Robin, I have a virtualbox lab with multiple hosts running on multiple internal networks. One of my hosts is bridged into my real-world local network and acts as a gateway into the internal networks, much like yours.
>From that gateway host, I pinged a target host on one of the remote internal networks 2 hops away and sent some unicast TCP traffic as well. I also sent some traffic to the target from a couple of hosts on the real-world network. I was able to observe all the traffic to my target from another host on the same remote network simply by sniffing in promiscuous mode. Seems like virtualbox internal networks are more like hubs than switches. Hope this helps, SK On Sat, Nov 13, 2010 at 12:39 PM, Robin Wood <[email protected]> wrote: > In an attempt to add Snort to my VirtualBox lab I was wondering if it > was possible to set up a mirror port on a VirtualBox internal network. > > The setup I've got is a group of about 6 machines on an internal > network and another machine with two interfaces, one on the internal > network and one bridged to the real world currently running pfSense > (yes, I know pfSense will run Snort but that will only be on traffic > passing through the firewall). I use the pfSense box to open and NAT > different internal machines to the real world so I can fire off > different attacks, for this running Snort on pfSense would help but > I'd also like to have it running on a mirror on the switch so that I > can watch what alerts trigger when I try to pivot inside that network. > > I've tried asking on the VirtualBox forums but I don't think they > really understand what I'm trying to setup. Does anyone know if this > is possible and if so how to do it? > > Robin > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
