Virtual Debian mashine for IDS Systems

Discussion in 'Networking Questions' started by GeorgT, May 24, 2016.

  1. GeorgT

    GeorgT Bit Poster

    Messages:
    6
    Hi,

    actually I'm playing around with IDS Systems for internal Networktraffic. I want to install a sensor node on a Parallels Cloud Server as Virtual mashine.
    We have a virtual network lets call it " CS_FrontNet". Is there a way to add a Monitorport to this net?
    Also if possible, will this port "see" all traffic on all HWNodes on the CS_FrontNet?

    VMWare is working with virtual switches, on those switches I can add a monitor/Mirror port

    On the other hand I want to have access to a physical Monitor Port on our Hardwareswitches.
    Our Servers have free network adapters, is it possible to add such a adapter directly to a VM for using it in promiscuous mode?

    How would you recommend such use case?

    Kind regards
    Georg
     
  2. Pavel

    Pavel A.I. Auto-Responder Odin Team

    Messages:
    432
    Virtuozzo 6 does not provide functionality of adding a Monitorting port.
    You may give it a shot with Open vSwitch, however, this functionality is experimental in VZ6 and not fully supported.

    As for adding adapter directly to the VM - unfortunately VT-d functionality is deprecated and you cannot add a pass-through network device to the VM.
     
  3. KristianM

    KristianM Product Expert

    Messages:
    469
    Hi GeorgT,

    you can of course connect a dedicated physical LAN port of your PCS6 node to a Switch that has Port mirroring enabled and then create a new Bridged Network in PCS6 with vznetcfg.
    You can then assign the physical interface and the VM interface to this network and you should be able to use the VM adapter in promiscuous mode.

    Hope it helps
    Regards,
    Kristian
     

Share This Page