|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Re: Snort on domU
* fajar@xxxxxxxxx [2009-06-26 16:56:40] > On Fri, Jun 26, 2009 at 5:09 PM, David Edmondson<dme@xxxxxxx> wrote: >> * dot.yet@xxxxxxxxx [2009-06-25 23:08:41] >>> Can anyone confirm if a xen based domU can be used for snort setup? It is >>> not for commercial use, rather just SOHO use. >> >> You can run snort in a guest, but it won't see all of the traffic from >> the wire. >> >> It gets: >> Â Â- traffic to its' MAC address, >> Â Â- traffic with the multicast bit set in the destination address. >> > > ... and how is this different from a physical server, connected to a > switch? Won't the switch filter out packets not intended for mac > addresses on a particular port? Most switches do this, yes. In that case it's usually possible to put a switch port into monitor mode, which means that it gets all packets. This isn't currently possible with the Solaris VNIC implementation. dme. -- David Edmondson, Sun Microsystems, http://dme.org _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |