Honeypotting·Chapter5 131 Getting up and running with SNORT should be very easy as there is a whole range of pre-built virtual appliances you can download from the VMware website, www.vmware.com. Virtual appliances of particular note are SmoothWall Express, Untangle 5.0, and the Backtrack Live CD. Even though these are great appliances and well worth the time, the best tool for monitoring honeypots is still the Honeynet Project's honey wall. Network Traffic Capture There are primarily three different ways to capture the malicious traffic destined for your honeypot. These are Span port from a switch Honey wall bridge Network tap A span port on a managed switch copies or mirrors all of the data entering or leaving a switchport on a switch to another switchport. This other switchport would