Snort mailing list archives
Detecting Guest to Guest Traffic
From: Jonathan Streetman <jstreetm () gmail com>
Date: Mon, 5 Jun 2017 11:05:53 -0400
Not sure if this is a simple question but I was hoping for some insight into finishing a pentest lab. My goal is to have Snort sniff an attack in a virtual environment between two guest VM's. My current setup running on virtualbox: 1. Windows 10 running Snort (host) 2. Kali as attacker (guest) 3. Unpatched Windows XP as target (guest) The two guest machines are networked as host-only. Within each machine I can ping host-guest and guest-guest.Pinging host-guest and running a test ICMP alert [alert icmp any any -> any any (msg:"Testing ICMP"; sid:1000001;)] shows only the return echo packets. Pinging guest-guest does not show any traffic. My Snort startup is: C:\Snort\bin>snort -i 6 -c c:\snort\etc\snort.conf -A console where 6 is the virtualBox interaface Keeping the same configuration but changing the interface to the host NIC and pinging the web from the host, Snort will display the ICMP request and replies. Any insight into how I can have Snort monitor the traffic between the two guest while running on the host? Thanks! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Detecting Guest to Guest Traffic Jonathan Streetman (Jun 05)