Blue Team RF Initialization - sofwerx/mad-jack GitHub Wiki

Operation

Navigating the Environment

After all the components are installed and configured as per the instructions listed in the RF Setup tab, you will be need to access the Docker container to view and edit any implementations into the already pre-ran GammaRF. To do this you need a open terminal window within the machine that has the container of GammaRF or SSH access to that same machine from another machine.

  • Once the machine is accessed, the first step is identifying the right container (which would be running GammaRF) by running docker ps. Through using that command you are presented with a list of all the container and their list of information.

  • Copying the container ID of the one described as GammaRF is the next step.

  • Next we need to enter the said container and view the running process which will allow you to edit and configure GammaRF to your needs. This is done by the following two commands: docker exec -ti gammarf bash

    screen -x

Navigating GammaRF

Navigating a program like GammaRF is relatively simple. You have three main operations that need to be exectuded to properly start gathering RF data.

  • First you need to designate interesting frequencies, these are the specific pieces of the RF spectrum that will be monitored. To do this you would write intersting_add [frequency in Hz] and [name for that frequency]
  • Second you would designate a run for whatever frequencies you found interesting. An example of this is run scanner [designated device] or run single [frequency] [gain] (the single frequency manages only a single point in the spectrum with greater amount of detail.)
  • Third and final is the function of stopping and editing the list of available frequencies so it may be restarted and updated. This is done by applying a simple stop [device number] command and implementing the initial two steps.

There are more option from the list that can help you find more information about the current devices or the location that is monitored, which may be viewed by writing the help command. All devices connected and discovered by the program are listed numerically and view through the devs command.

Navigating the Database

To identify any anomalies you may either compose a simple script to filter all the data from database and provide a indicator when a certain threshold of hits are recorded to indicate a jamming attack or manually brows the database and identify discrepancies among the data itself. This is done through accessing the web interface of ElasticSearch, Kibana, and organizing the data in a digestible format. To do that refer to the testing link provided in the installation for ElasticSearch.