Snort mailing list archives
Re: Snort in VMware
From: "Stephen W. Thompson" <thompson () isc upenn edu>
Date: Wed, 18 Feb 2004 16:46:27 -0500 (EST)
On Wed, 18 Feb 2004, Brian McNeilly <bmcneilly () shaw ca> wrote:
Here's a summary of my setup: I am using VMware GSX Server for my Snort box. The guest OS where Snort is installed is running RedHat9, and the host is running Windows XP Pro. Everything seems to work great, except I can only see packets coming to and from my host IP address: nothing else from the network appears in the Snort logs. The host machine is connected to a non-switching hub, and the linux interface on the guest is set to promiscuous mode. What I want to scan is every packet going through the hub, regardless of the source and destination addresses. Has anyone had issues with running Snort on a VMware guest? Is there anything else I need to check to make sure my connection sees all the packets from the hub?
With Linux as guest and Linux as guest on version 2.x of VMware, I had that sort of problem. I needed to make sure that the user VMware was running as had rights to the network resource I was trying to use. In that case, there was a /dev/vmnet<wildcardhere> file that needed to be r/w permissions for the vmware user. Glancing through the VMware website's knowledgebase, there are various utilities which newer versions provide. See, for example, http://www.vmware.com/support/esx2/doc/esx20admin_netwk5.html En paz, Steve -- Stephen W. Thompson, UPenn, ISC Information Security, 215-898-1236 The only safe choice: Write e-mail as if it's public. Cuz it could be. ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort in VMware Brian McNeilly (Feb 18)
- Re: Snort in VMware Stephen W. Thompson (Feb 19)
- <Possible follow-ups>
- RE: Snort in VMware Douglas McCrea (Feb 18)
- Re: Snort in VMware M. Morgan (Feb 18)
- Re: Snort in VMware Jeff (Feb 18)
- RE: Snort in VMware DM (Feb 19)
- Re: Snort in VMware Brian McNeilly (Feb 19)
- Re: Snort in VMware M. Morgan (Feb 19)
- Re: Snort in VMware Mark Fagan (Feb 19)
- OT: Re: Snort in VMware/hubs Jeff (Feb 19)
- Re: Snort in VMware Michael Stone (Feb 23)
- Re: Snort in VMware Mark Fagan (Feb 19)