MHN and Honeymap

[Chris Moore]

Hi Chaps

I have been battling with MHN a few times, usually not seeing any traffic and getting confused if i have then mis-configured the thing!

Anyhow, this weekend, i have had another go, and now getting some 'hits'

1-5 is where I NMAPed myself to test for stuff, so happy it is now active.

Today's question however, is the honeymap

I seem to get nothing on this page, the one on port :3000

no countries seem to get coloured for activity. 

I am hoping to demo MHN to some students in around a month, so would like to have the 'visuals' as graphics are more exciting than just a bunch of numbers.

Thanks

 Chris

-----

[Jason Trost]

Chris,

Some questions... 

1. Did you have Honeymap open while running the port scan? Honeymap only visualizes events in real time so if not you will not see the events occurring prior to opening it.

2. When opening Honeymap look at the bottom console part of the app. What does it say there? Does it say "connection to Backend established"?

3. On your MHN server can you run this and provide the output?

    sudo supervisorctl status 

    sudo iptables -L 

--
You received this message because you are subscribed to the Google Groups "Modern Honey Network" group.
To unsubscribe from this group and stop receiving emails from it, send an email to modern-honey-net...@googlegroups.com.
To post to this group, send email to modern-hon...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/modern-honey-network/CAD23HmJRuC5%3D2X8S%3DLq5dwYwrZLzvDbgvYB3GgY9f1tevJyBfA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Chris Moore]

Hi Jason

Thanks for getting back to me so quick.

1 -- 

Nmap was just to get some data on the Attacks page, so I understand that that will not be on the live map.

2---

The honeymap on port 3000 when I left it alone for a while has had some info... Of course I was excited, and clicked away, and lost the info, however, it does say connection to back end established...

and during this email stuff started to roll in... perhaps I needed patience !

3 ---

However the /ui/honeymap page still seems to be reluctant...

hope the following help

Thanks

 Chris

-----

[Jason Trost]

 Chris,

I'm glad you're getting events in Honeymap now.

It looks like the Honeymap URL is misconfigured in your mhnserver. On your MHN sever edit this file /opt/mhn/server/config.py

Look for the HONEYMAP_URL variable and change it so it matches the one from your browser that was working. Then run this command

sudo supervisorctl restart mhn-uwsgi 

Did this fix it?

--Jason 

To view this discussion on the web visit https://groups.google.com/d/msgid/modern-honey-network/CAD23HmLhiavobA7DaJXso4ArjX0yomLMLLz6mtwGRXUaEPoXyg%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Jason Trost | Director of ThreatStream Labs | www.threatstream.com 
Phone:  386.235.0078 | Twitter:  @jason_trost