On 18/01/2017 06:27, Asterysk wrote: > It struck me that Qubes could be very useful for Detection of "malware" by > placing a monitoring capability . My question is in two parts: > > (1) Is Wireshark the best tool to use for this within Qubes > (2) Should it be placed in Dom 0 (if indeed thats possible) or in the sys-net > or sys-firewall >
I would create a proxyVM that dumps your traffic with tcpdump, and insert it before sys-firewall when I want to sniff the traffic. And then open the pcap with wireshark in a non networked VM for inspection. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fbcab964-be0f-0279-23e1-84bf9e591d40%40nopping.eu. For more options, visit https://groups.google.com/d/optout.