You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to capture the network traffic of certain honeypots: Cowrie, Heralding, DDoSpot and Honeytrap, therefore I want to use tshark and create pcaps of each networkinterface. For instance veth25e1aaa or veth25e1aaa. But these interfaces change from time to time or with every server restart.
Because of that, I want to define permanent network interfaces to setup an automatic capture skript.
So far I tried:
e.g.
/tpotce/docker/cowrie/docker-compose.yml
adding a network alias
"network_aliases:
- veth6de3e1d"
OR
1.)Is it possible to setup permanent virtual network interface names?
2.)If not, does anybody has another idea for capturing the complete traffic of certain honeypots (capturing on adapater any isnt an option, as I need the ethernet layer)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I want to capture the network traffic of certain honeypots: Cowrie, Heralding, DDoSpot and Honeytrap, therefore I want to use tshark and create pcaps of each networkinterface. For instance veth25e1aaa or veth25e1aaa. But these interfaces change from time to time or with every server restart.
Because of that, I want to define permanent network interfaces to setup an automatic capture skript.
So far I tried:
e.g.
/tpotce/docker/cowrie/docker-compose.yml
"network_aliases:
- veth6de3e1d"
OR
networks:
cowrie_local
driver: bridge
ipam:
driver: default
config:
- subnet: 172.100.0.0/16
driver_opts:
com.docker.network.bridge.name: br_cwrie
--> didnt change anything
OR
/tpotce/docker/docker-compose.yml
OR
/opt/tpot/etc/tpot.yml
To make the question more concrete:
1.)Is it possible to setup permanent virtual network interface names?
2.)If not, does anybody has another idea for capturing the complete traffic of certain honeypots (capturing on adapater any isnt an option, as I need the ethernet layer)
I'd be very gratefull for any help or any advice!
Beta Was this translation helpful? Give feedback.
All reactions