Honeypots mailing list archives
Re: Some questions about Roo
From: Edward Balas <ebalas () iu edu>
Date: Tue, 31 May 2005 09:28:40 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chipha.Woo wrote: | Hi,all I installed Roo and MySQL is running,but I can't see it is | listening through "netstat -at",why? I have blocked the traffic | whose dst host isn't honeypots with iptables,but it seems that | iptables does not work,for walleye still can view the traffic I | have blocked. I use Roo to collect SEBEK(V3) data,but how can I | view these data with walleye? Any helps will be appreciated! Greetings. 1. mysqld on roo does not accept TCP connections, just Unix Socket connections. 2. for sebek viewing, in the current state entry into the sebek browsing is flow centric. For instance if you are looking at the flow details view of an incoming connection, on the left side of the individual flow report, you will see that the background color has changed and that there are additional icons each of which has its own tool tip. the tree icon will take you to the sebek process tree browser... hope that helps some, edward -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCnHSYlKB5oSzVKwoRAtg7AJwLvwrmlfgPI/qfr8Y3YEyw+FcCMgCeJDTp 7+MihMRQwv+lL8t+afpOGHc= =3xzU -----END PGP SIGNATURE-----
Current thread:
- Some questions about Roo Chipha.Woo (May 30)
- Re: Some questions about Roo Edward Balas (May 31)