A useful question though might be better rounded.
I would hope it is difficult to detect a honeypot though their unresponsiveness can sometimes give things away. Really you might like to make your own honeypot and learn from hands-on experience. bt has a daemon ready for you to utilise:
A (surprisingly) useful entry appears here:
Quite a good place to launch your research.
Also look at:
As for detecting mitm attacks perhaps utilise a sniffer ids and watch for temporal delays in network traffic particularly in certificate transfer/validation.
Write back for further guidance