-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 06/07/2016 07:48 AM, Achim Patzner wrote:
> Am 31.05.2016 um 10:04 schrieb Zrubi:
>
>> I would install tcpdump in every VM, then you can dump traffic
>> at several point in your internal network.
>
> If you don't want to use tcpdump for analysis anyway (I actually
> prefer it over Wireshark in cases I just want to see what's
> happening) you could use dumpcap instead. You'll install Wireshark
> in your template VM anyway...
I do use tcpdump directly - but sometimes I need wireshark for a
deeper analyze. And actually I'm using minimal (based) templates for
net, and proxy VM's where I do not have wireshark (or any other GUI)
So I'm using wireshark only on saved dumps and always running it in a
non networked disposable VM.
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXVnPwAAoJEC3TtYFBiXSvgs8QAJpfvAioQ74/kv/sJzFojbrG
uve0t19Mr65w7Y7bxWcU7FN2CQ9POiLA5iq+euQ4OTvxM2TA+iE9GT0JpL3q0vtf
fSEYCs7L2nETJcXOMzZa2o+6DUe3ulvgtS8lJBZQJ9BSLBZ5jLwOD13IZ3nPAuTr
H1UIXhiBcUXQgNKoDaleONDkFdlxSfEZcZiP7ufTx8Uj3IjK/Ec559BDx35xzAz9
kwZOyD3h0bnHYGwvWeLZ1q3+lLc71f4EBzbnK+85YF/4XRRFh5aByQ0zJiaZAiZO
xnh4osUaJsMsfp8/YULYROUww44vBE+IP4hFAMeZo0FngL0VZKAiiVDnoK6oWbB0
VhBjX3G4JR7M/ZT2ww8JVyiDGIHPsClMVSt+NpilMPJFu7/LW73oXdp5KduING1M
J3EPjUcPRk/NbgiKw9110//oLiLU4CBVl/T+a7EGju2+0Um8/qpifo/vw9yzBArq
jvjt2qVghAJhyErMGj4oM2ksklU+HISmwMVRR8QfBVgBEK5TbFtSHpim5xSlfj0u
kIlAQdIskbc4ZCBDsmasHg2SJjgaFSHfA7bajzSjS6ufkQ5AmqudU37shzgMWlDV
fHvztKMxgCI6CmCLBx6N0tcyKDVbmK/6H7E5QXq/DXHd+4aRO3cBy30o8ToYY6vU
qT+k3/aU4uhBRsGsODaB
=FZKX
-----END PGP SIGNATURE-----