Virtual Networking

[grdoorguy]

Hello,

I currently have a pc running Vmware on Jaunty with two dual Intel NIC cards. The box runs Snort "CentOS", NST "CentOS", and a logger ring buffer plus apache "Ubuntu". I am replacing the box at the end of the month with a better pc. I use virtual box at home and would like to setup my new system to run it also. The problem is I have been unable to get my test virtual machines to work correctly in virtual box as they do not see traffic on the interface plugged into my network tap or mirror port. After scouring the forums I have seen people claim that Virtual Box does not support interfaces in promiscuous mode. Could someone confirm that this is the case or point me in the correct direction of a workaround?

Best Regards
Grdoorguy

[grdoorguy]

Anyone know? Other people must have considered using VirtualBox to run IDS software before.

[vbox4me2]

VBox nics are already in promiscuous mode.

[grdoorguy]

I tested with Virtual Box and did a tcpdump from both the host and guest OS. The guest OS does not see the same traffic as the host. So if the guest is in promiscuous mode by default I don't see any proof of this.

[whytek]

Someone else was asking for this as a feature some time ago:

http://forum.virtualbox.org/viewtopic.p ... 06&start=0
where Mirko replied - "Within the guest you see can see the traffic for the gzest only. Other traffic is not forwarded to this interface"

It is also something I would use, but I don't really have time right now to look at it. It's not on my primary TODO list, it's more of a "that would be a nice thing to have sometimes" thing, if any of the coders in sun would take a look.

I imagine it would be simple enough to create an option to basically remove the filter on the traffic that is forwarded to the guest side of the bridge, no?

editing later... http://www.virtualbox.org/browser/trunk ... niffer.cpp
does this mean it's on the way?