Re: Some questions about Roo

[Edward Balas <ebalas () iu edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chipha.Woo wrote:

| Hi,all I installed Roo and MySQL is running,but I can't see it is
| listening through "netstat -at",why? I have blocked the traffic
| whose dst host isn't honeypots with iptables,but it seems that
| iptables does not work,for walleye still can view the traffic I
| have blocked. I use Roo to collect SEBEK(V3) data,but how can I
| view these data with walleye? Any helps will be appreciated!


Greetings.

1.  mysqld on roo does not accept TCP connections, just Unix Socket
connections.

2. for sebek viewing, in the current state entry into the sebek
browsing is flow centric. For instance if you are looking at the flow
details view of an incoming connection, on the left side of the
individual flow report, you will see that the background color has
changed and that there are additional icons each of which has its own
tool tip.  the tree icon will take you to the sebek process tree
browser...

hope that helps some,

edward
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCnHSYlKB5oSzVKwoRAtg7AJwLvwrmlfgPI/qfr8Y3YEyw+FcCMgCeJDTp
7+MihMRQwv+lL8t+afpOGHc=
=3xzU
-----END PGP SIGNATURE-----