diff options
author | netblue30 <netblue30@protonmail.com> | 2022-01-07 09:52:00 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2022-01-07 09:52:00 -0500 |
commit | 500a56efd310396f142440019aee671b5f747efb (patch) | |
tree | 8effc272b3814207c8b5583e99bcd9b925558dab /README.md | |
parent | fix wrap/nowrap help string in firemon (diff) | |
download | firejail-500a56efd310396f142440019aee671b5f747efb.tar.gz firejail-500a56efd310396f142440019aee671b5f747efb.tar.zst firejail-500a56efd310396f142440019aee671b5f747efb.zip |
more on nettrace
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 20 |
1 files changed, 12 insertions, 8 deletions
@@ -298,19 +298,23 @@ INTRUSION DETECTION SYSTEM (IDS) | |||
298 | 298 | ||
299 | ### Network Monitor | 299 | ### Network Monitor |
300 | ````` | 300 | ````` |
301 | --nettrace=name|pid | 301 | --nettrace=name|pid |
302 | Monitor TCP and UDP traffic coming into the sandbox specified by | 302 | Monitor TCP and UDP traffic coming into the sandbox specified by |
303 | name or pid. Only networked sandboxes created with --net are | 303 | name or pid. Only networked sandboxes created with --net are |
304 | supported. | 304 | supported. |
305 | 305 | ||
306 | $ firejail --nettrace=browser | 306 | $ firejail --nettrace=browser |
307 | 9.9.9.9:53 => 192.168.1.60 UDP: 122 B/sec | 307 | 86 KB/s ********* 64.222.84.207:443 United States |
308 | 72.21.91.29:80 => 192.168.1.60 TCP: 257 B/sec | 308 | 76 KB/s ******** 192.229.210.163:443 MCI |
309 | 80.92.126.65:123 => 192.168.1.60 UDP: 25 B/sec | 309 | 111 B/s 9.9.9.9:53 Quad9 DNS |
310 | 69.30.241.50:443 => 192.168.1.60 TCP: 88 KB/sec | 310 | 32 KB/s *** 142.250.179.182:443 Google |
311 | 140.82.112.4:443 => 192.168.1.60 TCP: 1861 B/sec | 311 | |
312 | 312 | If /usr/bin/geoiplookup is installed (geoip-bin packet in De‐ | |
313 | (14 streams in the last one minute) | 313 | bian), the country the IP address originates from is added to |
314 | the trace. We also use the static IP map in /etc/firejail/host‐ | ||
315 | names to print the domain names for some of the more common web‐ | ||
316 | sites and cloud platforms. No external services are contacted | ||
317 | for reverse IP lookup. | ||
314 | 318 | ||
315 | ````` | 319 | ````` |
316 | 320 | ||