So I’m trying to get a simple solution to monitor internet traffic of connected qubes. The best solution so far for me has been iptraf’s “LAN station monitor”. IIUC it shows the total in and out traffic for each connected VM in concise, accumulated form, with in and out traffic separated, and can be launched via a single click (launcher with command qvm-run -u root sys-net xterm iptraf-ng and then just select LAN station).
The problem with this is that the identification of VMs is via a “HW address” that looks in format like a MAC address, not an IP, so I don’t actually know which qube is which in this view.
So the question is: how can I find out in sys-net which qube is assigned which MAC address?
Or, alternatively, how can I achieve the same result another way (cumulative in/out traffic, not combined, for each VM, with easy-to-use tool running only in sys-net).
I’ve tried all sorts of commands with nmcli, ip and reading lots of threads, but nothing. qvm-prefs shows only the sys-net MAC address in every qube, it seems, as it’s the same in all qubes.
Edit: I seem to have been quite mistaken about assuming that the different list entries are different VMs; they are not. So, the question then is broadened: how to get a simple in/out (separate) listing of current rate and cumulative data transferred by VM, ideally with the correct VM name.
You will never get the IP resolved as hostname (qubes names), you would need reverse DNS configured for theses IPs and it’s not something done in Qubes OS.
Thanks, yes you are right about the qubes names, so the local VM IPs would be fine. I see in your guide there are what looks like local IPs, e.g. 10.42.42.101 and 10.42.42.42 in the last screenshot. Am I correct in assuming that those are local IPs of qubes that are not sys-net / sys-firewall and those IPs correspond to the IPs in the Qubes Manager? Did you take those screenshots while running the program in sys-net?
It definitely looks interesting, but there are quite a few dependencies I’d have to install in the template and then of course trust the program itself. But I’ll bookmark it and mull it over.
You wouldn’t happen to know what those MAC addresses in iptraf actually represent? I’ve been puzzling over it quite a bit, but I don’t know much about networking. They don’t seem to be individual VMs, but there are quite a few of them.
iptraf also supports reverseDNS, which is nice, but local sources or targets are all sys-net:xxxxx and there can be multiple port numbers per VM or even application in a VM.
Edit: actually I just noticed that the dependencies are for if I wanted to build it, not run it…