Hello All.
I use Honeyd for capture my packet,i use virtual box for virtualization Windows XP in linux debian,my virtual network card is vboxnet0 and it ip address is 192.168.56.1 and in windows xp my network card ip is 192.168.56.101,how configure honeyd for capture my packets?

I thankful if you guide me.


Thanks.

Honeyd is a honey pot, and not packet capturing.

tcpdump, etherreal, or wireshark are for packet capturing.

yes i know Honeyd is Honey pot but for analyst a virus i need it,can you help me for configure it?

I wanna config my Honeyd for analyst a virus,what should i do?

Please guide me.


Thanks.

You need to phrase your questions more clearly.
Put simply, your not making any sense.

If i have interpreted your questions correctly, i believe http://www.sans.org/reading_room/whi...ng-system_1563 will be of some help to you.

Hello All.
I config honeyd for my virtual machine,but it is not working.i wanna analyze a malware.my config file is :


create win2k
set win2k personality "Microsoft Windows 2000 SP2"
set win2k default tcp action reset
set win2k default udp action reset
set win2k default icmp action block
set win2k uptime 3567
set win2k droprate in 13
add win2k tcp port 23 "sh /usr/share/honeyd/scripts/unix/linux/suse8.0/telnetd.sh $ipsrc $sport $ipdst $dport"
add win2k tcp port 21 "sh /usr/share/honeyd/scripts/win32/win2k/msftp.sh $ipsrc $sport $ipdst $dport"
add win2k tcp port 25 "sh /usr/share/honeyd/scripts/win32/win2k/exchange-smtp.sh $ipsrc $sport $ipdst $dport"
add win2k tcp port 80 "sh /usr/share/honeyd/scripts/win32/win2k/iis.sh $ipsrc $sport $ipdst $dport"
add win2k tcp port 110 "sh /usr/share/honeyd/scripts/win32/win2k/exchange-pop3.sh $ipsrc $sport $ipdst $dport"
add win2k tcp port 143 "sh /usr/share/honeyd/scripts/win32/win2k/exchange-imap.sh $ipsrc $sport $ipdst $dport"
add win2k tcp port 389 "sh /usr/share/honeyd/scripts/win32/win2k/ldap.sh $ipsrc $sport $ipdst $dport"
add win2k tcp port 5901 "sh /usr/share/honeyd/scripts/win32/win2k/vnc.sh $ipsrc $sport $ipdst $dport"
add win2k udp port 161 "perl /usr/share/honeyd/scripts/unix/general/snmp/fake-snmp.pl public private --config=/usr/share/honeyd/scripts/unix/general/snmp"

# This will redirect incomming windows-filesharing back to the source

add win2k udp port 137 proxy $ipsrc:137
add win2k udp port 138 proxy $ipsrc:138
add win2k udp port 445 proxy $ipsrc:445
add win2k tcp port 138 proxy $ipsrc:138
add win2k tcp port 139 proxy $ipsrc:139
add win2k tcp port 445 proxy $ipsrc:445

bind 192.168.56.1 win2k


What should i do?

"Isn't working" is the least interesting text (we know it isn't else why would you be here?) and Honeyd comes with more configuration than just that standard copy-'n-paste partial template you showed us: init script or command line to start it (which args?), configuration for logging (do you?), service configuration and file access permissions, address binding, network configuration (tested it?) and it even comes with a pre-flight check ("--verify-config"), none of which you've shown. Beneath all that there's your virtualization guests configuration. So. If you know how to diagnose these things I'd say start at the bottom and determine if your virtualization guest works OK. If you can prove it works, then ensure honeyd logs the hell out of everything and show us your full configs, complete command line to start honeyd and any diagnostics if unsure.