|
Honeypots
mailing list archives
Help Needed: Having a problem with sebek server
From: "Turner,Robbin J." <robbin () mitre org>
Date: Tue, 18 Nov 2003 19:04:38 -0500
I was trying to extract the data from a tcpdump stream and the
sbk_extract is giving me a malformed sebek record error. The data is
coming off a Debian honeypot into a RedHat box running tcpdump. Then
I'm piping the tcpdump output into the sbk_extract and getting the
following:
[.....]
malformed sebek record: data length=64 packet caplen=96
malformed sebek record: data length=199 packet caplen=96
malformed sebek record: data length=25 packet caplen=96
malformed sebek record: data length=447 packet caplen=96
warning RX 1073774479 Lost 107383140
malformed sebek record: data length=208 packet caplen=96
malformed sebek record: data length=55 packet caplen=96
malformed sebek record: data length=176 packet caplen=96
malformed sebek record: data length=25 packet caplen=96
malformed sebek record: data length=444 packet caplen=96
malformed sebek record: data length=7 packet caplen=96
malformed sebek record: data length=497 packet caplen=96
malformed sebek record: data length=56 packet caplen=96
malformed sebek record: data length=36 packet caplen=96
[.....]
If you have any advice where to look I'd really appreciate it.
Thanks
Robbin Turner
--
''~``
( o o )
+----------------------.oooO--(_)--Oooo.----------------------+
| Robbin Turner robbin () mitre org |
| Lead Info Systems Engineer |
| G071 - Cyber Analysis and Investigations (703) 883-7775 (V) |
| The MITRE Corporation (888) 645-0576 (P) |
| Mail Stop W435 (703) 883-4589 (F) |
| 7515 Colshire Drive McLean, VA 22102 |
|=============================================================|
| |
| Be nice to your kids. |
| They'll choose your nursing home. |
| |
| .oooO |
| ( ) Oooo. |
+-------------------------\ (----( )------------------------+
\_) ) /
(_/
 By Date 
By Thread
Current thread:
- Help Needed: Having a problem with sebek server Turner,Robbin J. (Nov 18)
|
