Good question. When you find the answer, please let me know.
I have sebek (patched) installed on SUSE 10.0 and XP SP-1. I can see the
UDP messages sent from clients to server, but the TCP traffic is not
recognized as sebek traffic on Walleye. However, it is from the command
line on the honeywall.
That is, I ssh into my Linux honeypot, but cannot see the unencrypted
keystroke data on Walleye, as shown in figure 7 of:
http://www.securityfocus.com/infocus/1855/2
But I can see it on the honeywall using the command line as shown in
figures 4 and 5 of:
http://www.securityfocus.com/infocus/1858
I don't know if there's a problem with Walleye or maybe I just haven't
figured out how to use it yet.
- Mark
r00m 213 wrote:
> Hi All,
>
> I have installed Honeywall Roo-189
> I have installed Sebek on a windows 2003 server (unpatched) and RedHat 9
> (unpatched) machine.
> When I do a NMap scan or epxloit them with Metaploit nothing happens. I cant
> see any Sebeked packets in Walleye.
> The RH9 machine once gave me the message that it had Sebeked packets.
>
> When is Sebek being triggered and what could be wrong?
>
> Gr. r00m 213
>
>
>
Received on Aug 14 2006
Intro
