PaulDotCom mailing list archives
Re: running Snort on a VirtualBox internal network
From: Robin Wood <robin () digininja org>
Date: Sun, 14 Nov 2010 10:33:24 +0000
On 13 November 2010 20:47, Shane Kennedy <kennedy.shane () gmail com> wrote:
Robin, I have a virtualbox lab with multiple hosts running on multiple internal networks. One of my hosts is bridged into my real-world local network and acts as a gateway into the internal networks, much like yours. From that gateway host, I pinged a target host on one of the remote internal networks 2 hops away and sent some unicast TCP traffic as well. I also sent some traffic to the target from a couple of hosts on the real-world network. I was able to observe all the traffic to my target from another host on the same remote network simply by sniffing in promiscuous mode. Seems like virtualbox internal networks are more like hubs than switches. Hope this helps,
Interesting, I'll try shifting to promiscuous mode and see what happens. Robin
SK On Sat, Nov 13, 2010 at 12:39 PM, Robin Wood <robin () digininja org> wrote:In an attempt to add Snort to my VirtualBox lab I was wondering if it was possible to set up a mirror port on a VirtualBox internal network. The setup I've got is a group of about 6 machines on an internal network and another machine with two interfaces, one on the internal network and one bridged to the real world currently running pfSense (yes, I know pfSense will run Snort but that will only be on traffic passing through the firewall). I use the pfSense box to open and NAT different internal machines to the real world so I can fire off different attacks, for this running Snort on pfSense would help but I'd also like to have it running on a mirror on the switch so that I can watch what alerts trigger when I try to pivot inside that network. I've tried asking on the VirtualBox forums but I don't think they really understand what I'm trying to setup. Does anyone know if this is possible and if so how to do it? Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- running Snort on a VirtualBox internal network Robin Wood (Nov 13)
- Re: running Snort on a VirtualBox internal network Shane Kennedy (Nov 13)
- Re: running Snort on a VirtualBox internal network Robin Wood (Nov 14)
- Re: running Snort on a VirtualBox internal network Shane Kennedy (Nov 13)