Honeypots mailing list archives
RE: Honeyd for win32
From: "Andrew Hintz \(Drew\)" <drew () overt org>
Date: Mon, 31 Mar 2003 17:06:54 -0600
In the nmap.prints file try removing the entry for "Windows NT 4 SP3". I've run into this problem on some other versions of honeyd. --- nmap.prints.orig Mon Mar 31 13:21:42 2003 +++ nmap.prints Mon Mar 31 13:22:18 2003 @@ -6715,18 +6715,6 @@ T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=N|Y) -# Contributed by Nick Hone nhone () telus net -Fingerprint Windows NT 4 SP3 -TSeq(Class=TD|RI%gcd=<18%SI=<2A00DA&>6B73) -T1(DF=Y%W=7FFF|2017%ACK=S++%Flags=AS%Ops=M|MNWNNT) -T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) -T3(Resp=Y%DF=Y%W=7FFF|2017%ACK=S++|O%Flags=AS|A%Ops=M|NNT) -T4(DF=N%W=0%ACK=O|S%Flags=R%Ops=) -T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=) -T6(DF=N%W=0%ACK=O|S++%Flags=R%Ops=) -T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=) -PU(TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) - # Contributed by grunby grunby () hades ss purchase edu Fingerprint Microsoft NT 4.0 SP5-SP6 TSeq(Class=RI%gcd=<6%SI=<DA16&>21A)
-----Original Message----- From: Pat Garlick [mailto:patlg1 () netzero net] Sent: Monday, March 31, 2003 4:31 PM To: honeypots () securityfocus com Subject: Re: Honeyd for win32 In-Reply-To: <001c01c2ed05$4db4d030$1f02580a@ravenlord> Hello: I need help. I installed honeyd for win32 and the winpcap on a Win2000 box. Upon clicking on Honeyd.exe to start the message: Impossible SI range in fingerprint "Windows NT 4 SP3" Nothing else happens. I used the winPcap _3_0 beta.exe loaded first then tried install of honeyd-0.5-win32. I thought maybe because it is a beta version and because the Readme file indicates that it does not work with all versions of Windows, I then uninstalled the beta version and installed the WinPcap 2.3. Upon trying to install honeyd with this version of WinPcap the error message: The procedure entry point pcap_findalldevs could not be located in the dynamic link library wpcap.dll. And it also does not install honeyd for win32. I did a search on the box for wpcap.dll and for libpcap.dll and it is not on the machine or the downloaded software from http://www.wincap.polito.it According to the Readme file for WinPcap, libPcap is the Unix version that is comparable to pcap_findalldevs... Only by the name can I guess that pcap_findalldevs is suppose to look for the hardware on the box. So..since I have received both of these message inhibiting my installing honeyd on a Win2k box....what do I do now? If it requires much C++ programming... or compiling I won't make it. Pat
Current thread:
- Honeyd for win32 ravenlord (Mar 17)
- <Possible follow-ups>
- Re: Honeyd for win32 Pat Garlick (Mar 31)
- RE: Honeyd for win32 Andrew Hintz (Drew) (Mar 31)