Using Honeyd Command-Line Options

skip navigation

honeypots for windows
Chapter 6 - Honeyd Configuration
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

Honeyd.exe is intended to be executed at the command line, along with one or more commandline options that define its runtime behavior. Get to a command prompt, change the current directory to the c:\Honeyd folder, and type in honeyd.exe /? to see the available command-line options and their syntax. You should see something like this:

 C:\Honeyd>honeyd.exe /?  WIN32 Port By Michael A. Davis (mdavis@securityprofiling.com,  www.securityprofiling.com)  Usage:honeyd [-dPW][-l logfile][-i interface] [-p personalities][-x xprobe]  [-a assoc] [-f config][net...] 

Note 

If you run Honeyd.exe and get the error message, “Impossible SI range in Class fingerprint Windows NT 4 SP3,” you can download an updated Nmap.prints file from the Downloads area of the Apress web site (http://www.apress.com) to correct the harmless runtime error.The newer Nmap.prints file corrects a programming mistake in the original Nmap.prints file.

Command-line options are case-sensitive, and not all of them are displayed at the runtime help screen. A full list of options and their descriptions are shown in Table 6-1.

Table 6-1: Honeyd Runtime Options

Option

Description

-d

Tells Honeyd not to daemonize (do not run in a minimized state as a background process) and enables verbose debugging messages. Although not required, this is a good default parameter to include when you execute Honeyd.

-P

Enables polling mode for older libpcap (predecessor of WinPcap) event messages. Not needed for Windows OS hosts.

-W

Shows interface number and name (works on only Windows versions of Honeyd). The number can be used with -i interface parameter. Needed only for installation information or troubleshooting.

-V

Shows Honeyd version information. The Windows port of Honeyd shows invalid version information of 0.4a instead of 0.5.

-h or /?

Displays summary of command-line option help.

-l <filename>

Creates, or sends messages to, a local log file with the specified name and location.

-i <interface#>

Defines which network interface Honeyd should listen on; for example -i 1. This is a mandatory parameter.

-p <filename>

Defines what file to use to for Nmap IP stack emulation. The personality file supplied with Honeyd is called Nmap.prints.

-x <filename>

Enables Honeyd to respond to ICMP fingerprinting tools by using the Xprobe2 database file. The Xprobe2 database is called Xprobe2.conf in Honeyd.

-a <filename>

Associates an Nmap-style fingerprinting database with the Xprobe2 database. The association file is called Nmap.assoc in Honeyd.

-f <filename>

Designates the Honeyd configuration file name and location. This is a mandatory parameter. You can create different configuration files to reflect different honeypots and choose one versus the other at runtime.

<net>

Defines one or more IP addresses that Honeyd will respond to. This can be a single IP address, a range (for example, 10.0.0.1-10.0.0.255), or CIDR notation (for example, 10.0.0.0/8). This information can also be defined in the Honeyd configuration file instead. If left undefined, Honeyd will attempt to respond to any traffic it sees.

Here is an example of a runtime Honeyd command:

 honeyd -d -p NMAP.PRINTS -x XPROBE2.CONF -a NMAP.ASSOC -f honeyd.config   -i 2 -l c:\Honeyd\log\honeyd.log 10.0.0.0/8 

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net