[Tfug] Security-related question
Jim March
1.jim.march at gmail.com
Tue Feb 22 09:18:27 MST 2011
Well yeah, but...hmmm...right now I'm trying to nail down all network
traffic from the Ubuntu side. How do I figure out which process is talking
to the 'net and kill it?
Jim
On Tue, Feb 22, 2011 at 9:15 AM, <earljviolet at deserthowler.com> wrote:
> Jim,
>
> Can you drop back to the uninfected version of XP and see what happens
> there?
>
> Earl
> On Tue, February 22, 2011 8:22 am, Jim March wrote:
> > Folks,
> >
> > I'm trying to figure out what a particular Windows piece of malware does.
> >
> > To that end I built a brand new WinXP virtual machine via Virtualbox
> > (Linux
> > host of course) and then infected the virtual machine :).
> >
> > In Ubuntu (Gnome) I usually run the System Monitor toolbar widget set to
> > display CPU, memory and network traffic. In the latter I can see network
> > traffic happening that I can't explain as being Linux-related, so it has
> > to
> > be the virtual machine (which has Internet connectivity via a NAT router
> > off
> > of the Linux host...in other words, guest OS traffic will be visible in
> > the
> > host Linux system.
> >
> > I need to know first how I can prove that it's the Windows XP guest OS
> > that's doing the traffic, or which other processes are doing which
> > traffic,
> > and then if possible log ALL of that traffic (preferably using Linux
> > tools)
> > for a brief time period to a file for analysis.
> >
> > Any help appreciated :).
> >
> > Jim March
> > _______________________________________________
> > Tucson Free Unix Group - tfug at tfug.org
> > Subscription Options:
> > http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> >
>
>
> --
> If you play a Windows install CD backwards it has satanic verses.
> Save the Earth... it's the only planet with chocolate!!!!
>
>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20110222/bb491dac/attachment-0002.html>
More information about the tfug
mailing list