Promiscuous mode for VMware Workstation adapter on Windows host?
4,786 views
Skip to first unread message
bzp...@gmail.com
Nov 20, 2016, 11:43:58 PM11/20/16
to security-onion
I cannot find any documentation on how to add an adapter to VMware Workstation Player and set it to promiscuous mode.
There is a VMware article on how to do it for Linux host but none for Windows host that I could find.
There is a VMware article on how to do it for Linux host but none for Windows host that I could find.
Has anyone done this?
Thanks
Ben
Wes Lambert
Nov 20, 2016, 11:52:18 PM11/20/16
to securit...@googlegroups.com
Ben,
It should be under the VM Settings >> Add >> Network Adapter. You can then run Setup to configure the specific adapter/interface as a sniffing interface.
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
BZPerry
Nov 21, 2016, 12:26:57 AM11/21/16
to securit...@googlegroups.com, securit...@googlegroups.com
No promiscuous mode option there
Just Bridged with replicate physical network connection state extra option, NAT, and Host-only
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/0dJzs_jPcYI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Wes Lambert
Nov 21, 2016, 6:50:22 AM11/21/16
to securit...@googlegroups.com
Ben,
Please note, the Security Onion Setup script puts the adapter into promiscuous mode when it is run.
Thanks,
Wes
On Nov 21, 2016 12:26 AM, "BZPerry" <bzp...@gmail.com> wrote:
No promiscuous mode option thereJust Bridged with replicate physical network connection state extra option, NAT, and Host-only
Ben,
It should be under the VM Settings >> Add >> Network Adapter. You can then run Setup to configure the specific adapter/interface as a sniffing interface.
Thanks,
Wes
On Nov 20, 2016 11:44 PM, <bzp...@gmail.com> wrote:
I cannot find any documentation on how to add an adapter to VMware Workstation Player and set it to promiscuous mode.
There is a VMware article on how to do it for Linux host but none for Windows host that I could find.
Has anyone done this?
Thanks
Ben
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/0dJzs_jPcYI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Message has been deleted
B Z Perry
Nov 21, 2016, 12:07:47 PM11/21/16
to securit...@googlegroups.com, BZPerry
Thanks for your help Wes but there is a Security Onion document "IntroductionWalkthrough"
where it talks about installing Security Onion in VirtualBox and says:
Next click "Network" then "Adapter 2." You'll need to click the checkbox to enable it then attach it to "Internal Network." Under the "Advanced" options, set "Promiscuous Mode" to "Allow All." Click "Ok" and we are ready to install the operating system.
So I would rather not rely on the setup scripts to put the adapter into promiscuous mode as I would like the sniffing adapter to receive all traffic designated for any MAC address and not just broadcast packets
Wes
Nov 21, 2016, 6:20:47 PM11/21/16
to security-onion, bzp...@gmail.com
>
> To post to this group, send email to securit...@googlegroups.com.
>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
>
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/0dJzs_jPcYI/unsubscribe.
>
> To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
>
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/0dJzs_jPcYI/unsubscribe.
>
>
> To post to this group, send email to securit...@googlegroups.com.
>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
>
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
>
>
> To post to this group, send email to securit...@googlegroups.com.
>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
>
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/0dJzs_jPcYI/unsubscribe.
>
> To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
>
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/0dJzs_jPcYI/unsubscribe.
>
>
> To post to this group, send email to securit...@googlegroups.com.
>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
Ben,
> To post to this group, send email to securit...@googlegroups.com.
>
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
If I want the NIC to monitor traffic on the physical network, I'll usually configure the NIC as 'bridged' and then run setup to configure the sniffing interface appropriately.
Thanks,
Wes
Reply all
Reply to author
Forward
0 new messages