lib/cuckoo/core/sniffer.py
# Copyright (C) 2010-2012 Cuckoo Sandbox Developers.
# This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org
# See the file 'docs/LICENSE' for copying permission.
import os
import stat
import logging
import subprocess
from lib.cuckoo.common.constants import CUCKOO_GUEST_PORT
log = logging.getLogger(__name__)
class Sniffer:
"""Sniffer manager."""
def __init__(self, tcpdump):
"""@param tcpdump: tcpdump path."""
self.tcpdump = tcpdump
self.proc = None
def start(self, interface="eth0", host="", file_path=""):
"""Start sniffing.
@param interface: network interface name.
@param host: guest host IP address.
@param file_path: tcpdump path.
@return: operation status.
"""
if not os.path.exists(self.tcpdump):
log.error("Tcpdump does not exist at path \"%s\", network capture aborted" % self.tcpdump)
return False
mode = os.stat(self.tcpdump)[stat.ST_MODE]
if mode and stat.S_ISUID != 2048:
log.error("Tcpdump is not accessible from this user, network capture aborted")
return False
if not interface:
log.error("Network interface not defined, network capture aborted")
return False
pargs = [self.tcpdump, '-U', '-q', '-i', interface, '-n', '-s', '1515']
pargs.extend(['-w', file_path])
pargs.extend(['not', 'port', str(CUCKOO_GUEST_PORT)])
if host:
pargs.extend(['and', 'host', host])
try:
self.proc = subprocess.Popen(pargs, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
except (OSError, ValueError) as e:
log.exception("Failed to start sniffer (interface=%s, host=%s, dump path=%s)" % (interface, host, file_path))
return False
log.info("Started sniffer (interface=%s, host=%s, dump path=%s)" % (interface, host, file_path))
return True
def stop(self):
"""Stop sniffing.
@return: operation status.
"""
if self.proc and not self.proc.poll():
try:
self.proc.terminate()
except:
try:
self.proc.kill()
except Exception as e:
log.exception("Unable to stop the sniffer (interface=%s, host=%s, dump path=%s" % (interface, host, file_path))
return False
return True