Also show local IP addresses

[jbremer]

Currently local IP addresses are filtered and not shown in the Network Analysis tab. Do make them show as targeted samples may contain hardcoded IP addresses to other boxes in the same private network.

[botherder]

We should however filter out those that are involved for Cuckoo operations. I feel that otherwise it's mostly gonna cause lots of confusion. @jekil thoughts?

[KillerInstinct]

Cuckoo operations shouldn't be captured at all due to bpf filtering of host <-> guest in the sniffer auxiliary module. I think what Jurriaan is getting as is the dropping of packets if it's a local network which is done in the network processing module: https://github.com/cuckoobox/cuckoo/blob/master/modules/processing/network.py#L179

Why not make it configurable? :)

[botherder]

There's still a lot that bpf filter isn't filtering out. Regular Windows UDP traffic and shit related to the execution of the VM and configuration of the internal network. That kind of stuff I also considered as "Cuckoo operations".

[KillerInstinct]

While that may be true, there is no UDP traffic parsers that we particularly care about. I deleted that line for a custom inetsim rig and that generated some 'bloat' stuff. So really the only thing you have to do is ignore some of the tcp/udp dissection in the tcp/udp panes. But honestly, that is probably the least useful information overall when quickly looking at an analysis -- IMO.

[jbremer]

@KillerInstinct just to be clear, what do you refer to with the least useful information overall here?

[KillerInstinct]

The TCP/UDP tabs. They are generally unuseful for quickly looking at an analysis and really only provide supporting information to other networking data.

[jbremer]

Agreed, now would be a good time to port those to http/https/etc protocols and remove the streams from the tcp/udp tabs for all streams that are represented in another tab.