Main - News - Forums
Niels Provos and Thorsten Holz
Honeyd ToolsThere are several tools that can be used in conjunction with Honeyd, for data analysis or for other purposes.
Honeydsum.plhoneydsum.pl is a log analyzer written by the Brazilian Honeynet Team that can generate text summaries from Honeyd logs. The summaries can be filtered by specifying IP addresses, ports, protocols or networks. Honeydsum shows the top source IP addresses, ports and the number of connections per hour. It supports input from multiple log files and can also correlate events from several honeypots.
More information: http://www.honeynet.org.br/tools/
HoneycombHoneycomb is a plugin for Honeyd that can be used to automatically generate signatures for Network Intrusion Detection Systems like Snort. It applies protocol analysis and pattern-detection to traffic captured by Honeyd and is useful for creating worm signatures. For example, it created valid signatures for Slammer and Code Red.
More information: http://www.cl.cam.ac.uk/~cpk25/honeycomb/
HoneyviewHoneyview is another log file analysis tool for Honeyd. It provides a graphical overview of the collected data but also provides detailed textual output for events. Honeyview can be used to determine which ports and IP address were most active, and it also supports time series plot; see screenshot.
More information: http://honeyview.sourceforge.net/
If you are missing a tool, please let me know.
Copyright (c) 1999-2004 by Niels Provos
Don't access my pirated music.