Security-related question
Technomage Hawke
technomage.hawke at gmail.com
Tue Feb 22 11:45:25 MST 2011
it will have a unique mac address.
if you had openbsd as a firewall vm, you could pass traffic through there and use the os.fingerprints file to pass or block what you needed.
-Eric
On Feb 22, 2011, at 8:22 AM, Jim March wrote:
> Folks,
>
> I'm trying to figure out what a particular Windows piece of malware does.
>
> To that end I built a brand new WinXP virtual machine via Virtualbox (Linux host of course) and then infected the virtual machine :).
>
> In Ubuntu (Gnome) I usually run the System Monitor toolbar widget set to display CPU, memory and network traffic. In the latter I can see network traffic happening that I can't explain as being Linux-related, so it has to be the virtual machine (which has Internet connectivity via a NAT router off of the Linux host...in other words, guest OS traffic will be visible in the host Linux system.
>
> I need to know first how I can prove that it's the Windows XP guest OS that's doing the traffic, or which other processes are doing which traffic, and then if possible log ALL of that traffic (preferably using Linux tools) for a brief time period to a file for analysis.
>
> Any help appreciated :).
>
> Jim March
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list