从僵尸网络追踪到入侵检测 第8章 Honeyd配置文件使用
2016-01-12 20:55
676 查看
Honeyd配置文件使用
环境配置
1、Honeyd服务器IP 10.10.10.218
2、使用命令 honeydctl
步骤
1、启用honeyd服务
root@honeyd_server:~# honeyd -f /etc/test.config
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[2567]: started with -f /etc/test.config
honeyd[2567]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 00:0c:29:3f:0b:1b
Honeyd starting as background process
2、使用命令honeydctl查看信息
root@honeyd_server:~# honeydctl
Honeyd 1.5c Management Console
Copyright (c) 2004 Niels Provos. All rights reserved.
See LICENSE for licensing information.
Up for 11 seconds.
0C 0P honeydctl>
登录提示有版本信息
OC 代表活动链接数量
OP 代表活动进程数量
3、查看命令帮助
0C 0P honeydctl> help
help outputs a command help
! runs a Python command in the Honeyd environment
delete removes configured templates and ports
list lists configured templates or subsystems
4、使用list命令
1)查看所有信息
0C 0P honeydctl> list template
1. 10.10.0.100 (Cisco router running IOS 12.2(8)T)
2. 10.10.0.20 (Microsoft Windows NT 4.0 SP3)
3. 10.10.0.30 (Microsoft Windows NT 4.0 SP3)
4. 10.10.1.100 (Cisco router running IOS 12.2(8)T)
5. 10.10.1.15 (Microsoft Windows NT 4.0 SP3)
6. 10.10.1.16 (Microsoft Windows NT 4.0 SP3)
7. router (Cisco router running IOS 12.2(8)T)
8. windows (Microsoft Windows NT 4.0 SP3)
2)查看window信息
0C 0P honeydctl> list template windows
template windows:
personality: Microsoft Windows NT 4.0 SP3
IP id: 0
TCP seq: 0
TCP drop: in: 0 syn: 0
refcnt: 1
ports:
tcp 21 open
tcp 25 open
tcp 80 open
3)查看单台机器
0C 0P honeydctl> list template "10.10.0.30"
template 10.10.0.30:
personality: Microsoft Windows NT 4.0 SP3
IP id: 0
TCP seq: 0
TCP drop: in: 0 syn: 0
refcnt: 1
ports:
tcp 21 open
tcp 25 open
tcp 80 open
5、使用Delete命令关机
0C 0P honeydctl> delete 10.10.0.20
0C 0P honeydctl> list template
1. 10.10.0.100 (Cisco router running IOS 12.2(8)T)
2. 10.10.0.30 (Microsoft Windows NT 4.0 SP3)
3. 10.10.1.100 (Cisco router running IOS 12.2(8)T)
4. 10.10.1.15 (Microsoft Windows NT 4.0 SP3)
5. 10.10.1.16 (Microsoft Windows NT 4.0 SP3)
6. router (Cisco router running IOS 12.2(8)T)
7. windows (Microsoft Windows NT 4.0 SP3)
环境配置
1、Honeyd服务器IP 10.10.10.218
2、使用命令 honeydctl
步骤
1、启用honeyd服务
root@honeyd_server:~# honeyd -f /etc/test.config
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[2567]: started with -f /etc/test.config
honeyd[2567]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 00:0c:29:3f:0b:1b
Honeyd starting as background process
2、使用命令honeydctl查看信息
root@honeyd_server:~# honeydctl
Honeyd 1.5c Management Console
Copyright (c) 2004 Niels Provos. All rights reserved.
See LICENSE for licensing information.
Up for 11 seconds.
0C 0P honeydctl>
登录提示有版本信息
OC 代表活动链接数量
OP 代表活动进程数量
3、查看命令帮助
0C 0P honeydctl> help
help outputs a command help
! runs a Python command in the Honeyd environment
delete removes configured templates and ports
list lists configured templates or subsystems
4、使用list命令
1)查看所有信息
0C 0P honeydctl> list template
1. 10.10.0.100 (Cisco router running IOS 12.2(8)T)
2. 10.10.0.20 (Microsoft Windows NT 4.0 SP3)
3. 10.10.0.30 (Microsoft Windows NT 4.0 SP3)
4. 10.10.1.100 (Cisco router running IOS 12.2(8)T)
5. 10.10.1.15 (Microsoft Windows NT 4.0 SP3)
6. 10.10.1.16 (Microsoft Windows NT 4.0 SP3)
7. router (Cisco router running IOS 12.2(8)T)
8. windows (Microsoft Windows NT 4.0 SP3)
2)查看window信息
0C 0P honeydctl> list template windows
template windows:
personality: Microsoft Windows NT 4.0 SP3
IP id: 0
TCP seq: 0
TCP drop: in: 0 syn: 0
refcnt: 1
ports:
tcp 21 open
tcp 25 open
tcp 80 open
3)查看单台机器
0C 0P honeydctl> list template "10.10.0.30"
template 10.10.0.30:
personality: Microsoft Windows NT 4.0 SP3
IP id: 0
TCP seq: 0
TCP drop: in: 0 syn: 0
refcnt: 1
ports:
tcp 21 open
tcp 25 open
tcp 80 open
5、使用Delete命令关机
0C 0P honeydctl> delete 10.10.0.20
0C 0P honeydctl> list template
1. 10.10.0.100 (Cisco router running IOS 12.2(8)T)
2. 10.10.0.30 (Microsoft Windows NT 4.0 SP3)
3. 10.10.1.100 (Cisco router running IOS 12.2(8)T)
4. 10.10.1.15 (Microsoft Windows NT 4.0 SP3)
5. 10.10.1.16 (Microsoft Windows NT 4.0 SP3)
6. router (Cisco router running IOS 12.2(8)T)
7. windows (Microsoft Windows NT 4.0 SP3)
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Android网络请求心路历程
- 【转】TCP/IP报文格式
- CentOS 7安装配置Apache HTTP Server
- Xcode7 网络请求报错:The resource could not be loaded because the App Transport Security policy requir
- XMLHttpRequest对象的status属性状态吗
- 【主席树】BZOJ 1146 network网络管理
- 用caffe训练人工神经网络
- python网络编程(基于twisted的客户端编程)
- C++基于TCP和UDP的socket通信
- OkHttpUtils的Eclipse版Lib
- HTTP 长连接和短连接
- iOS 网络请求
- http在request中放参数并在前台获取
- Android 网络开源库之-retrofit2.0
- jmeter 创建http请求
- 基于UDP的多线程网络数据包收发测试程序
- 基于UDP的单线程网络点对点数据包收发测试程序
- Android 主流网络图片加载缓存库框架Universal-ImageLoader的使用
- 安装nginx时安装http_stub_status_module
- http协议的实现 httpd的基础配置