Live network traffic monitor
155 views
Skip to first unread message
admi...@gmail.com
Aug 7, 2016, 7:16:08 PM8/7/16
to qubes-users
Hello,
Sometimes I see that my computer sends sth to the internet without my interaction, maybe sometimes it was cause by something like auto check for upgrades or something else, but I always wonder which VM is doing that.
Is there a tool or is it possible to do something like live (graphics or not) monitor. I mean usage of network traffic and (if it possible without additional security risk) to which host/ip and port VM is sending the packet. Of course for each VM separately.
Sometimes I see that my computer sends sth to the internet without my interaction, maybe sometimes it was cause by something like auto check for upgrades or something else, but I always wonder which VM is doing that.
Is there a tool or is it possible to do something like live (graphics or not) monitor. I mean usage of network traffic and (if it possible without additional security risk) to which host/ip and port VM is sending the packet. Of course for each VM separately.
Regards
pixel fairy
Aug 7, 2016, 8:24:59 PM8/7/16
to qubes-users
for live traffic monitoring use wireshark. it will also dissect packets for you showing you what each field means. its a great learning tool. you can also run apps like darkstat or ntop for logging. there's console version of wireshark called tshark. never used it.
Zrubi
Aug 8, 2016, 2:32:10 AM8/8/16
to admi...@gmail.com, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I'm using iptraf.
You can run it in a proxy or netwm to see all connected VM's traffic.
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXqCdcAAoJEC3TtYFBiXSvGroP/REY13xThAhfjN7HkGGXITLi
KJfcGmD8kAHDERD4pNPINRZucKvTTY2sMiZXgEEmCMd8cQRm7iCoBoz/JrLAMiVV
dOyyDQJU7/R5ES32mAjp1ecEs//Ox9LX130Ffu89MOF6be7FH2JrcNmo5FoogFzb
AdntLUVN08gk+xH2P4ftpmmfjk80j+tbZOQP0FH0Bm1Ku6kni7iRKMBjtKqHfYOY
aMiu1Pgy0UI1D6k1q6VyXybmXoTmAw998yF8j/q1UMAJ0Fk2Efc1PRvqQej1beu4
ClD8GC52Pbjl9BZ4RJOSje9ZQxLVOPcF6eyPX+hojzLlmtmbOGtRWXdmKr+LgkPV
4d0lumH5Vhh0iWOF108iG9UYGGeBoLpg0KGqQ47FKA0T+B+EE+ykSmRwrGGQQmLX
a34mascQI0lXaWowRGpxujrB3C7UYBP5sdIoAxgV+jqEIU2B9SNBIWP4PVN21G/8
iy6w7ox3iDYj0i5TUBYbittm/GYhH2/Tkrc1GkKEqvSYrGgDw80ZIS3hEvO0uUbZ
We9AWrySOaI/CtFY0ipxDqMUeqBIC+IE7oZiAqNZyohqPsoWmmhew2A47kAjRoSk
WtboYz3Dq5FPvlrjzlfCUommSOEckNXleaTYKJuXz3XLtDlGjyP9Ltipa6txVPax
+/sfF3JkazB0hAzErfBt
=+7jl
-----END PGP SIGNATURE-----
Hash: SHA256
You can run it in a proxy or netwm to see all connected VM's traffic.
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXqCdcAAoJEC3TtYFBiXSvGroP/REY13xThAhfjN7HkGGXITLi
KJfcGmD8kAHDERD4pNPINRZucKvTTY2sMiZXgEEmCMd8cQRm7iCoBoz/JrLAMiVV
dOyyDQJU7/R5ES32mAjp1ecEs//Ox9LX130Ffu89MOF6be7FH2JrcNmo5FoogFzb
AdntLUVN08gk+xH2P4ftpmmfjk80j+tbZOQP0FH0Bm1Ku6kni7iRKMBjtKqHfYOY
aMiu1Pgy0UI1D6k1q6VyXybmXoTmAw998yF8j/q1UMAJ0Fk2Efc1PRvqQej1beu4
ClD8GC52Pbjl9BZ4RJOSje9ZQxLVOPcF6eyPX+hojzLlmtmbOGtRWXdmKr+LgkPV
4d0lumH5Vhh0iWOF108iG9UYGGeBoLpg0KGqQ47FKA0T+B+EE+ykSmRwrGGQQmLX
a34mascQI0lXaWowRGpxujrB3C7UYBP5sdIoAxgV+jqEIU2B9SNBIWP4PVN21G/8
iy6w7ox3iDYj0i5TUBYbittm/GYhH2/Tkrc1GkKEqvSYrGgDw80ZIS3hEvO0uUbZ
We9AWrySOaI/CtFY0ipxDqMUeqBIC+IE7oZiAqNZyohqPsoWmmhew2A47kAjRoSk
WtboYz3Dq5FPvlrjzlfCUommSOEckNXleaTYKJuXz3XLtDlGjyP9Ltipa6txVPax
+/sfF3JkazB0hAzErfBt
=+7jl
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages