Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

honeypots logo Honeypots mailing list archives

Is Sebek doing its Job!
From: obichbiche () googlemail com
Date: 9 Oct 2006 08:21:16 -0000
Hi All,

I’ve attacked my own virtual honeypot running a windows XP box (In VMware workstation5.5), I took a word document of 
38KB from there, when I check in walleye I can see that Sebek recorded the intrusion and even the size of the packet 
which is what I would expect, but the thing is when I try to reconstruct the packets to get the word file from there 
using the Pcap file provided by Walleye for the flow in question, the size of the packet is reduced to half in certain 
occasions. 

My question is: does Sebek record all the information and take only a fraction of the flow and send it to Honeywall or 
it does encapsulate everything?
I’m using Sebek version: 3.0.4.0

Many thanks for your clarifications in Advance

Omar Bichbiche 
obichbiche () googlemail com

  By Date           By Thread  

Current thread:
  • Is Sebek doing its Job! obichbiche (Oct 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]