Re: Sebek not working

["Mark J. Hufe" <mark.j.hufe () wilmcoll edu>]

Good question. When you find the answer, please let me know.

I have sebek (patched) installed on SUSE 10.0 and XP SP-1. I can see the 
UDP messages sent from clients to server, but the TCP traffic is not 
recognized as sebek traffic on Walleye. However, it is from the command 
line on the honeywall.

That is, I ssh into my Linux honeypot, but cannot see the unencrypted 
keystroke data on Walleye, as shown in figure 7 of:

http://www.securityfocus.com/infocus/1855/2

But I can see it on the honeywall using the command line as shown in 
figures 4 and 5 of:

http://www.securityfocus.com/infocus/1858

I don't know if there's a problem with Walleye or maybe I just haven't 
figured out how to use it yet.

- Mark

r00m 213 wrote:
> Hi All,
>
> I have installed Honeywall Roo-189
> I have installed Sebek on a windows 2003 server (unpatched) and RedHat 9
> (unpatched) machine.
> When I do a NMap scan or epxloit them with Metaploit nothing happens. I cant
> see any Sebeked packets in Walleye.
> The RH9 machine once gave me the message that it had Sebeked packets.
>
> When is Sebek being triggered and what could be wrong?
>
> Gr. r00m 213
>
>
>