WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-users] Re: [xen-discuss] Snort on domU

from [Dustin Henning] [Permanent Link][Original]
To: <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Re: [xen-discuss] Snort on domU
From: "Dustin Henning" <Dustin.Henning@xxxxxxxxxxx>
Date: Fri, 26 Jun 2009 12:29:44 -0400
Delivery-date: Fri, 26 Jun 2009 09:31:14 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <432143152-1246032096-cardhu_decombobulator_blackberry.rim.net-167430516-@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: PRD, Inc.
References: <93bc4af40906251508o1d341f67w160aef549a9c24be@xxxxxxxxxxxxxx><87ws6z5ms1.fsf@xxxxxxxxxxxxxxx><7207d96f0906260856h71895f9dn72f3ac7a0d81ecf5@xxxxxxxxxxxxxx> <432143152-1246032096-cardhu_decombobulator_blackberry.rim.net-167430516-@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: Dustin.Henning@xxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acn2eepZh6BKbc1TSYmR8wFQYlsOZAAAPBjQ 
        I believe Fajar was implying that it would be no different than
having a switch between the switch where one is using port mirroring and the
machine one using for snort.  It might even be possible to send other
traffic to a specific destination on said switch as well, but that is more
of a Linux bridging question.  Regardless, a switch is a multiport bridge,
and so is the bridging used in Xen.  ;)
        Dustin

-----Original Message-----
From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Nathan Eisenberg
Sent: Friday, June 26, 2009 12:02
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Re: [xen-discuss] Snort on domU

I would imagine that the bridge acts as its own filtering link, so even if
you used a hub or port mirroring, the domU will only get frames destined for
it.
Best Regards,
Nathan Eisenberg
Sr. Systems Administrator
Atlas Networks, LLC

Sent from my BlackBerry

-----Original Message-----
From: "Fajar A. Nugraha" <fajar@xxxxxxxxx>

Date: Fri, 26 Jun 2009 22:56:40 
To: David Edmondson<dme@xxxxxxx>
Cc: <xen-discuss@xxxxxxxxxxxxxxx>; <xen-users@xxxxxxxxxxxxxxxxxxx>; Dot
Yet<dot.yet@xxxxxxxxx>
Subject: [Xen-users] Re: [xen-discuss] Snort on domU


On Fri, Jun 26, 2009 at 5:09 PM, David Edmondson<dme@xxxxxxx> wrote:
> * dot.yet@xxxxxxxxx [2009-06-25 23:08:41]
>> Can anyone confirm if a xen based domU can be used for snort setup? It is
>> not for commercial use, rather just SOHO use.
>
> You can run snort in a guest, but it won't see all of the traffic from
> the wire.
>
> It gets:
>    - traffic to its' MAC address,
>    - traffic with the multicast bit set in the destination address.
>

... and how is this different from a physical server, connected to a
switch? Won't the switch filter out packets not intended for mac
addresses on a particular port?

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users







_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Re: [xen-discuss] Snort on domU, Nathan Eisenberg
Next by Date:  Re: [Xen-users] after installing virt-manager, error reported and cannot start up xend, Ming Chen
Previous by Thread:  Re: [Xen-users] Re: [xen-discuss] Snort on domU, Nathan Eisenberg
Next by Thread:  [Xen-users] Re: Snort on domU, David Edmondson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy