Where to install wireshark?
425 views
Skip to first unread message
qaz...@sigaint.org
May 29, 2016, 11:46:57 AM5/29/16
to qubes...@googlegroups.com
Hi.
I just installed Qubes, and I'm doing a tor -> proxy setup with whonix
(Because of CloudFlare...), and I want to make sure it's working properly
by looking at the traffic after it leaves whonix gateway. On my old system
I'd just install wireshark on my host, but this is obviously not possible
in Qubes. My current understanding of Qubes leads me to believe it'd make
the most sense to install wireshark @ sys-net.
I'd just like to hear if there's any reason to NOT do this before I proceed.
Thanks in advance.
Also, thanks to the developers for creating a really awesome OS :-)
I just installed Qubes, and I'm doing a tor -> proxy setup with whonix
(Because of CloudFlare...), and I want to make sure it's working properly
by looking at the traffic after it leaves whonix gateway. On my old system
I'd just install wireshark on my host, but this is obviously not possible
in Qubes. My current understanding of Qubes leads me to believe it'd make
the most sense to install wireshark @ sys-net.
I'd just like to hear if there's any reason to NOT do this before I proceed.
Thanks in advance.
Also, thanks to the developers for creating a really awesome OS :-)
Chris Laprise
May 29, 2016, 2:54:58 PM5/29/16
to qaz...@sigaint.org, qubes...@googlegroups.com
proxy vm like sys-firewall.
Chris
Zrubi
May 31, 2016, 4:04:56 AM5/31/16
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 05/29/2016 05:46 PM, qaz...@sigaint.org wrote:
> Hi.
>
> I just installed Qubes, and I'm doing a tor -> proxy setup with
> whonix (Because of CloudFlare...), and I want to make sure it's
> working properly by looking at the traffic after it leaves whonix
> gateway. On my old system I'd just install wireshark on my host,
> but this is obviously not possible in Qubes. My current
> understanding of Qubes leads me to believe it'd make the most sense
> to install wireshark @ sys-net.
>
> I'd just like to hear if there's any reason to NOT do this before I
> proceed.
I would install tcpdump in every VM, then you can dump traffic at
several point in your internal network. Then you can analyze the
results with wireshark in any appVM you prefer. for example an offline
disposable VM.
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXTUWYAAoJEC3TtYFBiXSvnygP/0RtcR1/Izi/m3iPIuVq1YjS
FqsbMyYRl4fFye0DHikKUve+tlEpbVjuOT9SKx3ojCMOuMWIZmwiZYTXFMZthQTj
09J6ZSIbJ4wQ86alOPM6fXTQdyuUijK7wCVbTb01d23CB0TePpy8yyah+DJvSHav
LCYr+G4u+IGqpc60waJOSyRykR5SMAW9vR2PaTYa3nIk5Xrv8npHIeXCkaq73fF7
lY6yuWmDVtx8sgVU2qkEfd0pkn+Rf+sEbMxjIUZu1lWuaaDhYGeYlS1A8Jv0EFBS
qkfueceu0rVrEIb1vnZ0bA6rGpkKzXldJvRv3SI08n2EAEHvLnKVVoNadJ8WvJCt
xMu9flBFy98EJlnMmO2zbyYzWenm55I05DuHHZHh/7nfxL4Avpx3N1Z1uTKBaA1R
yByzeKbkidkLUtO6wCvYU8IDIbhFa2/2U58zduoJj5u1jCvioXJLPKDDEjdUQdiR
CwANsF0OsuVzNu4YtTiAu6dC03czdHgzbpyiSvA2e1k0XX3fl7CU6eilyfvAta5m
kL5H3CTs3AKtNkQ3gPA/7Ctkjb+LDXmP/7hW2PUHF/kmr0yV1ajjl1Z+qy3SKKkY
DZOUegGJ+33mCPAkhxDK+IXF9zukahrQtOoigwn/4EsIAWnkejK/uwY5S7TOWrLk
UVrvPATP+I944Dh8uJ1W
=dfUa
-----END PGP SIGNATURE-----
Hash: SHA256
On 05/29/2016 05:46 PM, qaz...@sigaint.org wrote:
> Hi.
>
> I just installed Qubes, and I'm doing a tor -> proxy setup with
> whonix (Because of CloudFlare...), and I want to make sure it's
> working properly by looking at the traffic after it leaves whonix
> gateway. On my old system I'd just install wireshark on my host,
> but this is obviously not possible in Qubes. My current
> understanding of Qubes leads me to believe it'd make the most sense
> to install wireshark @ sys-net.
>
> I'd just like to hear if there's any reason to NOT do this before I
> proceed.
several point in your internal network. Then you can analyze the
results with wireshark in any appVM you prefer. for example an offline
disposable VM.
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXTUWYAAoJEC3TtYFBiXSvnygP/0RtcR1/Izi/m3iPIuVq1YjS
FqsbMyYRl4fFye0DHikKUve+tlEpbVjuOT9SKx3ojCMOuMWIZmwiZYTXFMZthQTj
09J6ZSIbJ4wQ86alOPM6fXTQdyuUijK7wCVbTb01d23CB0TePpy8yyah+DJvSHav
LCYr+G4u+IGqpc60waJOSyRykR5SMAW9vR2PaTYa3nIk5Xrv8npHIeXCkaq73fF7
lY6yuWmDVtx8sgVU2qkEfd0pkn+Rf+sEbMxjIUZu1lWuaaDhYGeYlS1A8Jv0EFBS
qkfueceu0rVrEIb1vnZ0bA6rGpkKzXldJvRv3SI08n2EAEHvLnKVVoNadJ8WvJCt
xMu9flBFy98EJlnMmO2zbyYzWenm55I05DuHHZHh/7nfxL4Avpx3N1Z1uTKBaA1R
yByzeKbkidkLUtO6wCvYU8IDIbhFa2/2U58zduoJj5u1jCvioXJLPKDDEjdUQdiR
CwANsF0OsuVzNu4YtTiAu6dC03czdHgzbpyiSvA2e1k0XX3fl7CU6eilyfvAta5m
kL5H3CTs3AKtNkQ3gPA/7Ctkjb+LDXmP/7hW2PUHF/kmr0yV1ajjl1Z+qy3SKKkY
DZOUegGJ+33mCPAkhxDK+IXF9zukahrQtOoigwn/4EsIAWnkejK/uwY5S7TOWrLk
UVrvPATP+I944Dh8uJ1W
=dfUa
-----END PGP SIGNATURE-----
raah...@gmail.com
Jun 7, 2016, 12:39:02 AM6/7/16
to qubes-users
tcpdump has vulnerabilities doesn't it? you can use apparmor profile for it. then again so does wireshark prolly lol. Then again so does everything. I wouldn't use a program like this in a trusted vm though.
Zrubi
Jun 7, 2016, 3:13:02 AM6/7/16
to Achim Patzner, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 06/07/2016 07:48 AM, Achim Patzner wrote:
Hash: SHA256
> Am 31.05.2016 um 10:04 schrieb Zrubi:
>
>> I would install tcpdump in every VM, then you can dump traffic
>> at several point in your internal network.
>
> If you don't want to use tcpdump for analysis anyway (I actually
>
>> I would install tcpdump in every VM, then you can dump traffic
>> at several point in your internal network.
>
> prefer it over Wireshark in cases I just want to see what's
> happening) you could use dumpcap instead. You'll install Wireshark
> in your template VM anyway...
I do use tcpdump directly - but sometimes I need wireshark for a
deeper analyze. And actually I'm using minimal (based) templates for
net, and proxy VM's where I do not have wireshark (or any other GUI)
So I'm using wireshark only on saved dumps and always running it in a
non networked disposable VM.
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
uve0t19Mr65w7Y7bxWcU7FN2CQ9POiLA5iq+euQ4OTvxM2TA+iE9GT0JpL3q0vtf
fSEYCs7L2nETJcXOMzZa2o+6DUe3ulvgtS8lJBZQJ9BSLBZ5jLwOD13IZ3nPAuTr
H1UIXhiBcUXQgNKoDaleONDkFdlxSfEZcZiP7ufTx8Uj3IjK/Ec559BDx35xzAz9
kwZOyD3h0bnHYGwvWeLZ1q3+lLc71f4EBzbnK+85YF/4XRRFh5aByQ0zJiaZAiZO
xnh4osUaJsMsfp8/YULYROUww44vBE+IP4hFAMeZo0FngL0VZKAiiVDnoK6oWbB0
VhBjX3G4JR7M/ZT2ww8JVyiDGIHPsClMVSt+NpilMPJFu7/LW73oXdp5KduING1M
J3EPjUcPRk/NbgiKw9110//oLiLU4CBVl/T+a7EGju2+0Um8/qpifo/vw9yzBArq
jvjt2qVghAJhyErMGj4oM2ksklU+HISmwMVRR8QfBVgBEK5TbFtSHpim5xSlfj0u
kIlAQdIskbc4ZCBDsmasHg2SJjgaFSHfA7bajzSjS6ufkQ5AmqudU37shzgMWlDV
fHvztKMxgCI6CmCLBx6N0tcyKDVbmK/6H7E5QXq/DXHd+4aRO3cBy30o8ToYY6vU
qT+k3/aU4uhBRsGsODaB
=FZKX
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages