Sebek bug - not reporting UDP traffic on Windows

[Jon Andersen <janderse () umich edu>]

Hi,
I just filed a bug report on Sebek, 
https://bugs.honeynet.org/show_bug.cgi?id=447

Sebek is not reporting important information on UDP traffic under 
Windows.  It seems to report the source IP (which is of course the 
honeypot), but not the destination IP, destination port, or source 
port.  Sometimes it doesn't report anything.

For example, try running hping2 on Windows, and capture the results 
with Sebek.  You will see zeros for destination IP, destination port, 
and source port.  Try running tracert, and you won't see any Sebek 
report at all.

Has anyone found a solution to this?  I can of course capture the UDP 
traffic externally, but then I won't get the process ID like I would 
with Sebek.

-Jon Andersen
Graduate Student
734-763-4521 (work)
734-763-8428 (home)
Computer Science & Engineering - Rm 4917
University of Michigan