Back to list
Is Sebek doing its Job!
Oct 09 2006 08:21AM
obichbiche googlemail com
I?ve attacked my own virtual honeypot running a windows XP box (In VMware workstation5.5), I took a word document of 38KB from there, when I check in walleye I can see that Sebek recorded the intrusion and even the size of the packet which is what I would expect, but the thing is when I try to reconstruct the packets to get the word file from there using the Pcap file provided by Walleye for the flow in question, the size of the packet is reduced to half in certain occasions.
My question is: does Sebek record all the information and take only a fraction of the flow and send it to Honeywall or it does encapsulate everything?
I?m using Sebek version: 126.96.36.199
Many thanks for your clarifications in Advance
obichbiche (at) googlemail (dot) com [email concealed]
[ reply ]
Copyright 2010, SecurityFocus