WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Re: [xen-discuss] Snort on domU

from [Nathan Eisenberg] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Re: [xen-discuss] Snort on domU
From: "Nathan Eisenberg" <nathan@xxxxxxxxxxxxxxxx>
Date: Fri, 26 Jun 2009 16:01:38 +0000
Delivery-date: Fri, 26 Jun 2009 09:19:38 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
Importance: Normal
In-reply-to: <7207d96f0906260856h71895f9dn72f3ac7a0d81ecf5@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <93bc4af40906251508o1d341f67w160aef549a9c24be@xxxxxxxxxxxxxx><87ws6z5ms1.fsf@xxxxxxxxxxxxxxx><7207d96f0906260856h71895f9dn72f3ac7a0d81ecf5@xxxxxxxxxxxxxx>
Reply-to: nathan@xxxxxxxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Sensitivity: Normal 
I would imagine that the bridge acts as its own filtering link, so even if you 
used a hub or port mirroring, the domU will only get frames destined for it.
Best Regards,
Nathan Eisenberg
Sr. Systems Administrator
Atlas Networks, LLC

Sent from my BlackBerry

-----Original Message-----
From: "Fajar A. Nugraha" <fajar@xxxxxxxxx>

Date: Fri, 26 Jun 2009 22:56:40 
To: David Edmondson<dme@xxxxxxx>
Cc: <xen-discuss@xxxxxxxxxxxxxxx>; <xen-users@xxxxxxxxxxxxxxxxxxx>; Dot 
Yet<dot.yet@xxxxxxxxx>
Subject: [Xen-users] Re: [xen-discuss] Snort on domU


On Fri, Jun 26, 2009 at 5:09 PM, David Edmondson<dme@xxxxxxx> wrote:
> * dot.yet@xxxxxxxxx [2009-06-25 23:08:41]
>> Can anyone confirm if a xen based domU can be used for snort setup? It is
>> not for commercial use, rather just SOHO use.
>
> You can run snort in a guest, but it won't see all of the traffic from
> the wire.
>
> It gets:
>    - traffic to its' MAC address,
>    - traffic with the multicast bit set in the destination address.
>

... and how is this different from a physical server, connected to a
switch? Won't the switch filter out packets not intended for mac
addresses on a particular port?

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users





_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] Compiled problem with xen-unstable, For@ll
Next by Date:  RE: [Xen-users] Re: [xen-discuss] Snort on domU, Dustin Henning
Previous by Thread:  [Xen-users] Re: [xen-discuss] Snort on domU, Fajar A. Nugraha
Next by Thread:  RE: [Xen-users] Re: [xen-discuss] Snort on domU, Dustin Henning
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy