Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 162064 - net-analyzer/honeysnap - tool used for extracting and analyzing data from pcap files, including IRC communications
Summary: net-analyzer/honeysnap - tool used for extracting and analyzing data from pca...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Default Assignee for New Packages
Keywords: EBUILD
Depends on:
Reported: 2007-01-14 16:25 UTC by Blu3
Modified: 2014-10-12 08:19 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Initial honeypot ebuild (honeysnap-,549 bytes, text/plain)
2007-05-18 16:03 UTC, Thomas Anderson (tanderson) (RETIRED)

Note You need to log in before you can comment on or make changes to this bug.
Description Blu3 2007-01-14 16:25:49 UTC
Honeysnap is designed to be a command-line tool for parsing single or multiple pcap data files and producing a 'first-cut' analysis report that identifies significant events within the processed data. This presents security analysts with a pre-prepared menu of high value network activity, aimed at focusing manual forensic analysis and saving significant incident investigation time.
Comment 1 Thomas Anderson (tanderson) (RETIRED) gentoo-dev 2007-05-18 16:02:14 UTC
Attaching ebuild that works on ~amd64.
Comment 2 Thomas Anderson (tanderson) (RETIRED) gentoo-dev 2007-05-18 16:03:21 UTC
Created attachment 119611 [details]
Initial honeypot ebuild

Tested on ~amd64. Feedback would be appreciated.
Comment 3 Jukka Ruohonen 2007-08-26 13:14:42 UTC

Some notes:

1. The current release is

2. The SRC_URI in the submitted ebuild is wrong.

3. The license field is empty.

4. There is some confusion over DEPEND and RDEPEND (e.g. is libpcap only a runtime dependency?).

5. There is no PYTHON_MODNAME (not sure whether this is relevant though).

6. The ebuild installs redundant file; /usr/share/doc/honeysnap-

7. There is no amd64 keyword whatsoever for dev-python/python-irclib, so the ebuild can hardly be ~amd64 as such.

This is an useful tool and therefore I hope you have time check some of the above issues.