From 95a725b61cd9b96cacb73ecef254db9860afb38d Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 11 Oct 2022 11:01:01 -0400 Subject: nettrace-dns and nettrace-sni --- src/man/firejail.txt | 86 ++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 80 insertions(+), 6 deletions(-) (limited to 'src/man') diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 82eea3977..3b743386e 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -1548,7 +1548,7 @@ PID User RX(KB/s) TX(KB/s) Command 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission .TP \fB\-\-nettrace[=name|pid] -Monitor TCP and UDP traffic coming into the sandbox specified by name or pid. Only networked sandboxes +Monitor received TCP. UDP, and ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes created with \-\-net are supported. This option is only available when running the sandbox as root. .br @@ -1557,9 +1557,7 @@ Without a name/pid, Firejail will monitor the main system network namespace. .br .br - $ sudo firejail --nettrace=browser -.br - +$ sudo firejail --nettrace=browser .br 95 KB/s geoip 457, IP database 4436 .br @@ -1576,10 +1574,86 @@ Without a name/pid, Firejail will monitor the main system network namespace. .br If /usr/bin/geoiplookup is installed (geoip-bin package in Debian), -the country the IP address originates from is added to the trace. -We also use the static IP map in /etc/firejail/hostnames +the country the traffic originates from is added to the trace. +We also use the static IP map in /usr/lib/firejail/static-ip-map to print the domain names for some of the more common websites and cloud platforms. No external services are contacted for reverse IP lookup. +.TP +\fB\-\-nettrace-dns[=name|pid] +Monitor DNS queries. The sandbox can be specified by name or pid. Only networked sandboxes +created with \-\-net are supported. This option is only available when running the sandbox as root. +.br + +.br +Without a name/pid, Firejail will monitor the main system network namespace. +.br + +.br +$ sudo firejail --nettrace-dns=browser +.br +11:31:43 9.9.9.9 linux.com (type 1) +.br +11:31:45 9.9.9.9 fonts.googleapis.com (type 1) NXDOMAIN +.br +11:31:45 9.9.9.9 js.hs-scripts.com (type 1) NXDOMAIN +.br +11:31:45 9.9.9.9 www.linux.com (type 1) +.br +11:31:45 9.9.9.9 fonts.googleapis.com (type 1) NXDOMAIN +.br +11:31:52 9.9.9.9 js.hs-scripts.com (type 1) NXDOMAIN +.br +11:32:05 9.9.9.9 secure.gravatar.com (type 1) +.br +11:32:06 9.9.9.9 secure.gravatar.com (type 1) +.br +11:32:08 9.9.9.9 taikai.network (type 1) +.br +11:32:08 9.9.9.9 cdn.jsdelivr.net (type 1) +.br +11:32:08 9.9.9.9 taikai.azureedge.net (type 1) +.br +11:32:08 9.9.9.9 www.youtube.com (type 1) +.br +.TP +\fB\-\-nettrace-sni[=name|pid] +Monitor Server Name Indication (TLS/SNI). The sandbox can be specified by name or pid. Only networked sandboxes +created with \-\-net are supported. This option is only available when running the sandbox as root. +.br + +.br +Without a name/pid, Firejail will monitor the main system network namespace. +.br + +.br +$ sudo firejail --nettrace-sni=browser +.br +07:49:51 23.185.0.3 linux.com +.br +07:49:51 23.185.0.3 www.linux.com +.br +07:50:05 192.0.73.2 secure.gravatar.com +.br +07:52:35 172.67.68.93 www.howtoforge.com +.br +07:52:37 13.225.103.59 sf.ezoiccdn.com +.br +07:52:42 142.250.176.3 www.gstatic.com +.br +07:53:03 173.236.250.32 www.linuxlinks.com +.br +07:53:05 192.0.77.37 c0.wp.com +.br +07:53:08 192.0.78.32 jetpack.wordpress.com +.br +07:53:09 192.0.77.32 s0.wp.com +.br +07:53:09 192.0.77.2 i0.wp.com +.br +07:53:10 192.0.77.2 i0.wp.com +.br +07:53:11 192.0.73.2 1.gravatar.com +.br #endif .TP \fB\-\-nice=value -- cgit v1.2.3-54-g00ecf