Honeypots mailing list archives

question about honeyd 0.6a (linux)

From: Han Xu <xuhan () cc gatech edu>
Date: Sun, 21 Sep 2003 17:06:18 -0400 (EDT)

Hi,

I installed honeyd 0.6a on a Redhat Linux 7.1. Everything runs
well except one thing.

I cannot let honeyd to capture the communications from the same host.
The detail is:
The host IP is 10.1.1.11, Honeyd simulates 10.1.1.1 - 10.1.1.255.
10.1.1.100 is one of the virtual hosts that don't exist on the LAN.
When I ran "telnet 10.1.1.100" from another Linux on the same LAN, the
honeyd captured the request and logged it. But when I ran the
same thing from the local host (where the honeyd is running), I got "No
route" and honeyd seems do nothing with the packet.

I noticed that, by default, arpd and honeyd ignore the src MAC address by
setting the filter to pcap. So I modified the source code to remove that
filter. Now the arpd shows it replies to "10.1.1.100", but nothing more.

Any ideas ? Thanks in advance.

Han Xu

Current thread:

InfoSec Writers - requesting honeypot papers Von Spangler (Sep 21)
- question about honeyd 0.6a (linux) Han Xu (Sep 21)
  - Re: question about honeyd 0.6a (linux) oudot (Sep 21)
    - Re: question about honeyd 0.6a (linux) Han Xu (Sep 23)
    - Re: question about honeyd 0.6a (linux) Christopher J Carella (Sep 23)