-1

When I analyze a file using Cuckoo
These error I have.

File "c:\python27\lib\site-packages\cuckoo\auxiliary\sniffer.py", line 157, in stop
    (out, err, faq("permission-denied-for-tcpdump"))
CuckooOperationalError: Error running tcpdump to sniff the network traffic during the analysis; stdout = '' and stderr = 'tcpdump.exe: listening on VirtualBox Host-Only Ethernet Adapter\r\ntcpdump.exe: Error opening adapter: \xbd\xc3\xbd\xba\xc5\xdb\xc0\xcc \xc1\xf6\xc1\xa4\xb5\xc8 \xc0\xe5\xc4\xa1\xb8\xa6 \xc3\xa3\xc0\xbb \xbc\xf6 \xbe\xf8\xbd\xc0\xb4\xcf\xb4\xd9. (20)\r\n'. Did you enable the extra capabilities to allow running tcpdump as non-root user and disable AppArmor properly (the latter only applies to Ubuntu-based distributions with AppArmor, see also https://cuckoo.sh/docs/faq/index.html#permission-denied-for-tcpdump)?

My Virtualbox network(guest) name is VirtualBox Host-Only Ethernet Adapter
and my Windows10(host) is installed Windump(renamed as tcpdump.exe), Path is C:\tools\tcpdump.exe
also I set auxiliary.conf file.

# Specify the path to your local installation of tcpdump. Make sure this
# path is correct.
tcpdump = C:/tools/tcpdump.exe

My question is that why I'm getting an error like listening on VirtualBox Host-Only Ethernet Adapter\r\ntcpdump.exe: even though setting a tcpdump.exe path currectly.

Sang_Hyeop
  • 3
  • 4

1 Answers1

0

I found the answer.

Confugured this line in sniffer.py.

From

err_whitelist_start = (
            "tcpdump: listening on ",
            "C:/tools/tcpdump.exe: listening on",
        )

To

err_whitelist_start = (
            "tcpdump: listening on ",
            "C:\\tools\\tcpdump.exe: listening on",  
        )

And my virtualbox interface is wrong. So changed this virtualbox.conf

From

interface = virtualBox Host-Only Ethernet Adapter

To

interface= \Device\NPF_{ED29CFE9-25EB-4AD9-B2EA-C09A93D465BF}
Sang_Hyeop
  • 3
  • 4