RE: [Snort-users] Snort in VMware
This is a discussion on RE: [Snort-users] Snort in VMware within the Snort forums, part of the System Security and Security Related category; From my experience with VMware, I would suggest installing an ethernet card devoted to (not bridged) the VMware server. You ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-19-2004
|
|||
|
|||
RE: [Snort-users] Snort in VMware
From my experience with VMware, I would suggest installing an ethernet
card devoted to (not bridged) the VMware server. You need to add the NIC to the host system, then add the adapter to one of the VMware Nic slots on the Host Virtual Network Mappping tab under Virtaul Network Editor. This should give you the best performance. You can also try this with the NIC that is already on the host just to see if it works instead of using a bridged connection. I'm not sure if winpcap needs to be installed on your host, somebody may want to contribute their $.02 on that. Remember also that the NIC is emulated to an AMD PCNet card when bridged or local only- I'm not sure if this is the case when directly mapped, so you may have to play with the settings to enable promiscuous mode for that NIC on the VMware client system within Linux. -Doug -----Original Message----- From: Brian McNeilly [mailto:bmcneilly@shaw.ca]=20 Sent: Wednesday, February 18, 2004 1:33 PM To: snort-users@lists.sourceforge.net Subject: [Snort-users] Snort in VMware Hi, Here's a summary of my setup: I am using VMware GSX Server for my Snort box. The guest OS where Snort is installed is running RedHat9, and the host is running Windows XP Pro. Everything seems to work great, except I can only see packets coming to and from my host IP address: nothing else from the network appears in the Snort logs. The host machine is connected to a non-switching hub, and the linux interface on the guest is set to promiscuous mode. What I want to scan is every packet going through the hub, regardless of the source and destination addresses. Has anyone had issues with running Snort on a VMware guest? Is there anything else I need to check to make sure my connection sees all the packets from the hub? Thanks for your help, Brian McNeilly ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=3D1356&al...438&op=3Dclick _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...snort-users=20 ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
