Snort not picking up host of the virtual environment
Aaron Smith
I have got security onion up and running, snort.conf file is modified to be monitoring my private network of 192.168.1.0/24.
I have loaded onto a VMWare Workstation the following: Security Onion, Kali Linux, Ubuntu Desktop. All network adapters are set to bridged so all 3 virtual systems as well as my windows host are all on the 192.168.1.0/24 network.
Snort picks up the pings going between all the virtual systems as well as when I curl http://www.testmyids.com but does not pick up pings from my windows host system to any of the virtual systems or going to the testmyids.com website.
Why would this traffic not get picked up if its on the same network? Sorry if its an obvious answer, again I am new to all of this, including virtualization. Thanks.
Heine Lysemose
Hi
Have you set the bridged interface to allow promiscuous mode both virtual and host?
Regards,
Lysemose
--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Shane Castle
Sent from my iPhone
Aaron Smith
A ping from any of my 3 VMs (all in bridged mode) to my host system gets picked up by the IDS, no pings from my Host to any of the 3 VMs gets picked up though.
Shane Castle
Only has direct application to VM Workstation but the concepts should be applicable to other VM setups.
Sent from my iPad