-1

当我使用 Cuckoo 分析文件时,我遇到了
这些错误。

File "c:\python27\lib\site-packages\cuckoo\auxiliary\sniffer.py", line 157, in stop
    (out, err, faq("permission-denied-for-tcpdump"))
CuckooOperationalError: Error running tcpdump to sniff the network traffic during the analysis; stdout = '' and stderr = 'tcpdump.exe: listening on VirtualBox Host-Only Ethernet Adapter\r\ntcpdump.exe: Error opening adapter: \xbd\xc3\xbd\xba\xc5\xdb\xc0\xcc \xc1\xf6\xc1\xa4\xb5\xc8 \xc0\xe5\xc4\xa1\xb8\xa6 \xc3\xa3\xc0\xbb \xbc\xf6 \xbe\xf8\xbd\xc0\xb4\xcf\xb4\xd9. (20)\r\n'. Did you enable the extra capabilities to allow running tcpdump as non-root user and disable AppArmor properly (the latter only applies to Ubuntu-based distributions with AppArmor, see also https://cuckoo.sh/docs/faq/index.html#permission-denied-for-tcpdump)?

我的 Virtualbox 网络(访客)名称是VirtualBox Host-Only Ethernet Adapter
,我的 Windows10(主机)安装了Windump(重命名为 tcpdump.exe),路径是C:\tools\tcpdump.exe
我还设置了辅助配置文件。

# Specify the path to your local installation of tcpdump. Make sure this
# path is correct.
tcpdump = C:/tools/tcpdump.exe

我的问题是,为什么我会收到一个错误,比如在 VirtualBox Host-Only Ethernet Adapter\r\ntcpdump.exe 上侦听:即使当前设置了 tcpdump.exe 路径。

4

1 回答 1

0

我找到了答案。

在 sniffer.py 中配置了这一行。

err_whitelist_start = (
            "tcpdump: listening on ",
            "C:/tools/tcpdump.exe: listening on",
        )


err_whitelist_start = (
            "tcpdump: listening on ",
            "C:\\tools\\tcpdump.exe: listening on",  
        )

而且我的virtualbox界面是错误的。所以改变了这个 virtualbox.conf

interface = virtualBox Host-Only Ethernet Adapter  


interface= \Device\NPF_{ED29CFE9-25EB-4AD9-B2EA-C09A93D465BF}
于 2020-12-13T01:27:50.287 回答