Walleye don't recognize sebek packet Oct 19 2006 04:50PM
mng3 (at) libero (dot) it [email concealed] (mng3 libero it)
I have a little problem with Walleye (I use roo-1.0.hw-189 with one Windows honeypot).
In fact, Walleye show *only one* Sebek record when the honeypot starts.

So, Walleye don't show the other sebek packets: they are considered as they were normal traffic.
I.e., the Sebek packet's source IP is the IP of the Honeypot (source port = 1101), it's destination IP and port are the IP and port that I've chosen.
So, the buttons for get additional information on Sebek data are not displayed.

Of course, I've indicated to the Honeywall the destination IP and port that Sebek client use.



Fino al 30% di risparmio + sconto extra del 10%. Scopri Direct Line con il preventivo gratuito, entro il 31 Ottobre!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus