PCAP for Sandboxed Programs

Ideas for enhancements to the software
Posts: 6
Joined: Tue Oct 13, 2015 5:34 pm

PCAP for Sandboxed Programs

Post by amiable_indian » Tue Oct 20, 2015 2:51 pm

Earlier I asked a question in this forum that if its possible to run tcpdump in sandboxie's box to monitor other programs in the same box. http://forums.sandboxie.com/phpBB3/view ... 17&t=21912

While the official reply was that it cannot be done, but I found another way to doing this and sharing it here just in case someone else needs it. I am using a tool from Microsoft that can capture pcaps and allows user to set filters based on process ids. [http://www.microsoft.com/en-us/download ... px?id=4865]

So in my workflow, I am executing a sandboxed program, then use start.exe /listpids http://www.sandboxie.com/?StartCommandLine to find process-ids and then automatically use them to trigger Microsoft's nmcap.exe utility mentioned above to capture packets from certain processes. This way I can monitor traffic from PIDs running in a particular box within sandboxie, isolated from other boxes that may be running.

If MS could do it, I am sure Sandboxie team could do it too :wink: and make it an awesome feature :D



Who is online

Users browsing this forum: No registered users and 1 guest