The menace of attackers over the network is unstoppable for the past two decades. The security practitioners and researchers are devising mechanisms to safeguard the network and its components, but still attackers emerge with cutting edge technologies to disturb the intention of legitimate users in the network. Thus, before devising proper defensive mechanisms against a specific attack, it is essential to understand the motive and strategies of the attackers with the proper clarity. This paper presents a virtual honeynet framework to record all the attackers’ activities and analyzes the strategies, tools, and mechanisms followed by the attacker, in a real-time manner. We analyzed the recorded attacks in our framework with respect to different parameters like protocol, ports, honeypots, and IDPS tools to understand the motive behind the attacks. This novel virtual honeynet architecture will give insight to the readers and security practitioners to understand the strategies followed by the attackers as well as the way of designing different traps to secretly follow the attackers in the road toward foolproof safeguarding mechanisms. © Springer Nature Singapore Pte Ltd 2020.