well i normally use a kfsensor but it's not hugely useful when it comes to worms.

I set it up because i wanted to to capture those new upp exploting worms bobax and the other one but it's obviously not going to be as straightforward as I'd thought. Perhaps I should be using the NAT networking option....

I'm interested in worm analysis and capturing one seems to be first step.