On 13 November 2010 20:47, Shane Kennedy <[email protected]> wrote: > Robin, > > I have a virtualbox lab with multiple hosts running on multiple > internal networks. One of my hosts is bridged into my real-world > local network and acts as a gateway into the internal networks, much > like yours. > > From that gateway host, I pinged a target host on one of the remote > internal networks 2 hops away and sent some unicast TCP traffic as > well. I also sent some traffic to the target from a couple of hosts > on the real-world network. I was able to observe all the traffic to > my target from another host on the same remote network simply by > sniffing in promiscuous mode. Seems like virtualbox internal networks > are more like hubs than switches. > > Hope this helps,
Interesting, I'll try shifting to promiscuous mode and see what happens. Robin > SK > > On Sat, Nov 13, 2010 at 12:39 PM, Robin Wood <[email protected]> wrote: >> In an attempt to add Snort to my VirtualBox lab I was wondering if it >> was possible to set up a mirror port on a VirtualBox internal network. >> >> The setup I've got is a group of about 6 machines on an internal >> network and another machine with two interfaces, one on the internal >> network and one bridged to the real world currently running pfSense >> (yes, I know pfSense will run Snort but that will only be on traffic >> passing through the firewall). I use the pfSense box to open and NAT >> different internal machines to the real world so I can fire off >> different attacks, for this running Snort on pfSense would help but >> I'd also like to have it running on a mirror on the switch so that I >> can watch what alerts trigger when I try to pivot inside that network. >> >> I've tried asking on the VirtualBox forums but I don't think they >> really understand what I'm trying to setup. Does anyone know if this >> is possible and if so how to do it? >> >> Robin >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
