On 07/26/2016 12:58 AM, Franz wrote:
On Mon, Jul 25, 2016 at 5:40 PM, R.B. <reboli...@reboli.nl
<mailto:reboli...@reboli.nl>> wrote:
shortened a bit...
Hi Franz,
The way I use it:
- Make sure Marek's perl script is in the vm you want to monitor.
Preferably in /home/user.
- Make sure the firewall is set to "Deny network access except..."
by default.
- Open a terminal in Dom0.
- Enter the command:
qvm-run --pass-io YourVM 'sudo tcpdump -vni eth0 port 53 or icmp |
perl ./firewall-learn.pl <http://firewall-learn.pl>'
Thanks for the example, this goes a little more, in dom0 I reach the step:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
262144 bytes
but then instead of
qvm-firewall -a debian-8-multimedia-dvm 104.20.30.3 tcp 443 that I get
on dispVM terminal
I get nothing more appearing on Dom0 terminal.
On the other hand if I try to use Marek suggestion adding "cat" with
something like
qvm-run --pass-io disp16 'cat sudo tcpdump -vni eth0 port 53 or icmp |
perl ./firewall-learn.pl <http://firewall-learn.pl>'
Hi Franz,
I tried it your way and it won't give immediate results. Looks like some
bucket of 262144 bytes has to be filled with enough packets before
tcpdump passes the data. After some effort requesting for a site
repeatedly, the buffer gets dumped.... finally ;-)
Could not find a quick way to remedy this though.
Greetings,
RB
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ee1e78f3-f076-415b-ad73-9272afe60eb0%40reboli.nl.
For more options, visit https://groups.google.com/d/optout.
