Problem with Sebek client 3.0.4 and 3.0.3 for Windows Oct 13 2006 10:39PM
mng3 (at) libero (dot) it [email concealed] (mng3 libero it) (1 replies)
Hi all,
I have a problem with Sebek client for Windows version 3.0.4 and 3.0.3.
I use Roo hw1.0-189 and the (virtual) honeypot is WinXP Pro sp2, executed with VMware Player (Host OS: WinXP home sp2).

I installed and configured Sebek client on my honeypot, but when I restarted it, the machine shown me a BSOD and, after a while, it tried to restart itself , but unsuccessful.

So, I restored the latest working configuration of WinXP, and this solved the problem: WinXP started correctly.
However, Sebek client didn't do his job: it didn't send any packet.

Afterward I tried to configure Sebek again, using the "Configuration Wizard" and this time WinXP didn't show any problem. However, Sebek client still don't work.

I have used both tcpdump and sbk_extract to check the existence of Sebek packets, but I did't find any.

Furthermore I have connected the honeypot with another machine in which there is Ethereal,but the result was the same.

This happen with both version 3.0.4 and version 3.0.3 (of course, I configured the Honeywall correctly).

I will be grateful to everyone that will help me.


[ reply ]
RE: Problem with Sebek client 3.0.4 and 3.0.3 for Windows Oct 14 2006 03:22AM
Michael A. Davis (mike datanerds net)


Privacy Statement
Copyright 2010, SecurityFocus