virtualbox.org

I'm trying to setup IDS with Snort on one virtual machine. Host system is centos 5.3 and vbox version is 3.0.2.
Up to now the thing went good ...
Guest system is also CentOS but this doesn't matter.

I am using cisco switch monitor option to have traffic taken from the wire and I want to put that kind o traffic to one of my VMs. Up to now bridging didn't do well and I want to give my Snort VM one exclusive physical host interface but it seems that I can't.
To put things simply, is there a way to have a network interface in VM attached to real world and to work in some kind of promiscuos mode in order to analyze monitored traffic?

Thanks

Anyone?

Google? http://www.google.nl/search?hl=nl&q=pro ... lbox&meta=

I have allready google it ofcource but nothing seems to be working. Nobody is saying anything about attaching one phisical network interface directly to the guest.
There are tries with bridging but that's now what I need. This should be pretty ususal problem. If u want any kind of network analises with sniffing u must have promiscuos mode working. If anyone knows something please give me a hand with this one...

When you put the VM in Bridged Mode, the physical NIC already goes to promiscuous mode. Now all that's left is the Guest NIC itself to go into that mode.
If you really want to have a physical NIC inside the Guest, get a USB ethernet adapter (they are available, if you can find it) and set up USB passthrough for the device.

Thankyou Sasquatch

This is maybe true but on centos 5.3 was not working until I set the host NIC in promisc mode.
"ifconfig eth1 x.x.x.x/x promisc" was the command on host that got things working.

You don't need to specify an IP address in order to get in into promiscuous mode. Just running ifconfig eth0 promisc is enough.