[Pauldotcom] running Snort on a VirtualBox internal network
robin at digininja.org
Sun Nov 14 10:33:24 UTC 2010
On 13 November 2010 20:47, Shane Kennedy <kennedy.shane at gmail.com> wrote:
> I have a virtualbox lab with multiple hosts running on multiple
> internal networks. One of my hosts is bridged into my real-world
> local network and acts as a gateway into the internal networks, much
> like yours.
> From that gateway host, I pinged a target host on one of the remote
> internal networks 2 hops away and sent some unicast TCP traffic as
> well. I also sent some traffic to the target from a couple of hosts
> on the real-world network. I was able to observe all the traffic to
> my target from another host on the same remote network simply by
> sniffing in promiscuous mode. Seems like virtualbox internal networks
> are more like hubs than switches.
> Hope this helps,
Interesting, I'll try shifting to promiscuous mode and see what happens.
> On Sat, Nov 13, 2010 at 12:39 PM, Robin Wood <robin at digininja.org> wrote:
>> In an attempt to add Snort to my VirtualBox lab I was wondering if it
>> was possible to set up a mirror port on a VirtualBox internal network.
>> The setup I've got is a group of about 6 machines on an internal
>> network and another machine with two interfaces, one on the internal
>> network and one bridged to the real world currently running pfSense
>> (yes, I know pfSense will run Snort but that will only be on traffic
>> passing through the firewall). I use the pfSense box to open and NAT
>> different internal machines to the real world so I can fire off
>> different attacks, for this running Snort on pfSense would help but
>> I'd also like to have it running on a mirror on the switch so that I
>> can watch what alerts trigger when I try to pivot inside that network.
>> I've tried asking on the VirtualBox forums but I don't think they
>> really understand what I'm trying to setup. Does anyone know if this
>> is possible and if so how to do it?
>> Pauldotcom mailing list
>> Pauldotcom at mail.pauldotcom.com
>> Main Web Site: http://pauldotcom.com
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> Main Web Site: http://pauldotcom.com
More information about the Pauldotcom