Setting up a Test network

[Chris Gerling]

I am curious whether anyone here has done this, has one, or has any input as to how to go about setting up either a small physical, or virtual network for testing all sorts of things, such as executing malicious attachments in a virtual machine and capturing the packets with wireshark/snort, or maybe using hping2 to toss some packets at a snort sensor and logging what happens, etc.

There aren't a lot of limitations here really, we have all sorts of hardware laying around, and I believe a VMware ESX license too (the only issue with ESX is I am told it is VERY  HARD to transfer files FROM the virtual machine on an ESX server TO something else without simply jacking a laptop into it.  The goal there would be the method least likely to contaminate anything outside of the test network.

Again this test network needs to be as isolated as possible while still allowing us to pull things off of it from time to time.

Any ideas?

Thanks!

[Sparda]

three computers + switch + separate internet connection (or if sharing internet connection, firewalled)?

[gameman733]

ive used vmware workstation in the past, setup a ipcop VM with 2 nics, 1 connected to bridge, and 1 connected to virtual lan, and put 2 or 3 vm's on the vlan. From there, you could set ipcop up so that it doesnt communicate with the normal lan, but i dunno how to do that right off hand.

[digip]

If you using VMware, you can use the vmnetcfg.exe to choose what connections go to the host pc or if you don't want them to have access to each other at all. Then just turn on the specific vm network adappter for each vm and let them talk.

[Chris Gerling]

Thanks!

[Famicoman]

Back years, and years ago, http://www.happyhacker.org/gtmhh/winlan.shtml

Substitute Win 95/98 for XP, Linux, etc. It talks about some funky stuff.