Security Onion & Promiscuous Mode
1,961 views
Skip to first unread message
Jason
Jun 8, 2012, 2:33:23 PM6/8/12
to security-onion
Friends,
I am running the current version of Security Onion in a virtual
machine with VMware Workstation 8 on a MS Server 2003 platform. I
have noticed that Security Onion does not seem to put the NIC card
into promiscuous mode by default. It seems I have to manually type
"ifconfig eth0 promisc" in order to get the NIC into promiscuous
mode.
Please let me know if this is by design or if this is a side-effect of
running Security Onion on VMware Workstation 8 (as opposed to running
it on "raw metal" (a real computer) or in an VMware Workstation as
opposed to a VMware ESXi environment.
I have the Security Onion NIC physically bridged in VMware to a
independent NIC on the MS Server 2003 host. The reason I am looking
at promiscuous mode is because at the moment I don't have the spanning
or port mirroring infrastructure to capture all traffic the "right"
way (inthe long term, I will be looking at purchasing the MikroTik
RB250GS home switch which has port mirroring).
Thanks again to all the contributors.
I am running the current version of Security Onion in a virtual
machine with VMware Workstation 8 on a MS Server 2003 platform. I
have noticed that Security Onion does not seem to put the NIC card
into promiscuous mode by default. It seems I have to manually type
"ifconfig eth0 promisc" in order to get the NIC into promiscuous
mode.
Please let me know if this is by design or if this is a side-effect of
running Security Onion on VMware Workstation 8 (as opposed to running
it on "raw metal" (a real computer) or in an VMware Workstation as
opposed to a VMware ESXi environment.
I have the Security Onion NIC physically bridged in VMware to a
independent NIC on the MS Server 2003 host. The reason I am looking
at promiscuous mode is because at the moment I don't have the spanning
or port mirroring infrastructure to capture all traffic the "right"
way (inthe long term, I will be looking at purchasing the MikroTik
RB250GS home switch which has port mirroring).
Thanks again to all the contributors.
Doug Burks
Jun 9, 2012, 12:56:55 PM6/9/12
to securit...@googlegroups.com
Hi Jason,
Have you configured your network interfaces as described here?
http://code.google.com/p/security-onion/wiki/NetworkConfiguration
Is there anything special you have to do in VMware Workstation to
allow the VM to use promiscuous mode?
http://infosecmatters.blogspot.com/2012/04/installing-security-onion-idsnsm-on.html
Thanks,
Doug
--
Doug Burks | http://securityonion.blogspot.com
Don't miss SANS SEC503 Intrusion Detection In-Depth in
Augusta GA 6/11 - 6/16 | 10% discount for ISSA Members!
http://augusta.issa.org/drupal/SANS-Augusta-2012
Have you configured your network interfaces as described here?
http://code.google.com/p/security-onion/wiki/NetworkConfiguration
Is there anything special you have to do in VMware Workstation to
allow the VM to use promiscuous mode?
http://infosecmatters.blogspot.com/2012/04/installing-security-onion-idsnsm-on.html
Thanks,
Doug
Doug Burks | http://securityonion.blogspot.com
Don't miss SANS SEC503 Intrusion Detection In-Depth in
Augusta GA 6/11 - 6/16 | 10% discount for ISSA Members!
http://augusta.issa.org/drupal/SANS-Augusta-2012
Reply all
Reply to author
Forward
0 new messages