Before proceeding to installing and configuring Cuckoo, you’ll need to installsome required software packages and libraries.
Installing Python libraries (on Ubuntu/Debian-based distributions)¶
Tcpdump for windows free download - Microsoft Office 2011, Adobe Photoshop CC, uTorrent, and many more programs. Enter to Search. My Profile Logout. Install Windows using Intel devices. App description: Analyze tcpdump output; App website: Install the App. Press Command+Space and type Terminal and press enter/return key. Run in Terminal app: ruby -e '$(curl -fsSL /dev/null and press enter/return key. If you don’t have tcpdump installed on your solaris server, you can use the “snoop” system command to capture network traffic. Here is the command line option to capture 1000 packets of network traffic from IP 192.168.10.10 on a solaris server using inteface e1000g1 and write the output to /tmp/capture.pcap. Apt-get install tcpdump. On CentOS and Fedora: yum install tcpdump. For Mac users, You may need to install libpcap first using the following commands: brew update. Brew install libpcap. In Windows, you gonna need to install npcap here.
The Cuckoo host components is completely written in Python, therefore it isrequired to have an appropriate version of Python installed. At this point weonly fully support Python 2.7. Older version of Python and Python 3versions are not supported by us (although Python 3 support is on our TODOlist with a low priority).
The following software packages from the apt repositories are required to getCuckoo to install and run properly:
In order to use the Django-based Web Interface, MongoDB is required:
In order to use PostgreSQL as database (our recommendation), PostgreSQL willhave to be installed as well:
Pydeep is an optional plugin that can be installed manually. A Link is provided for convenience:* pydeep install - note: the libfuzzy-dev package is required for
If you want to use KVM as machinery module you will have to install KVM:
If you want to use XenServer you’ll have to install the XenAPI Python package:
If you want to use the mitm auxiliary module (to intercept SSL/TLS generatedtraffic), you need to install mitmproxy. Please refer to its website forinstallation instructions. Please note that the latest version ofmitmproxy requires Python 3.6 or higher and therefore it’s required toinstall it within a separate virtualenv to isolate it and its requirementsfrom Cuckoo’s Python 2.7 environment. After installing mitmproxy in a separatevirtualenv, include its binary path in the Cuckoo configuration, e.g.,/tmp/mitmproxy3/bin/mitmdump if the virtualenv is /tmp/mitmproxy3.
Installing Python libraries (on Mac OS X)¶
This is mostly the same as the installation on Ubuntu/Debian, except thatwe’ll be using the brew package manager. Install all the requireddependencies as follows (this list is WIP):
How To Install Tcpdump For Mac Os
In addition to that you’ll also want to expose the openssl header files in thestandard GCC/Clang include directory, so that yara-python may compilesuccessfully. This can be done as follows:
Installing Python libraries (on Windows 7)¶
To be documented.
Virtualization Software¶
Cuckoo Sandbox supports most Virtualization Software solutions. As you willsee throughout the documentation, Cuckoo has been setup to remain as modularas possible and in case integration with a piece of software is missing thiscould be easily added.
For the sake of this guide we will assume that you have VirtualBox installed(which is the default), but this does not affect the execution and generalconfiguration of the sandbox.
You are completely responsible for the choice, configuration, and execution ofyour virtualization software. Please read our extensive documentation and FAQbefore reaching out to us with questions on how to set Cuckoo up.
Assuming you decide to go for VirtualBox, you can get the proper package foryour distribution at the official download page. Please find following thecommands to install the latest version of VirtualBox on your Ubuntu LTSmachine. Note that Cuckoo supports VirtualBox 4.3, 5.0, 5.1, and 5.2:
For more information on VirtualBox, please refer to theofficial documentation.
Installing tcpdump¶
In order to dump the network activity performed by the malware duringexecution, you’ll need a network sniffer properly configured to capturethe traffic and dump it to a file.
By default Cuckoo adopts tcpdump, the prominent open source solution.
Install it on Ubuntu:
Note that the AppArmor profile disabling (the aa-disable command) isonly required when using the default CWD directory as AppArmor wouldotherwise prevent the creation of the actual PCAP files (see alsoPermission denied for tcpdump).
For Linux platforms with AppArmor disabled (e.g., Debian) the followingcommand will suffice to install tcpdump:
Tcpdump requires root privileges, but since you don’t want Cuckoo to run asroot you’ll have to set specific Linux capabilities to the binary:
You can verify the results of the last command with:
If you don’t have setcap installed you can get it with:
Or otherwise (not recommended) do:
Please keep in mind that even the setcap method is not perfectly safe (dueto potential security vulnerabilities) if the system has other users which arepotentially untrusted. We recommend to run Cuckoo on a dedicated system or atrusted environment where the privileged tcpdump execution is containedotherwise.
Installing Volatility¶
Volatility is an optional tool to do forensic analysis on memory dumps. Incombination with Cuckoo, it can automatically provide additional visibilityinto deep modifications in the operating system as well as detect the presenceof rootkit technology that escaped the monitoring domain of Cuckoo’s analyzer.
In order to function properly, Cuckoo requires at least version 2.3 ofVolatility, but recommends the latest version, Volatility 2.5. You candownload it from their official repository.
See the volatility documentation for detailed instructions on how to install it.
Installing M2Crypto¶
Currently the M2Crypto library is only supported when SWIG has beeninstalled. On Ubuntu/Debian-like systems this may be done as follows:
If SWIG is present on the system one may install M2Crypto as follows:
Installing guacd¶
guacd is an optional service that provides the translation layer for RDP,VNC, and SSH for the remote control functionality in the Cuckoo web interface.
Without it, remote control won’t work. Versions 0.9.9 and up will work, but werecommend installing the latest version. On an Ubuntu 17.04 machine thefollowing command will install version 0.9.9-2:
If you only want RDP support you can skip the installation of thelibguac-client-vnc0 and libguac-client-ssh0 packages.
If you are using an older distribution or you just want to use the latestversion (our recommendation), the following will build the latest version(0.9.14) from source:
When installing from source, make sure you don’t have another version of anyof the libguac- libraries installed from your package manager or you mightexperience issues due to incompatibilities which can crash guacd.
Note that the VirtualBox Extension Pack must also be installed to takeadvantage of the Cuckoo Control functionality exposed by Guacamole.
Installing scapy3k¶
The following steps describe how to install (or update) Scapy itself.Dependent on your platform, some additional libraries might have to be installed to make it actually work.So please also have a look at the platform specific chapters on how to install those requirements.
Note
The following steps apply to Unix-like operating systems (Linux, BSD, Mac OS X).Windows, currently is under development.
Make sure you have Python installed before you go on. Depending on your system you may have to use python3 and pip3 or python and pip for python version 3.x.
Latest release¶
The easiest way to install the latest scapy3k package is using pip.
$ pip3 install scapy-python3
Tcpdump Show Mac
Current development version¶
Clone GitHub repository to a temporary directory and install it in the standard distutils way:
If you always want the latest version with all new features and bugfixes, use Scapy’s GitHub repository:
Install git version control system. For example, on Debian/Ubuntu use:
Check out a clone of Scapy’s repository:
Install Scapy in the standard distutils way:
How To Install Tcpdump For Macbook Pro
Then you can always update to the latest version: