Security-related question

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Jim March
Date:  
To: Main PLUG discussion list, Tucson Free Unix Group
Subject: Security-related question
Folks,

I'm trying to figure out what a particular Windows piece of malware does.

To that end I built a brand new WinXP virtual machine via Virtualbox (Linux
host of course) and then infected the virtual machine :).

In Ubuntu (Gnome) I usually run the System Monitor toolbar widget set to
display CPU, memory and network traffic. In the latter I can see network
traffic happening that I can't explain as being Linux-related, so it has to
be the virtual machine (which has Internet connectivity via a NAT router off
of the Linux host...in other words, guest OS traffic will be visible in the
host Linux system.

I need to know first how I can prove that it's the Windows XP guest OS
that's doing the traffic, or which other processes are doing which traffic,
and then if possible log ALL of that traffic (preferably using Linux tools)
for a brief time period to a file for analysis.

Any help appreciated :).

Jim March
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss