On Tuesday, January 17, 2017 at 11:17:07 PM UTC-8, Sae wrote: > On 18/01/2017 06:27, Asterysk wrote: > > It struck me that Qubes could be very useful for Detection of "malware" by > > placing a monitoring capability . My question is in two parts:
> > I would create a proxyVM that dumps your traffic with tcpdump, and > insert it before sys-firewall when I want to sniff the traffic. > And then open the pcap with wireshark in a non networked VM for inspection. you can also use xen to inspect the vm itself, https://drakvuf.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9bc1d900-97a1-402c-9515-d88b1ebfb69f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.