I am trying to observe the memory/disk/network accesses done by a VM. The resulting log can be used to decide whether a VM initiates a malicious action (because , say, it runs a malicious software).
On Thu 24 Oct 11:49 2013 Stefan Hajnoczi wrote: > On Thu, Oct 24, 2013 at 10:23 AM, Alexander Binun <bi...@cs.bgu.ac.il> wrote: > > As for sniffing the traffic between VMs - I have yet one idea and I would > > appreciate your feedback. > [...] > > That is, a sniffer in the Linux should be put at a kernel driver that makes > > physical memory available to user space. > > I'm not sure what you are trying to do. Can you describe your goal? > > Depending on what you are trying to observe, there may already be > sniffing or tracing mechanisms available. > > Stefan >