No Capturing of Source Ip in HTTP Listeners

Hi Guys , I really like Fakenet and was trying to create HTTP based listener and the configuration works really well , However when I check the logs of HTTP Listerner , It does not produce any entry of actually who actullay initiated the connection aka the Source Ip , If we bump the verbose logging to GENPKT then Its shows the Ip making conenctions to port 80 or 443 which is not part of HTTP Listner Log though and It just makes it very difficult ot Tie logs together like in SIEM Environment , Please Fix this issue , Thanks in advance for awesome work you guys are doing

Hi @rosha16. Thank you for bringing this to our attention. I noticed you also created a GitHub issue for the fakenet repo at https://github.com/fireeye/flare-fakenet-ng/issues/143 . Since fakenet is one of our open source projects, GitHub is the most appropriate place to keep track of the issue and get help from the developers of the tool.

1 Like

Thanks Colin , I will wait for a reply from the developers.

Please let me know if there are any other good HoneyPot alternatives , I looked around however all projects seems to be inactive now . Does fireye has a professional offering in HoneyPot space

I talked with one of our internal team members, and we aren’t aware of any honeypots that FireEye might offer.