Linux下实现蜜罐系统

实验二：Linux下实现蜜罐系统

   局域网内联网的两台主机，其中一台为Linux操作系统主机用作安装“蜜罐”，用Honeyd实现，另一台为windows主机，对蜜罐进行扫描，可用扫描软件。

 

实验步骤：

1. 实验环境 ubuntu16.04、windows10
2. 在ubuntu上下载安装honeyd需要用的压缩包，并且全部放在honeyd文件夹下

1. 安装g++ gcc工具

通过命令su切换到超户 root；

输入 apt-get install g++ gcc；

1. 解压libevent-1.4.14b-stable.tar.gz

tar -zxvf libevent-1.4.14b-stable.tar.gz

cd libevent-1.4.14b-stable

./configure

make

make install

1. 解压libdnet-1.12.tgz

tar -zxvf libdnet-1.12.tgz

cd libdnet-1.12.tgz

./configure

make

make install

1. 解压libpcap-1.3.0.tar.gz

tar -zxvf libpcap-1.3.0.tar.gz

cd libpcap-1.3.0

./configure

 

错误：configure: error: Your operating system's lex is insufficient to compile

libpcap.  flex is a lex replacement that has many advantages, including

being able to compile libpcap.  For more information, see

 

解决：apt-get install flex

 

./configure

make

 

错误：make: yacc：command not found

make: *** [grammar.c] error 127

 

解决：apt-get install bison

 

make

make install

1. 解压 honeyd-1.5c.tar.gz

tar -zxvf honeyd-1.5c.tar.gz

cd honeyd-1.5c.

./configure

错误：configure: error: need either libedit or libreadline; install one of them

 

解决：apt-get install libedit-dev

 

./configure

错误：configure: error: zlib ismissing - you need to install it

 

解决：解压zlib-1.2.8.zip

         tar -zxvf zlib-1.2.8.zip

         cd zlib-1.2.8

         ./configure

         make

         make install

         cd ../honeyd-1.5c

         ./configure

 

错误：configure: error: Couldn't figure out how to access libc

 

解决：ln -s /lib/x86_64-linux-gnu/libc.so.6 /usr/lib/libc.so

         ./configure

错误：/usr/local/lib/libpcap.so:undefined reference to ‘pcap_parse’

解决：重新编译libpcap-1.3.0

cd ../libpcap-1.3.0

make clean

./configure

make

make install

 

cd honeyd-1.5c

make

make install

honeyd-1.5c安装完成

1. 解压arpd-0.2.tar.gz

tar -zxvf arpd-0.2

cd arpd-0.2

./configure

make

make install

 

 

错误：error：expected’)’ before string constant…

 

解决：在arpd.c文件中添加#define __FUNCTION__””

 

make

make install

1. 解压honeyd_kit-1.0c-a.tgz

Tar -zxvf honeyd_kit-1.0c-a.tgz

Cd honeyd_kit-1.0c-a

./configure

Make

Make install

 

1.  在honeyd_kit-1.0c-a下运行

./start-arpd.sh

./start-honeyd.sh

1. 蜜罐运行成功 arpd和honeyd都捕捉到网卡信息

Honeyd starting as background process

1. 伪装一个ip地址对其进行监听

输入 ./arpd 192.168.110.200

1. 指定nmap扫描的系统

 

1. 打开另一台linux主机对伪装出的ip进行扫描

Ping 192.168.110.200

（15）蜜罐系统同步监听

（16）实验成功