Security-related question
Stephen
cryptworks at gmail.com
Tue Feb 22 08:43:55 MST 2011
Wireshark on the interface to see what the traffic is.
On Tue, Feb 22, 2011 at 8:22 AM, Jim March <1.jim.march at gmail.com> wrote:
> Folks,
> I'm trying to figure out what a particular Windows piece of malware does.
> To that end I built a brand new WinXP virtual machine via Virtualbox (Linux
> host of course) and then infected the virtual machine :).
> In Ubuntu (Gnome) I usually run the System Monitor toolbar widget set to
> display CPU, memory and network traffic. In the latter I can see network
> traffic happening that I can't explain as being Linux-related, so it has to
> be the virtual machine (which has Internet connectivity via a NAT router off
> of the Linux host...in other words, guest OS traffic will be visible in the
> host Linux system.
> I need to know first how I can prove that it's the Windows XP guest OS
> that's doing the traffic, or which other processes are doing which traffic,
> and then if possible log ALL of that traffic (preferably using Linux tools)
> for a brief time period to a file for analysis.
> Any help appreciated :).
> Jim March
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.
Stephen
More information about the PLUG-discuss
mailing list