Re: Walleye not displaying Sebek3 data

[wbmccarty () gmail com]

I don't have difficulty viewing Sebek3 data using Walleye. I had a honeypot compromised by badguys using an SSH 
password-guessing tool and was able to follow their BASH session flawlessly. 

Are you clicking the magnifying glass icon of connections you suspect may contain keystroke data? If so, could you be 
choosing the wrong connections or processes? Often the sys_read calls are issued by a child process of the process 
associated with the network connection. Figuring out which process has the keystroke data can be a bit difficult 
sometimes. I myself sometimes find the sbk_extract and sbk_ks_log scripts more useful than the Walleye UI. But, that's 
not surprising in my case, since I often prefer command-line tools to GUI/web-based UI tools.

Cheers,