Honeypots mailing list archives
Sebek bug - not reporting UDP traffic on Windows
From: Jon Andersen <janderse () umich edu>
Date: Thu, 8 Jun 2006 15:55:32 -0400
Hi,I just filed a bug report on Sebek, https://bugs.honeynet.org/show_bug.cgi?id=447
Sebek is not reporting important information on UDP traffic under Windows. It seems to report the source IP (which is of course the honeypot), but not the destination IP, destination port, or source port. Sometimes it doesn't report anything.
For example, try running hping2 on Windows, and capture the results with Sebek. You will see zeros for destination IP, destination port, and source port. Try running tracert, and you won't see any Sebek report at all.
Has anyone found a solution to this? I can of course capture the UDP traffic externally, but then I won't get the process ID like I would with Sebek.
-Jon Andersen Graduate Student 734-763-4521 (work) 734-763-8428 (home) Computer Science & Engineering - Rm 4917 University of Michigan
Current thread:
- Sebek bug - not reporting UDP traffic on Windows Jon Andersen (Jun 08)