it will have a unique mac address. if you had openbsd as a firewall vm, you could pass traffic through there and use the os.fingerprints file to pass or block what you needed.
-Eric On Feb 22, 2011, at 8:22 AM, Jim March wrote: > Folks, > > I'm trying to figure out what a particular Windows piece of malware does. > > To that end I built a brand new WinXP virtual machine via Virtualbox (Linux > host of course) and then infected the virtual machine :). > > In Ubuntu (Gnome) I usually run the System Monitor toolbar widget set to > display CPU, memory and network traffic. In the latter I can see network > traffic happening that I can't explain as being Linux-related, so it has to > be the virtual machine (which has Internet connectivity via a NAT router off > of the Linux host...in other words, guest OS traffic will be visible in the > host Linux system. > > I need to know first how I can prove that it's the Windows XP guest OS that's > doing the traffic, or which other processes are doing which traffic, and then > if possible log ALL of that traffic (preferably using Linux tools) for a > brief time period to a file for analysis. > > Any help appreciated :). > > Jim March > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
