Re: [Snort-users] Snort in VMware
This is a discussion on Re: [Snort-users] Snort in VMware within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. --Boundary_(ID_raNHTSqwD4HzWyBh+VB+lw) Content-type: text/html; charset=us-ascii ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-19-2004
|
|||
|
|||
Re: [Snort-users] Snort in VMware
This is a multi-part message in MIME format.
--Boundary_(ID_raNHTSqwD4HzWyBh+VB+lw) Content-type: text/html; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline <BODY><P>Hi again,<BR><BR>Thanks for all the responses. We discovered that the problem was the firewall set up on the host machine. It was blocking all of the traffic that I wanted to see in Snort. Rather than compromise the host, we are trying out a second NIC dedicated to the VM (as Doug suggested).<BR><BR>Cheers,<BR>Brian McNeilly</P></BODY> --Boundary_(ID_raNHTSqwD4HzWyBh+VB+lw) Content-type: message/rfc822 Return-path: <snort-users-admin@lists.sourceforge.net> Received: from pd6mr3no.prod.shaw.ca (pd6mr3no-qfe2.prod.shaw.ca [10.0.144.190]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HTA006WQNSU30@l-daemon> for bmcneilly@shaw.ca; Wed, 18 Feb 2004 12:07:42 -0700 (MST) Received: from pd7mi1no.prod.shaw.ca ([10.0.149.114]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HTA00JAQNSUX4@l-daemon> for bmcneilly@shaw.ca (ORCPT bmcneilly@shaw.ca); Wed, 18 Feb 2004 12:07:42 -0700 (MST) Received: from sc8-sf-list1.sourceforge.net (lists.sourceforge.net [66.35.250.206]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HTA00D5PNSTHR@l-daemon>; Wed, 18 Feb 2004 12:07:42 -0700 (MST) Received: from localhost ([127.0.0.1] helo=projects.sourceforge.net) by sc8-sf-list1.sourceforge.net with esmtp (Exim 4.30) id 1AtWh2-00073J-Mu; Wed, 18 Feb 2004 10:45:08 -0800 Received: from sc8-sf-mx1-b.sourceforge.net ([10.3.1.11] helo=sc8-sf-mx1.sourceforge.net) by sc8-sf-list1.sourceforge.net with esmtp (Exim 4.30) id 1AtWgT-0006tv-3u for snort-users@lists.sourceforge.net; Wed, 18 Feb 2004 10:44:33 -0800 Received: from shawidc-mo1.cg.shawcable.net ([24.71.223.10] helo=pd3mo2so.prod.shaw.ca) by sc8-sf-mx1.sourceforge.net with esmtp (Exim 4.30) id 1AtWbe-0003NC-VN for snort-users@lists.sourceforge.net; Wed, 18 Feb 2004 10:39:35 -0800 Received: from pd3mr4so.prod.shaw.ca (pd3mr4so-ser.prod.shaw.ca [10.0.141.180]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HTA0060EM7QHN@l-daemon> for snort-users@lists.sourceforge.net; Wed, 18 Feb 2004 11:33:26 -0700 (MST) Received: from shaw.ca (pd4ms2so-con.prod.shaw.ca [10.0.122.201]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HTA008M1M7QA9@l-daemon> for snort-users@lists.sourceforge.net; Wed, 18 Feb 2004 11:33:26 -0700 (MST) Received: from [10.0.144.80] by pd4ims2.prod.shaw.ca (mshttpd); Wed, 18 Feb 2004 10:33:26 -0800 Date: Wed, 18 Feb 2004 10:33:26 -0800 From: Brian McNeilly <bmcneilly@shaw.ca> Subject: [Snort-users] Snort in VMware Sender: snort-users-admin@lists.sourceforge.net To: snort-users@lists.sourceforge.net Errors-to: snort-users-admin@lists.sourceforge.net Message-id: <461ea411e6.411e6461ea@shaw.ca> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.18 (built Jul 28 2003) Content-type: text/html; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en Priority: normal Precedence: bulk X-BeenThere: snort-users@lists.sourceforge.net X-Spam-Score: 1.8 (+) X-Spam-Report: Spam Filtering performed by sourceforge.net. See http://spamassassin.org/tag/ for more details. Report problems to http://sf.net/tracker/?func=add&group_id=1&atid=200001 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.7 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag X-Original-Date: Wed, 18 Feb 2004 10:33:26 -0800 X-Mailman-Version: 2.0.9-sf.net List-Post: <mailto:snort-users@lists.sourceforge.net> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>, <mailto:snort-users-request@lists.sourceforge.net?subject=subscribe> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>, <mailto:snort-users-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=snort-users> List-Help: <mailto:snort-users-request@lists.sourceforge.net?subject=help> List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net> Original-recipient: rfc822;bmcneilly@shaw.ca <BODY><P>Hi,<BR><BR>Here's a summary of my setup: I am using VMware GSX Server for my Snort box. The guest OS where Snort is installed is running RedHat9, and the host is running Windows XP Pro.<BR><BR>Everything seems to work great, except I can only see packets coming to and from my host IP address: nothing else from the network appears in the Snort logs. The host machine is connected to a non-switching hub, and the linux interface on the guest is set to promiscuous mode. What I want to scan is every packet going through the hub, regardless of the source and destination addresses.<BR><BR>Has anyone had issues with running Snort on a VMware guest? Is there anything else I need to check to make sure my connection sees all the packets from the hub?<BR><BR>Thanks for your help,<BR>Brian McNeilly</P></BODY> ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --Boundary_(ID_raNHTSqwD4HzWyBh+VB+lw)-- ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
