* [email protected] [2009-06-26 16:56:40] > On Fri, Jun 26, 2009 at 5:09 PM, David Edmondson<[email protected]> wrote: >> * [email protected] [2009-06-25 23:08:41] >>> Can anyone confirm if a xen based domU can be used for snort setup? It is >>> not for commercial use, rather just SOHO use. >> >> You can run snort in a guest, but it won't see all of the traffic from >> the wire. >> >> It gets: >> - traffic to its' MAC address, >> - traffic with the multicast bit set in the destination address. >> > > ... and how is this different from a physical server, connected to a > switch? Won't the switch filter out packets not intended for mac > addresses on a particular port?
Most switches do this, yes. In that case it's usually possible to put a switch port into monitor mode, which means that it gets all packets. This isn't currently possible with the Solaris VNIC implementation. dme. -- David Edmondson, Sun Microsystems, http://dme.org _______________________________________________ xen-discuss mailing list [email protected]
