IDS, wireshark, nmap in qubes

User Support
, ,
1

Hello community, i am using qubes for the last year or so i love it.
The only problems i have are related to the kernel and certain hardware issues.

To my questions:

  1. I want to start pentesting (my own system). I can run Kali in a VM as AppVM, Standalone or on a seperate device. Where should use things like nmap, wireshark etc? should i have a wireshark vm as a “proxy vm”? Can a appvm with nmap see all other qubes IPs etc?

  2. I want to install a real firewall, ids etc. where should i do that?
    I am using sys-whonix for all appvms, updates etc above sys whonix is only sys-firewall and sys-net connected with a vpn router.

  3. Should i do a firewall / ids on the router too?

Sry if i missed something, wish you all a great day!

2

Hello,

I don’t want to appear rude, but if you are asking such questions I’m afraid you will not be able to use these tools in a meaningful way.

Do you have experience with any of these? (nmap, wireshark, any kind of IDS/IPS)

1 Like
3

You most likely want to run Wireshark inside your Kali Qube, but you have to understand Qubes networking to understand the limitations of running Wireshark in an Appvm (unless you heavily modify the firewall in you sys-firewall)

Qubes OS already ships with a firewall called sys-firewall.

Your router most likely already acts as a basic firewall (unless misconfigured).
Adding an IDS/IPS on the router is generally a good idea, but most basic consumer router dont support it.

Before diving into tools like firewalls, IDS/IPS, or packet sniffers, take the time to understand:

  • What these tools are,
  • What they’re used for,
  • What professionals aim to achieve with them.

Start by learning about firewalls in general. Then, check out the Qubes Networking Documentation for Qubes-specific guidance.

Also, note: You don’t need Kali just to use tools like nmap or Wireshark.
Kali is useful if you need a wide range of specialized tools that aren’t easily installed elsewhere. But for basics like nmap or wireshark (and a lot of other tools you will learn about), you can install them using apt or dnf in Debian or Fedora qubes.

2 Likes
4

Learning by doing.

never used an ids but nmap /wirshark occasionally.
The reason i am asking is to experiment in my homelab with it but qubes sometimes is very frustrating - for example when trying to install drivers for wifi chipsets :stuck_out_tongue:

1 Like