> > > you are simply sniffing the wrong side of the SPS.
> > > sniff the downstream interface(s) instead of upstream.
> > > wouldn't a tcpdump -i eth0 sniff rx tx?
>
> You will get the NAT'd addresses with this. You want to listen on the
> vif* addresses.
Thank you. That worked. I appreciate your
>> you are simply sniffing the wrong side of the SPS.
>> sniff the downstream interface(s) instead of upstream.
> wouldn't a tcpdump -i eth0 sniff rx tx?
You will get the NAT'd addresses with this. You want to listen on the
vif* addresses.
eth0 is the upstream interface. In your SPS it goes to
> you are simply sniffing the wrong side of the SPS.
> sniff the downstream interface(s) instead of upstream.
wouldn't a tcpdump -i eth0 sniff rx tx?
I see all external IPs it is reaching out but any hosts below the SPS shows as
if the traffic is coming from the SPS.
> this is basic linux ne
On Wed, May 06, 2020 at 06:17:58PM +, 'Matt Drez' via qubes-users wrote:
> My problem is that I don't see their individual IP addresses in the
> capture just a NAT'd address of SPS's eth0. I supposed I have to
> create a bridge somehow but that's way beyond my skills.
you are simply sniffing
Hey guys,
My setup is sys-net <--> firewall <--> Special Purpose Server (SPS) <--> open
subnet of qubes
I setup the SPS to capture and analyze traffic. When I created the VM I marked
"provides networking" so any other VM behind can connect to it and can get out
to the internet.
My problem is