Monkey.org Developments
Honeyd Live Statistics

Honeyd Resources

Main - News - Forums - New
Download Releases
General Information [Mirror]
Frequently Asked Questions
Sample Configurations
Tools - Service Scripts
Live Statistics - New
Links, Press, etc.
Mailing List Archive
Acknowledgments


Honeyd Research

Immunization Against Worms
Understanding Spam
Performance

Honeypot Resources

Honeypot Background
Honeypot Concepts

Happy Hacking

Reduce wishlists
Leave a tip with PayPal

Support Honeyd

Search:
Keywords:

Search Amazon

  		 

Live Statistics

Recent versions of Honeyd support real-time capture of network traffic statistics. A new console will visualize the data using the internal Honeyd web server. In the following, you see an example of live data captured from several Honeyd machines.

The following statistics are currently available:

Operating System Distribution
This table shows the distribution of operating systems for machines randomly scanning the Internet. The data is being collected and updated automatically.
Operating System Minute Hour Day
FreeBSD 5.0-5.1 0.0% 2.4% 0.2%
Linux 2.6 0.0% 12.2% 0.9%
MacOS X 10.2 0.0% 9.8% 0.1%
Windows 2000 RFC1323 0.0% 2.4% 0.2%
Windows 2000 SP4 0.0% 4.9% 0.3%
Windows XP SP1 0.0% 48.8% 8.4%
unknown 0.0% 19.5% 89.3%

Last updated at October 7 2005 02:21:37 PM

The following port statistics are a combination of the top<N> ports for the minute, hour and day categories. The percentage reflects only these top ports and not all scanned ports.

Destination Port Distribution
This table shows the distribution of scanned destination ports. The data is being collected and updated automatically.
Destination Port Minute Hour Day
1026 0.0% 2.8% 21.5%
10000 0.0% 0.0% 2.5%
22 0.0% 66.1% 5.5%
25 0.0% 0.9% 2.0%
2100 0.0% 0.0% 2.3%
3128 0.0% 9.7% 11.5%
3389 0.0% 0.0% 3.3%
8000 0.0% 3.9% 4.4%
80 0.0% 8.1% 12.9%
81 0.0% 1.4% 0.5%
139 0.0% 0.7% 0.4%
8080 0.0% 3.7% 9.9%
45456 50.0% 0.2% 0.0%
1433 0.0% 0.0% 11.3%
445 0.0% 0.0% 3.2%
3306 0.0% 0.0% 4.3%
36080 50.0% 0.2% 0.0%
6129 0.0% 2.1% 2.5%
1023 0.0% 0.0% 2.0%

Last updated at October 7 2005 02:21:37 PM

The following table shows the top-level domain from which network activity is reaching the honeypots.

Country Distribution
This table shows the distribution of countries from which traffic is originating. The data is being collected and updated automatically.
Destination Port Minute Hour Day
at 0.0% 0.0% 0.9%
com 100.0% 4.3% 4.4%
edu 0.0% 0.2% 2.3%
fr 0.0% 0.0% 0.5%
jp 0.0% 0.0% 1.0%
lt 0.0% 6.7% 0.2%
net 0.0% 7.7% 5.1%
nl 0.0% 0.0% 1.1%
org 0.0% 1.2% 0.1%
tw 0.0% 30.6% 1.4%
unknown 0.0% 48.3% 80.7%

Last updated at October 7 2005 02:21:37 PM

Honeypots also help to track which IP addresses are used for sending spam. The following statistics show the top twenty addresses that send spam to Honeyd honeypots.

Spammer IP Address Distribution
This table shows the top IP addresses sending spam via the monitored honeypots. The data is being collected and updated automatically.
IP Address Minute Hour Day
221.169.56.134 0.0% 100.0% 98.9%

Last updated at October 7 2005 02:21:37 PM

More statistics are going to be available soon. 		 
Last modified: April 27 2005 11:17:48 PM
Copyright (c) 1999-2004 by Niels Provos
Don't access my pirated music.