> I'm trying to setup honeytrap on a debian box. I'm using honeytrap 1.0,
> on a virtual interface with a private IP address.
Numerous bugs were fixed since 1.0, but there is no 1.1 release yet. Do
a subversion checkout like this
svn co https://svn.mwcollect.org/honeytrap/trunk honeytrap
and configure && make that code.
> honeytrap -a 172.17.20.72 -u honeyd -g honeyd -t 6 -C
> /usr/local/etc/honeytrap/honeytrap.conf -D -L
That looks OK. By the way, you use the pcap stream monitor, right? On
Linux you might want to give the nfq stream monitor a try.