Security-related question
Jim March
1.jim.march at gmail.com
Tue Feb 22 09:17:29 MST 2011
Ummm...it ain't working. I get:
---
jim at jim-lappy:~$ tcpdump -s 0 -w file.pcap host 127.0.0.1
tcpdump: no suitable device found
jim at jim-lappy:~$
---
So I ran Wireshark and it doesn't see an interface it can use. I've tried
two different WiFi cards, one a Broadcom and one Ralink I think. Dangit. I
think I have an Atheros mini-PCI-express I can bolt into this Dell I'm using
at the moment...will that help?
Jim
On Tue, Feb 22, 2011 at 8:45 AM, Matt Graham <danceswithcrows at usa.net>wrote:
> > Jim March <1.jim.march at gmail.com> wrote:
> >> I'm trying to figure out what a particular Windows piece of malware
> >> does. To that end I built a brand new WinXP virtual machine via
> >> Virtualbox (Linux host of course) and then infected the virtual
> >> machine, which has Internet connectivity via a NAT router off of
> >> the Linux host...in other words, guest OS traffic will be visible
> >> in the host Linux system.
>
> So, the 'Doze VM has an IP of 10.x.y.z according to the Linux box? And you
> can run "tcpdump -s 0 -w file.pcap host 10.x.y.z" on the Linux box, right?
> And then have a look at file.pcap with wireshark or your favorite packet
> analyzer? This seems fairly obvious to me, but there could be something
> I'm
> missing. It's been a while since I played with virtualbox to any great
> extent, and it depends on how the thing does networking.
>
> From: Jordan Aberle <jordan.aberle at gmail.com>
> > Sysinternals can do everything you need, take a look specifically
> > at Procmon http://technet.microsoft.com/en-us/sysinternals
> > TCPVIEW also.
>
> You'd trust a compromised machine to report on the traffic that some known
> malware is sending out? I have this great deal on Florida swampland for
> you.... :-) Also, Jim wanted to do the monitoring from the Linux side.
> But
> if you're stuck on a Doze box, sysinternals is a reasonable substitute for
> standard tools.
>
> --
> Matt G / Dances With Crows
> The Crow202 Blog: http://crow202.org/wordpress/
> There is no Darkness in Eternity/But only Light too dim for us to see
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110222/79256045/attachment.html>
More information about the PLUG-discuss
mailing list