CAPE not sniffing the new interface set in Auxiliary conf #2085
Description
This is open source and you are getting free support so be friendly!
Prerequisites
Please answer the following questions for yourself before submitting an issue.
- [ X] I am running the latest version
- [ X] I did read the README!
- [ X] I checked the documentation and found no answer
- [ X] I checked to make sure that this issue has not already been filed
- [ X] I'm reporting the issue to the correct repository (for multi-repository projects)
- [ X] I have read and checked all configs (with all optional parts)
Expected Behavior
I set a different interface in auxilary.conf for CAPE to run TCPDump on to sniff traffic. It should sniff the new interface since i did not see any references in the docs on anywhere else I needed to configure anything else.
Current Behavior
CAPE is not sniffing traffic off the new interface I set in auxiliary.conf.
Steps to Reproduce
- Install a new usb NIC.
- Change interface name in auxiliary.conf to new NIC.
- Confirm interface is up before run.
- Run analysis.
- Looking at the tcpdump command when doing systemctl status cape.service during a run CAPE will choose the old interface to sniff.
Context
I have a fully physical CAPE setup. I tried cating and grepping all the files in /opt/CAPEV2 to see where the tcpdump command is run so I could hard code in my new interface but, I didn't see any hits related to that. I can manually run TCPDump on the new interface and it works with no issues.
New NIC in auxiliary.conf set above.
Picture above is CAPE telling TCPDump to sniff the old interface even through it is no longer configured in auxiliary.conf.
Thanks for the help