PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: running Snort on a VirtualBox internal network

From: Shane Kennedy <kennedy.shane () gmail com>
Date: Sat, 13 Nov 2010 15:47:42 -0500
Robin,

I have a virtualbox lab with multiple hosts running on multiple
internal networks.  One of my hosts is bridged into my real-world
local network and acts as a gateway into the internal networks, much
like yours.


From that gateway host, I pinged a target host on one of the remote

internal networks 2 hops away and sent some unicast TCP traffic as
well.  I also sent some traffic to the target from a couple of hosts
on the real-world network.  I was able to observe all the traffic to
my target from another host on the same remote network simply by
sniffing in promiscuous mode.  Seems like virtualbox internal networks
are more like hubs than switches.

Hope this helps,

SK

On Sat, Nov 13, 2010 at 12:39 PM, Robin Wood <robin () digininja org> wrote:

In an attempt to add Snort to my VirtualBox lab I was wondering if it
was possible to set up a mirror port on a VirtualBox internal network.

The setup I've got is a group of about 6 machines on an internal
network and another machine with two interfaces, one on the internal
network and one bridged to the real world currently running pfSense
(yes, I know pfSense will run Snort but that will only be on traffic
passing through the firewall). I use the pfSense box to open and NAT
different internal machines to the real world so I can fire off
different attacks, for this running Snort on pfSense would help but
I'd also like to have it running on a mirror on the switch so that I
can watch what alerts trigger when I try to pivot inside that network.

I've tried asking on the VirtualBox forums but I don't think they
really understand what I'm trying to setup. Does anyone know if this
is possible and if so how to do it?

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: