Adding Argus Flow Capture to the Cuckoo Sandbox
David Edelman
dedelman at iname.com
Mon Jun 23 17:48:34 EDT 2014
I don't filter ARPs that is commented out but it is there as an example from the tcpdump file where it is also commented out.
Dave Edelman
> On Jun 23, 2014, at 15:07, Carter Bullard <carter at qosient.com> wrote:
>
> Hey Dave,
> Why do you filter out arp’s during the capture ???
> I understand the filters to not capture Cuckoo’s internal traffic, but arp’s maybe a part of the malware.
>
> Carter
>
>> On Jun 22, 2014, at 2:37 PM, David Edelman <dedelman at iname.com> wrote:
>>
>> The cuckoo sandbox already has the ability to use tcpdump to capture traffic between the sandbox and the network and Argus is very good about digesting pcap files but I thought that I would try to create a native Argus capability and for reasons that I can’t understand, it worked.
>>
>> The attached document has the specifics.
>>
>> Carter, please feel free to add this to the distribution but you probably need to look at, and modify the boilerplate at the top of the Argus.py module
>>
>> --Dave <<...>>
>>
>> <Argus for Cuckoo Sandbox.txt>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140623/98a942c2/attachment.html>
More information about the argus
mailing list