Snort mailing list archives
RE: Snort in VMware
From: "DM" <dm () echo rutgers edu>
Date: Wed, 18 Feb 2004 14:01:32 -0500
From my experience with VMware, I would suggest installing an ethernet
card devoted to (not bridged) the VMware server. You need to add the NIC to the host system, then add the adapter to one of the VMware Nic slots on the Host Virtual Network Mappping tab under Virtaul Network Editor. This should give you the best performance. You can also try this with the NIC that is already on the host just to see if it works instead of using a bridged connection. I'm not sure if winpcap needs to be installed on your host, somebody may want to contribute their $.02 on that. Remember also that the NIC is emulated to an AMD PCNet card when bridged or local only- I'm not sure if this is the case when directly mapped, so you may have to play with the settings to enable promiscuous mode for that NIC on the VMware client system within Linux. -Doug -----Original Message----- From: Brian McNeilly [mailto:bmcneilly () shaw ca] Sent: Wednesday, February 18, 2004 1:33 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort in VMware Hi, Here's a summary of my setup: I am using VMware GSX Server for my Snort box. The guest OS where Snort is installed is running RedHat9, and the host is running Windows XP Pro. Everything seems to work great, except I can only see packets coming to and from my host IP address: nothing else from the network appears in the Snort logs. The host machine is connected to a non-switching hub, and the linux interface on the guest is set to promiscuous mode. What I want to scan is every packet going through the hub, regardless of the source and destination addresses. Has anyone had issues with running Snort on a VMware guest? Is there anything else I need to check to make sure my connection sees all the packets from the hub? Thanks for your help, Brian McNeilly ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort in VMware Brian McNeilly (Feb 18)
- Re: Snort in VMware Stephen W. Thompson (Feb 19)
- <Possible follow-ups>
- RE: Snort in VMware Douglas McCrea (Feb 18)
- Re: Snort in VMware M. Morgan (Feb 18)
- Re: Snort in VMware Jeff (Feb 18)
- RE: Snort in VMware DM (Feb 19)
- Re: Snort in VMware Brian McNeilly (Feb 19)
- Re: Snort in VMware M. Morgan (Feb 19)
- Re: Snort in VMware Mark Fagan (Feb 19)
- OT: Re: Snort in VMware/hubs Jeff (Feb 19)
- Re: Snort in VMware Michael Stone (Feb 23)
- Re: Snort in VMware Mark Fagan (Feb 19)