[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Re: [xen-discuss] Snort on domU


  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: "Nathan Eisenberg" <nathan@xxxxxxxxxxxxxxxx>
  • Date: Fri, 26 Jun 2009 16:01:38 +0000
  • Delivery-date: Fri, 26 Jun 2009 09:19:38 -0700
  • Importance: Normal
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Sensitivity: Normal

I would imagine that the bridge acts as its own filtering link, so even if you 
used a hub or port mirroring, the domU will only get frames destined for it.
Best Regards,
Nathan Eisenberg
Sr. Systems Administrator
Atlas Networks, LLC

Sent from my BlackBerry

-----Original Message-----
From: "Fajar A. Nugraha" <fajar@xxxxxxxxx>

Date: Fri, 26 Jun 2009 22:56:40 
To: David Edmondson<dme@xxxxxxx>
Cc: <xen-discuss@xxxxxxxxxxxxxxx>; <xen-users@xxxxxxxxxxxxxxxxxxx>; Dot 
Yet<dot.yet@xxxxxxxxx>
Subject: [Xen-users] Re: [xen-discuss] Snort on domU


On Fri, Jun 26, 2009 at 5:09 PM, David Edmondson<dme@xxxxxxx> wrote:
> * dot.yet@xxxxxxxxx [2009-06-25 23:08:41]
>> Can anyone confirm if a xen based domU can be used for snort setup? It is
>> not for commercial use, rather just SOHO use.
>
> You can run snort in a guest, but it won't see all of the traffic from
> the wire.
>
> It gets:
>    - traffic to its' MAC address,
>    - traffic with the multicast bit set in the destination address.
>

... and how is this different from a physical server, connected to a
switch? Won't the switch filter out packets not intended for mac
addresses on a particular port?

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.