Setting Up
Command Line Options
The Config File The Rules File
  • Interface Tests
  • Ethernet Tests
  • IP Tests
  • ICMP Tests
  • TCP Tests
  • UDP Tests
  • TCPStream Tests
  • DNS Tests
  • HTTP Tests
  • Includes
Bait&Switch Honeypots
Config File <Interface>

You need to specify an interface section for each interface hogwash needs to use. Here's an example interface section:

<interface eth0>

The Type and Role lines are the only ones that are required.


This specifies how hogwash will talk to the interface. On many operating systems, there's more than one way to get packets off and interface. Not all methods are available on all operating systems.

Currently supported interface types are:

  • linux_raw
  • obsd_bpf
  • osx_bpf
  • tcpdump
  • solaris_dlpi

Solaris_dlpi isn't fully functional as of this writing.

To read tcpdump files, specify the name of the file in place of the interface name. When reading tcpdump files, you must have Threads=0 in the <system> section.


This specifies the base protocol of interface. Currently the only supported protocol is Ethernet. More will be added later. Eventually, this line will be optional as I make hogwash query the interface for its base protocol.


This is an optional section. Role is used to give hints to hogwash when there's things like IP address conflicts and MAC address conflicts. Most people won't need this line. It's used mostly for HoneyPots.

Valid roles are:

  • Internal
  • External
  • Normal
  • Honey