Honeypots and Sniffing the packets

Honeypots and Sniffing the packets

A Honey pot is a computer or software application that is intended to collect any information that comes into contact with it. This could be done through port scans, a human or automatic login process, or both.

Honey pots can be configured to perform basic tasks like capturing network traffic. The majority of honey pots are made to attract dangerous actors. All of the threat actor’s behaviours will be observed and recorded by the honey pot. Members of the blue team can take these steps to improve an organization’s security posture.

Most honey pots look like ordinary machines, they merely provide an attack identification method that is well known to most security experts, including blue team members, and the intelligence or data gained from these attacks is minimal, making the honey pot concept unethical.

On the other hand, a lot of cyber security experts believe that honey pots are a very significant resource for learning how threat actors approach compromising the devices of organisations. There are many thousands of honey pots being used by people, governments, and cybersecurity firms worldwide to collect data on potential attackers for the upcoming major attack or even a minor one. Using honey pots is lawful.

It is crucial to comprehend your network and the data that moves through it. Knowing the sorts of data and what they should look like will help you as a chief information security officer (CISO), system administrator, or analyst assess whether you are under attack or not. You can better understand the massive amounts of traffic that will pass the network by using honey pots and data sniffing tools like Wireshark.