Does this (suspicious) data would like to connect to internet?

If i would have some suspicious data,
which i don't want to open on regular system,

and i would rather run it, in the virtual environment, with has internet connection turned off,

How can i check, if there are any attempts to connect internet?
what else i suppose to be aware, while running/opening suspicious data?

To prevent network access, completely remove network access. See https://en.wikipedia.org/wiki/Air_gap_(networking)

Alternatively, the top result for searching "opensource malware sandbox" is: https://cuckoosandbox.org/ which claims: "You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment."

Quote:

Originally Posted by hkjz If i would have some suspicious data, which i don't want to open on regular system, and i would rather run it, in the virtual environment, with has internet connection turned off, How can i check, if there are any attempts to connect internet? what else i suppose to be aware, while running/opening suspicious data?

You can't run data - it would be in a text file.
Unless there is an executable program within the text file - but I'm not familiar with such things.

If you have a suspicious program then you can simply remove the ethernet cable and run the program. See if error messages are reported.
No virtualization needed.

If you're not satisfied with the data or program - simply remove it.
Re-install the data or program from your MX Linux repository.

I am not a malware researcher but I would never run anything "suspicious" on a host box; I would always use a VM and one that has no network access. boughtonp's suggestions are I think, good.

Code:

firejail --noprofile --net=none <name of application>