Detecting Guest to Guest Traffic

[Jonathan Streetman <jstreetm () gmail com>]

Not sure if this is a simple question but I was hoping for some insight
into finishing a pentest lab. My goal is to have Snort sniff an attack in a
virtual environment between two guest VM's. My current setup running on
virtualbox:

1. Windows 10 running Snort (host)
2. Kali as attacker (guest)
3. Unpatched Windows XP as target (guest)

The two guest machines are networked as host-only. Within each machine I
can ping host-guest and guest-guest.Pinging host-guest and running a test
ICMP alert [alert icmp any any -> any any (msg:"Testing ICMP";
sid:1000001;)] shows only the return echo packets. Pinging guest-guest does
not show any traffic.

My Snort startup is:
C:\Snort\bin>snort -i 6 -c c:\snort\etc\snort.conf -A console
where 6 is the virtualBox interaface

Keeping the same configuration but changing the interface to the host NIC
and pinging the web from the host, Snort will display the ICMP request and
replies.

Any insight into how I can have Snort monitor the traffic between the two
guest while running on the host?

Thanks!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!