Monkey.org Developments
Honeyd Live Statistics

Honeyd Resources

Main - News - Forums - New
Download Releases
General Information [Mirror]
Frequently Asked Questions
Sample Configurations
Tools - Service Scripts
Live Statistics - New
Links, Press, etc.
Mailing List Archive
Acknowledgments


Honeyd Research

Immunization Against Worms
Understanding Spam
Performance

Honeypot Resources

Honeypot Background
Honeypot Concepts

Honeypot Books


Virtual Honeypots,
Niels Provos and Thorsten Holz

Happy Hacking

Reduce wishlists
Leave a tip with PayPal

Support Honeyd

Search:
Keywords:

Search Amazon

  		 

Live Statistics

Recent versions of Honeyd support real-time capture of network traffic statistics. A new console will visualize the data using the internal Honeyd web server. In the following, you see an example of live data captured from several Honeyd machines.

The following statistics are currently available:

Operating System Distribution
This table shows the distribution of operating systems for machines randomly scanning the Internet. The data is being collected and updated automatically.
Operating SystemMinuteHourDay
FreeBSD 4.6-4.8 0.0% 0.0% 0.6%
FreeBSD 5.0-5.1 0.0% 2.3% 0.2%
Linux 2.6 0.0%15.9%18.5%
OpenBSD 3.0-3.4 opera 0.0% 0.0% 0.8%
Windows 2000 RFC1323 0.0% 4.5% 3.5%
Windows 2000 SP4 0.0% 0.0% 1.1%
Windows 98 0.0% 0.0% 0.6%
Windows XP SP1100.0%22.7%26.9%
unknown 0.0%54.5%47.3%

Last updated at July 10 2006 04:29:31 AM

The following port statistics are a combination of the top<N> ports for the minute, hour and day categories. The percentage reflects only these top ports and not all scanned ports.

Destination Port Distribution
This table shows the distribution of scanned destination ports. The data is being collected and updated automatically.
Destination PortMinuteHourDay
1026 0.0%38.5%30.5%
5900 0.0% 0.0% 1.9%
5901 0.0% 0.0% 1.9%
5902 0.0% 0.0% 1.9%
22 0.0% 0.6% 9.2%
3372 0.0% 0.0% 1.9%
2100 0.0% 0.0% 1.9%
312859.3%36.4%28.2%
3389 0.0% 0.0% 1.9%
800014.8%12.5% 8.0%
80 0.0% 1.2% 3.9%
81 7.4% 4.6% 3.9%
808018.5% 5.4% 2.6%
6101 0.0% 0.0% 1.9%

Last updated at July 10 2006 04:29:31 AM

The following table shows the top-level domain from which network activity is reaching the honeypots.

Country Distribution
This table shows the distribution of countries from which traffic is originating. The data is being collected and updated automatically.
Destination PortMinuteHourDay
com 0.0% 7.6% 7.6%
net 0.0% 6.1% 8.4%
nl 0.0% 0.0% 0.6%
pl 0.0% 0.0% 0.6%
tw 0.0% 0.3% 0.6%
unknown100.0%85.7%80.1%

Last updated at July 10 2006 04:29:32 AM

Honeypots also help to track which IP addresses are used for sending spam. The following statistics show the top twenty addresses that send spam to Honeyd honeypots.

Spammer IP Address Distribution
This table shows the top IP addresses sending spam via the monitored honeypots. The data is being collected and updated automatically.
IP AddressMinuteHourDay
220.139.9.2080.0%0.0%100.0%

Last updated at July 10 2006 04:29:32 AM

More statistics are going to be available soon. 		 
Last modified: April 27 2005 11:17:48 PM
Copyright (c) 1999-2004 by Niels Provos
Don't access my pirated music.