So does that mean the Crossbow<http://www.opensolaris.org/os/project/crossbow/>project on opensolaris does not cater to this kind of requirement yet? rgds, dot.yet
On Fri, Jun 26, 2009 at 12:54 PM, David Edmondson <[email protected]> wrote: > * [email protected] [2009-06-26 16:56:40] > > On Fri, Jun 26, 2009 at 5:09 PM, David Edmondson<[email protected]> wrote: > >> * [email protected] [2009-06-25 23:08:41] > >>> Can anyone confirm if a xen based domU can be used for snort setup? It > is > >>> not for commercial use, rather just SOHO use. > >> > >> You can run snort in a guest, but it won't see all of the traffic from > >> the wire. > >> > >> It gets: > >> - traffic to its' MAC address, > >> - traffic with the multicast bit set in the destination address. > >> > > > > ... and how is this different from a physical server, connected to a > > switch? Won't the switch filter out packets not intended for mac > > addresses on a particular port? > > Most switches do this, yes. In that case it's usually possible to put a > switch port into monitor mode, which means that it gets all > packets. This isn't currently possible with the Solaris VNIC > implementation. > > dme. > -- > David Edmondson, Sun Microsystems, http://dme.org >
_______________________________________________ xen-discuss mailing list [email protected]
