Operate a PiRogue
Find your PiRogue on the network
Once your PiRogue is running, it will be accessible to you from the network. There are 2 ways to get the IP address of your PiRogue.
The first way is by looking at the screen of the PiRogue Hat.
The second way is to use the
ping command. To do so, on your computer connected to the same network as your PiRogue, run the following command:
ping -c1 raspberrypi.local
Example of output, in this example, the IP address of the PiRogue is
PING raspberrypi.local (192.168.0.16) 56(84) bytes of data. 64 bytes from raspberrypi.home (192.168.0.16): icmp_seq=1 ttl=64 time=0.319 ms --- raspberrypi.local ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.319/0.319/0.319/0.000 ms
By default, your PiRogue exposes a Grafana dashboard showing in realtime the ongoing network connections, security alerts and few other information. Checkout the cheatsheet to get default user and password of the dashboard.
Depending on your network configuration, this link above may not work. If so, check how to get the IP address of your PiRogue in the previous section.
The default dashboard is composed of different panels, we will go through the main ones.
This panel displays various information:
- the number of different devices that have been connected to the PiRogue’s Wi-Fi network during the selected period of time
- the number of security alerts that have occurred during the selected period of time
- the amount of network traffic exchanged between connected devices and the Internet during the selected period of time
- the number of network flows that have occurred during the selected period of time
- the number of different domains that have been contacted during the selected period of time
This panel displays the location of the different servers the connected devices have been communicating with during the selected period of time.
List of flows
This panel displays the different network flows that have occurred during the selected period of time:
- the time at which the flow as started
- the category of traffic that has been identified by NFStream
- the type of application that has generating this flow
- the domain name of the contacted server
- the IP address of the source of the flow
- the IP address of the destination of the flow
- the country where the remote server is located at
- the amount of network traffic associated to this flow
List of security alerts
This panel displays the different security alerts generated by Suricata that have occurred during the selected period of time:
- the time of the alert. If you click on it, you will get the details of the selected alert)
- the severity of the alert
- the type of threat associated to the alert
- the name of the rule corresponding to the alert
- the IP address of the source of the flow associated to the alert
- the IP address of the destination of the flow associated to the alert