Using Honeyd Command-Line Options
 | |
| ||||||||||
| ||||||||||||
 |
| |||||
| |||||
| |||||
Honeyd.exe is intended to be executed at the command line, along with one or more commandline options that define its runtime behavior. Get to a command prompt, change the current directory to the c:\Honeyd folder, and type in honeyd.exe /? to see the available command-line options and their syntax. You should see something like this:
C:\Honeyd>honeyd.exe /? WIN32 Port By Michael A. Davis (mdavis@securityprofiling.com, www.securityprofiling.com) Usage:honeyd [-dPW][-l logfile][-i interface] [-p personalities][-x xprobe] [-a assoc] [-f config][net...]
| Note | If you run Honeyd.exe and get the error message, “Impossible SI range in Class fingerprint Windows NT 4 SP3,” you can download an updated Nmap.prints file from the Downloads area of the Apress web site (http://www.apress.com) to correct the harmless runtime error.The newer Nmap.prints file corrects a programming mistake in the original Nmap.prints file. |
Command-line options are case-sensitive, and not all of them are displayed at the runtime help screen. A full list of options and their descriptions are shown in Table 6-1.
| Option | Description |
|---|---|
| -d | Tells Honeyd not to daemonize (do not run in a minimized state as a background process) and enables verbose debugging messages. Although not required, this is a good default parameter to include when you execute Honeyd. |
| -P | Enables polling mode for older libpcap (predecessor of WinPcap) event messages. Not needed for Windows OS hosts. |
| -W | Shows interface number and name (works on only Windows versions of Honeyd). The number can be used with -i interface parameter. Needed only for installation information or troubleshooting. |
| -V | Shows Honeyd version information. The Windows port of Honeyd shows invalid version information of 0.4a instead of 0.5. |
| -h or /? | Displays summary of command-line option help. |
| -l <filename> | Creates, or sends messages to, a local log file with the specified name and location. |
| -i <interface#> | Defines which network interface Honeyd should listen on; for example -i 1. This is a mandatory parameter. |
| -p <filename> | Defines what file to use to for Nmap IP stack emulation. The personality file supplied with Honeyd is called Nmap.prints. |
| -x <filename> | Enables Honeyd to respond to ICMP fingerprinting tools by using the Xprobe2 database file. The Xprobe2 database is called Xprobe2.conf in Honeyd. |
| -a <filename> | Associates an Nmap-style fingerprinting database with the Xprobe2 database. The association file is called Nmap.assoc in Honeyd. |
| -f <filename> | Designates the Honeyd configuration file name and location. This is a mandatory parameter. You can create different configuration files to reflect different honeypots and choose one versus the other at runtime. |
| <net> | Defines one or more IP addresses that Honeyd will respond to. This can be a single IP address, a range (for example, 10.0.0.1-10.0.0.255), or CIDR notation (for example, 10.0.0.0/8). This information can also be defined in the Honeyd configuration file instead. If left undefined, Honeyd will attempt to respond to any traffic it sees. |
Here is an example of a runtime Honeyd command:
honeyd -d -p NMAP.PRINTS -x XPROBE2.CONF -a NMAP.ASSOC -f honeyd.config -i 2 -l c:\Honeyd\log\honeyd.log 10.0.0.0/8
| |||||
| |||||
| |||||
EAN: 2147483647
Pages: 119