Honeypots mailing list archives

Re: my sebek2 did not work

From: "fatb" <fatb () security zz ha cn>
Date: Tue, 17 Jun 2003 10:33:22 +0800

if the log dir does not exist,it will auto create,i've test,and even though it cant create dir,it also give some 
infomation to the terminal like this

./sebeksniff -i eth0 -p 1101 -l /haha
 opening eth0: looking for UDP dst port 1101
/haha/xx.xx.xx.xx: packet 1009857330  144 bytes

I use a syslog gen to send info to dst ip,so make sure the dst host work fine 

I comment out the cleaner.o install,after run the sebek.sh,I can found the mod in by lsmod ,but the stat is "unused"


./sebek.sh
Installing Sebek:
  sebek.o installed successfully

lsmod
Module                  Size  Used by    Not tainted
sebek                  23508   0  (unused)
8139too                16480   1






----- Original Message ----- 
From: "Chris Mawer" <red_hantu () hotmail com>
To: <fatb () security zz ha cn>
Sent: Monday, June 16, 2003 10:57 PM
Subject: Re: my sebek2 did not work

./sebeksniff -i eth0 -p 1101 -l /home/me/log

and then do something in the first linux box which installed the
sebek,but the sebeksniff can get any info and find nothing in
the /home/me/log dir :(


**1. Have you actually issued mkdir "/home/me/log" if the folder doesnt 
exist, im unsure whether sebek has the capacity to create the folder for 
you.

I also use tcpdump to capture the udp port 1101,but got nothing the same
Is there anybody faced the same problem the same with I did ?


**2. Two possible problems here, are you running in a switched network 
environment? I assume you are aware of the difference between switches and 
hubs, and the problems switches present to sniffing ethernet traffic. 2nd 
issue, even if the networking is done with hubs, are the LAN cards set to 
promiscuous mode? Ie, do they have the capacity to follow standard tcpdump 
operation, or must they be manually set to promiscuous mode.

Hope that helps somehow,

Chris Mawer

_________________________________________________________________
Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile

Current thread:

my sebek2 did not work Fang Yong (Jun 15)
- Re: my sebek2 did not work george chamales (Jun 16)
  - Re: my sebek2 did not work fatb (Jun 16)
    - Re: my sebek2 did not work Seth Arnold (Jun 16)
- Re: my sebek2 did not work Edward Balas (Jun 16)
  - Re: my sebek2 did not work fatb (Jun 16)
    - Re: my sebek2 did not work Edward Balas (Jun 17)