WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Re: [xen-discuss] Snort on domU

I would imagine that the bridge acts as its own filtering link, so even if you 
used a hub or port mirroring, the domU will only get frames destined for it.
Best Regards,
Nathan Eisenberg
Sr. Systems Administrator
Atlas Networks, LLC

Sent from my BlackBerry

-----Original Message-----
From: "Fajar A. Nugraha" <fajar@xxxxxxxxx>

Date: Fri, 26 Jun 2009 22:56:40 
To: David Edmondson<dme@xxxxxxx>
Cc: <xen-discuss@xxxxxxxxxxxxxxx>; <xen-users@xxxxxxxxxxxxxxxxxxx>; Dot 
Yet<dot.yet@xxxxxxxxx>
Subject: [Xen-users] Re: [xen-discuss] Snort on domU


On Fri, Jun 26, 2009 at 5:09 PM, David Edmondson<dme@xxxxxxx> wrote:
> * dot.yet@xxxxxxxxx [2009-06-25 23:08:41]
>> Can anyone confirm if a xen based domU can be used for snort setup? It is
>> not for commercial use, rather just SOHO use.
>
> You can run snort in a guest, but it won't see all of the traffic from
> the wire.
>
> It gets:
>    - traffic to its' MAC address,
>    - traffic with the multicast bit set in the destination address.
>

... and how is this different from a physical server, connected to a
switch? Won't the switch filter out packets not intended for mac
addresses on a particular port?

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>