Bug 162064

Summary:	net-analyzer/honeysnap - tool used for extracting and analyzing data from pcap files, including IRC communications
Product:	Gentoo Linux	Reporter:	Blu3 <david+gentoo.org>
Component:	New packages	Assignee:	Default Assignee for New Packages <maintainer-wanted>
Status:	CONFIRMED ---
Severity:	enhancement	CC:	drear, netmon
Priority:	High	Keywords:	EBUILD
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.honeynet.org/tools/honeysnap/
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Initial honeypot ebuild

Description Blu3 2007-01-14 16:25:49 UTC

Honeysnap is designed to be a command-line tool for parsing single or multiple pcap data files and producing a 'first-cut' analysis report that identifies significant events within the processed data. This presents security analysts with a pre-prepared menu of high value network activity, aimed at focusing manual forensic analysis and saving significant incident investigation time.

Comment 1 Thomas Anderson (tanderson) (RETIRED) gentoo-dev

2007-05-18 16:02:14 UTC

Attaching ebuild that works on ~amd64.

Comment 2 Thomas Anderson (tanderson) (RETIRED) gentoo-dev

2007-05-18 16:03:21 UTC

Created attachment 119611 [details]
Initial honeypot ebuild

Tested on ~amd64. Feedback would be appreciated.

Comment 3 Jukka Ruohonen 2007-08-26 13:14:42 UTC

Hi.

Some notes:

1. The current release is 1.0.6.10.

2. The SRC_URI in the submitted ebuild is wrong.

3. The license field is empty.

4. There is some confusion over DEPEND and RDEPEND (e.g. is libpcap only a runtime dependency?).

5. There is no PYTHON_MODNAME (not sure whether this is relevant though).

6. The ebuild installs redundant file; /usr/share/doc/honeysnap-1.0.6.10/PKG-INFO.bz2.

7. There is no amd64 keyword whatsoever for dev-python/python-irclib, so the ebuild can hardly be ~amd64 as such.


This is an useful tool and therefore I hope you have time check some of the above issues.