Sysinternals can do everything you need, take a look specifically at Procmon
http://technet.microsoft.com/en-us/sysinternals
TCPVIEW also.

On Tue, Feb 22, 2011 at 8:22 AM, Jim March <1.jim.march@gmail.com> wrote:
> Folks,
> I'm trying to figure out what a particular Windows piece of malware does.
> To that end I built a brand new WinXP virtual machine via Virtualbox (Linux
> host of course) and then infected the virtual machine :).
> In Ubuntu (Gnome) I usually run the System Monitor toolbar widget set to
> display CPU, memory and network traffic.  In the latter I can see network
> traffic happening that I can't explain as being Linux-related, so it has to
> be the virtual machine (which has Internet connectivity via a NAT router off
> of the Linux host...in other words, guest OS traffic will be visible in the
> host Linux system.
> I need to know first how I can prove that it's the Windows XP guest OS
> that's doing the traffic, or which other processes are doing which traffic,
> and then if possible log ALL of that traffic (preferably using Linux tools)
> for a brief time period to a file for analysis.
> Any help appreciated :).
> Jim March
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss