<div dir="ltr"><pre>On Wed, Apr 23, 2014 at 12:04 PM, Teo En Ming <<a href="mailto:teo.en.ming@...11827...">teo.en.ming@...11827...</a>> wrote:
> Dear Eric G,
> I may not be able to tap my outside internet and feed it to Snort because
> I am running Snort in a virtual machine, and it's sitting behind a wireless
> router. Please look at the attached network diagram and offer me advice on
> how I can tap the outside internet and feed it to Snort.
> Thank you very much.
> Yours sincerely,
> Teo En Ming
In the past, using VirtualBox I have built a VM with two interfaces
attached to it, one that had the VM's normal management IP and the other
interface had a physical interface from the underlying host passed directly
through into the Virtualbox VM, in order to achieve what you're asking for.
In Virtualbox there's an option to allow promiscuous mode in the VM as
well... <a href="http://seclists.org/snort/2012/q4/174">http://seclists.org/snort/2012/q4/174</a> seems to be a thread that
matches up with what I'm describing here
You would need a managed switch capable of having a SPAN port on the
outside of your wireless router though. Or a hub would be a cheap way to do