On Fri, Jun 26, 2009 at 5:09 PM, David Edmondson<[email protected]> wrote: > * [email protected] [2009-06-25 23:08:41] >> Can anyone confirm if a xen based domU can be used for snort setup? It is >> not for commercial use, rather just SOHO use. > > You can run snort in a guest, but it won't see all of the traffic from > the wire. > > It gets: > - traffic to its' MAC address, > - traffic with the multicast bit set in the destination address. >
... and how is this different from a physical server, connected to a switch? Won't the switch filter out packets not intended for mac addresses on a particular port? -- Fajar _______________________________________________ xen-discuss mailing list [email protected]
