* [email protected] [2009-06-25 23:08:41]
> Can anyone confirm if a xen based domU can be used for snort setup? It is
> not for commercial use, rather just SOHO use.
You can run snort in a guest, but it won't see all of the traffic from
the wire.
It gets:
- traffic to its' MAC address,
- traffic with the multicast bit set in the destination address.
In most cases this makes it unusable for snort.
dme.
--
David Edmondson, Sun Microsystems, http://dme.org
_______________________________________________
xen-discuss mailing list
[email protected]
