous mode
  • Check sensor logs for connection errors to server
  • Verify network path between sensor and server

Sensor Not Connecting

  • Verify the activation token was entered correctly
  • Check firewall rules between sensor and server
  • Confirm the server IP is reachable from sensor host
  • Review sensor logs for authentication errors

What Happens Next

Over the first 24-48 hours, WireTrace builds behavioral baselines for every discovered device. The 411-rule classification engine with 68 device types improves accuracy as more protocol patterns are observed. 12 ransomware kill chain detection rules are active immediately. File activity monitoring begins tracking operations across SMB, FTP, TFTP, NFS, HTTP, and DICOM. The AI agent with 21 query tools is ready to answer natural language questions in under 200ms - ask "How many devices are on the network?" and get answers from real data. Streaming reports generate progressively. Adaptive storage retention keeps data as long as disk allows. Optional active enrichment (SNMP polling, AD correlation) can be enabled from Settings. Platform images build in under 60 seconds for rapid updates. No additional configuration required for passive features.

Deployed in Minutes. Value from Day One.

Need deployment assistance or have questions?   [email protected]

wiretrace.io | [email protected]Page 2 of 2