Re: [Snort-users] Snort in VMware
This is a discussion on Re: [Snort-users] Snort in VMware within the Snort forums, part of the System Security and Security Related category; <HEAD> <META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD> <...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2004
|
|||
|
|||
Re: [Snort-users] Snort in VMware
<HEAD>
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD> <BODY> <DIV>Hi Brian,</DIV> <DIV>"What I want to scan is every packet going through the hub, regardless of the source and destination addresses."<BR><BR> You need to have snort plugged into a "spanned" or "mirrored" port for it to see all of the traffic on that hub/switch/router. You should be able to use "tcpdump" in Red Hat to get a look at the real time traffic on your eth card. </DIV> <DIV> </DIV> <DIV>Thanks,</DIV> <DIV>Michael<BR><BR>-----Original Message----- <BR>From: Brian McNeilly <BMCNEILLY@SHAW.CA><BR>Sent: Feb 18, 2004 1:33 PM <BR>To: snort-users@lists.sourceforge.net <BR>Subject: [Snort-users] Snort in VMware <BR><BR></DIV><XBODY> <P>Hi,<BR><BR>Here's a summary of my setup: I am using VMware GSX Server for my Snort box. The guest OS where Snort is installed is running RedHat9, and the host is running Windows XP Pro.<BR><BR>Everything seems to work great, except I can only see packets coming to and from my host IP address: nothing else from the network appears in the Snort logs. The host machine is connected to a non-switching hub, and the linux interface on the guest is set to promiscuous mode. What I want to scan is every packet going through the hub, regardless of the source and destination addresses.<BR><BR>Has anyone had issues with running Snort on a VMware guest? Is there anything else I need to check to make sure my connection sees all the packets from the hub?<BR><BR>Thanks for your help,<BR>Brian McNeilly</P> <DIV>------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&...8&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users </DIV></BODY> ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
