Installation
Quick Install
curl -fsSL https://toolkit.rockfishnetworks.com/install.sh | bash
The installer auto-detects your platform and installs via the appropriate method (Debian package, Docker, or binary).
Options:
# Install specific version
ROCKFISH_VERSION=1.0.0 curl -fsSL https://toolkit.rockfishnetworks.com/install.sh | bash
# Force Docker installation
ROCKFISH_METHOD=docker curl -fsSL https://toolkit.rockfishnetworks.com/install.sh | bash
Manual Installation
Rockfish Toolkit is also available as a Debian package and Docker image from the Rockfish Networks download portal.
System Requirements
- Operating System: Debian 11+, Ubuntu 20.04+, or Docker-compatible host
- Architecture: x86_64 (amd64)
- Memory: 2GB minimum (4GB+ recommended for high-traffic networks)
- Storage: Depends on retention policy (10GB minimum)
- Network: Interface with capture capabilities
Debian Package Installation
Download the toolkit package from the Rockfish download portal:
# Download the package
wget https://download.rockfishnetworks.com/rockfish_toolkit.deb
# Install
sudo dpkg -i rockfish_toolkit.deb
# Install dependencies if needed
sudo apt-get install -f
The rockfish_toolkit.deb package includes all Rockfish Toolkit binaries:
| Binary | Description |
|---|---|
rockfish_probe | Network flow meter |
rockfish_mcp | MCP query server |
rockfish_detect | ML anomaly detection (Enterprise) |
rockfish_intel | Threat intelligence server |
Installed Files
After installation:
| Path | Description |
|---|---|
/usr/bin/rockfish_* | Rockfish binaries |
/etc/rockfish/ | Configuration directory |
/var/lib/rockfish/ | Data directory |
/var/log/rockfish/ | Log directory |
Docker Installation
Pull the Rockfish Toolkit image from Docker Hub:
docker pull rockfishnetworks/toolkit:latest
The toolkit image includes all Rockfish Toolkit binaries. Specify the command to run the desired component.
Running the Probe
docker run -d \
--name rockfish-probe \
--network host \
--cap-add NET_ADMIN \
--cap-add NET_RAW \
-v /etc/rockfish:/etc/rockfish:ro \
-v /var/lib/rockfish:/var/lib/rockfish \
rockfishnetworks/toolkit:latest \
rockfish_probe -c /etc/rockfish/probe.yaml
Running the MCP Server
docker run -d \
--name rockfish-mcp \
-p 8080:8080 \
-v /etc/rockfish:/etc/rockfish:ro \
-v /var/lib/rockfish:/var/lib/rockfish:ro \
rockfishnetworks/toolkit:latest \
rockfish_mcp -c /etc/rockfish/mcp.yaml
Docker Compose
Example docker-compose.yml:
version: '3.8'
services:
probe:
image: rockfishnetworks/toolkit:latest
network_mode: host
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
- ./config:/etc/rockfish:ro
- ./data:/var/lib/rockfish
command: ["rockfish_probe", "-c", "/etc/rockfish/probe.yaml"]
restart: unless-stopped
mcp:
image: rockfishnetworks/toolkit:latest
ports:
- "8080:8080"
volumes:
- ./config:/etc/rockfish:ro
- ./data:/var/lib/rockfish:ro
command: ["rockfish_mcp", "-c", "/etc/rockfish/mcp.yaml"]
restart: unless-stopped
Verifying Installation
Check that the installation was successful:
# Check probe version
rockfish_probe --version
# Check MCP version
rockfish_mcp --version
Next Steps
- Quick Start - Run your first capture
- Licensing - Activate your license
- Configuration - Configure the probe