Passer doesn't function and error received on docker run
veshtov opened this issue · 6 comments
/etc/p0f/p0f.fp not found; please install p0f version 2 to enable OS fingerprinting.
Problem reading/parsing /root/.passer//trusted_ips.json, setting to default list.
ERROR: Cannot set filter: libpcap is not available. Cannot compile filter !
/etc/p0f/p0f.fp not found; please install p0f version 2 to enable OS fingerprinting.
Problem reading/parsing /root/.passer//trusted_ips.json, setting to default list.
ERROR: Cannot set filter: libpcap is not available. Cannot compile filter !
^CCtrl-C pressed, generating summary lines.
Traceback (most recent call last):
File "/passer.py", line 2455, in
sniff(store=0, iface=InterfaceName, filter=cl_args['bpf'], prn=lambda x: processpacket(x))
File "/usr/local/lib/python2.7/site-packages/scapy/sendrecv.py", line 1263, in sniff
sniffer._run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/scapy/sendrecv.py", line 1175, in _run
sockets = select_func(list(sniff_sockets.keys()), remain)
File "/usr/local/lib/python2.7/site-packages/scapy/supersocket.py", line 259, in select
inp, _, _ = select(sockets, [], [], remain)
File "/passer.py", line 610, in signal_handler
generate_summary_lines()
File "/passer.py", line 654, in generate_summary_lines
for an_ip in sorted(ReportId.NewSuspiciousIPs): #Cross-function variable
AttributeError: 'function' object has no attribute 'NewSuspiciousIPs'
The functional problem appears to be that your system does not have libpcap installed. Depending on your operating system you may need to install one of the following packages: libpcap, libpcap-dev, libpcap0.8, libpcap0.8-dev, or libpcap-devel . Once that package is installed (perhaps using apt, yum, or dnf), please try running passer again.
sudo apt-get install libpcap0.8
Reading package lists... Done
Building dependency tree
Reading state information... Done
libpcap0.8 is already the newest version (1.9.1-3).
0 upgraded, 0 newly installed, 0 to remove and 8 not upgraded.
I should have all the dependencies installed as that was my first troubleshooting step. I haven't tested it on my ubuntu machine at home and it's currently offline but am using WSL2.0 out right as well as the docker image which also fails. I downloaded it today.
I haven't bothered to mess with it on powershell/win directly. I can try a live cd and see what that does and report back.
(error directly from the docker container)
/etc/p0f/p0f.fp not found; please install p0f version 2 to enable OS fingerprinting.
Problem reading/parsing /root/.passer//trusted_ips.json, setting to default list.
ERROR: Cannot set filter: libpcap is not available. Cannot compile filter !
also seems to fail on a xubuntu live disk. errors on line 1263 in sniff, 1127 in _run and 486 in init
I don't have a great way to crab the text off of this quick test machine but will test again from my main ubuntu machine in a few.
I'd be interested to hear if it works on Ubuntu.
Seems to be working with Ubuntu (5.11.0-25-generic #27-Ubuntu SMP Fri Jul 9 23:06:29 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux) (Ubuntu 21.04)
older Xubuntu (ubuntu 19.04) didn't work on live image directly from its kernel or on docker image
WSL 2 (ubuntu 20.04 and kernel 5.11) had the same issues.
Just following up. Seems to be issues with certain Kernel versions and the downstream versions of p0f libpcap and others.
It might be worth putting this in as a SNAP if it's very version bound. Also seems to be issues with how M$ implements their version of the linux kernel.