Virtual Debian mashine for IDS Systems

Discussion in 'Networking Questions' started by GeorgT, May 24, 2016.

  1. GeorgT

    GeorgT Bit Poster


    actually I'm playing around with IDS Systems for internal Networktraffic. I want to install a sensor node on a Parallels Cloud Server as Virtual mashine.
    We have a virtual network lets call it " CS_FrontNet". Is there a way to add a Monitorport to this net?
    Also if possible, will this port "see" all traffic on all HWNodes on the CS_FrontNet?

    VMWare is working with virtual switches, on those switches I can add a monitor/Mirror port

    On the other hand I want to have access to a physical Monitor Port on our Hardwareswitches.
    Our Servers have free network adapters, is it possible to add such a adapter directly to a VM for using it in promiscuous mode?

    How would you recommend such use case?

    Kind regards
  2. Pavel

    Pavel A.I. Auto-Responder Staff Member

    Virtuozzo 6 does not provide functionality of adding a Monitorting port.
    You may give it a shot with Open vSwitch, however, this functionality is experimental in VZ6 and not fully supported.

    As for adding adapter directly to the VM - unfortunately VT-d functionality is deprecated and you cannot add a pass-through network device to the VM.
  3. KristianM

    KristianM Product Expert

    Hi GeorgT,

    you can of course connect a dedicated physical LAN port of your PCS6 node to a Switch that has Port mirroring enabled and then create a new Bridged Network in PCS6 with vznetcfg.
    You can then assign the physical interface and the VM interface to this network and you should be able to use the VM adapter in promiscuous mode.

    Hope it helps

Share This Page