How to safely use Wireshark in Qubes?

146 views
Skip to first unread message

turb...@gmail.com

unread,
Feb 14, 2017, 12:39:41 PM2/14/17
to qubes-users
Sys-net app or make standalone fedora minimal template?

Subj.

Unman

unread,
Feb 14, 2017, 3:51:47 PM2/14/17
to turb...@gmail.com, qubes-users
On Tue, Feb 14, 2017 at 09:39:41AM -0800, turb...@gmail.com wrote:
> Sys-net app or make standalone fedora minimal template?
>
> Subj.
>

As you like - I use tcpdump to capture and run wireshark on the captured
stream in a network isolated qube, which seems a reasonable approach.

raah...@gmail.com

unread,
Feb 14, 2017, 9:41:49 PM2/14/17
to qubes-users, turb...@gmail.com, un...@thirdeyesecurity.org

isn't tcpdump just as vulnerable though if not more?

I run things like that in sys-net since i consider it extremely untrusted, but if you have the resources or want only specific streams, sure a separate template or seperate vm i would assume is more secure.

Chris Laprise

unread,
Feb 14, 2017, 10:33:47 PM2/14/17
to raah...@gmail.com, qubes-users, turb...@gmail.com, un...@thirdeyesecurity.org
On 02/14/2017 09:41 PM, raah...@gmail.com wrote:
>
> isn't tcpdump just as vulnerable though if not more?
>
> I run things like that in sys-net since i consider it extremely untrusted, but if you have the resources or want only specific streams, sure a separate template or seperate vm i would assume is more secure.

Since sys-net is untrusted, try using a proxyVM which should be much
safer. At least it'll work for IP traffic.

Chris
Reply all
Reply to author
Forward
0 new messages