-2

I'm deploying Aienvault USM in VBox. Everything has worked fine until the network monitoring part where I should monitor SPAN Port traffic.

From my host PC, I can see the traffic cmming in well on that specific port (eno4), I have bridged the same port on my Virtual Machine to eth1 and allowed promiscuous mode to ALL.

However, from my Virtual machine, when I do tcpdump on eth1, which is the interface I have bridged eno4(the host interface containing my SPAN Port Cable) I see very little traffic compared to when I do the same on my host.

What could be reasons for that?

GhostCat
  • 137,827
  • 25
  • 176
  • 248
ShadrackD
  • 1
  • 1
  • Questions on professional server- or networking-related infrastructure administration are off-topic for Stack Overflow unless they directly involve programming or programming tools. You may be able to get help on Server Fault. – GhostCat Sep 21 '18 at 07:12

1 Answers1

0

Background

I just solved this, Usually on when running Alienvault OSSIM, which comes as a .ISO file, one can install on a hardware component. This is not the same case with USM which comes as a .OVA.

In the scenario when Alienvault is running on hardware, I don't really need to make sure that my ethernet connection settings are set, because I'm basically listening.

Solving

In this case, I made sure that my network connection was connected in my centos, then left the virtualbox the way I had set initially(Bridged and on promiscous on mu eno4 interface)

It worked flawlessly.

ShadrackD
  • 1
  • 1