asked on

honeyd

I downloaded and compiled honeyd. I modified the config.example file to match the ip scheme that is on my network, and made a log file to write to. If I run ps -ef | grep honeyd I get
nobody 2505 1 0 14:37 ? 00:00:00 /usr/local/bin/honeyd -f /honey/honey-1.5c/honeyd.conf -l /loghoney/log
So does thing mean honeyd is working? I read somewhere that you should be able to ping the virtual machines, and in my honey.conf file one of the addresses is 192.168.1.10, but I can't ping it. Is there a way to test honeyd?

ASKER CERTIFIED SOLUTION

http:// thevpn.guru

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

JeffBeall

ASKER

The ip of the honeyd machine is 192.168.1.107, one of the ip's in the example.conf file is 192.168.1.10. I copied example.conf to honeyd.conf and changed the ip's to match my networks ip. Then like you suggested, I tried pinging 192.168.1.10 from the honeyd machine and got, " Destination host unreachable". I can ping my domain controller, and www.yahoo.com. Maybe my problem is I didn't setup a virtual machine correctly. When I run
/usr/local/bin/honeyd -f /honey/honeyd-1.5c/honeyd.conf -l /loghoney/log
I get
honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd(5023): started with -f /honey/honeyd-1.5c/honeyd.conf -l /loghoney/log
Warning: Impossible SI range in Class fingerprint "IBM os/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4. sp3"
honeyd[5023}: listening promiscuously on eth0: ( arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip)) and not ether scr
Honeyd starting as background process
Is there a good tutorial somewhere on how to setup a virtual machine in honeyd? This is the first time I ever setup honeyd, so this is all new to me and I don't know what a "SI" range is.