What version of sebek client are you using? Did you make any
modifications to get it to compile? What configuration options did
you use to compile sebek? Did you get any errors when loading sebek?
Did you load sebek in testing mode? If so, does an lsmod show sbk
module loaded? If you turn on a sniffer looking for your sebek
port.... and you ssh to the box and type something... do you see any
packets flowing?
Rob
On Feb 29, 2008, at 10:04 PM, Nandhini Thiagarajan wrote:
Hello all,
I successfully installed Sebek in Honeypot (Fedora core 5 2.6.18
kernels).
So for my pen testing, i used this honeypot. I have roo 1.2 running
on the same network.
I wanted to see keystrokes on roo for whatever i was typing on my
honeypot's command line see keystrokes by running "sbk_extract -i
eth1 -p 1101 | sbk_ks_log.pl"
on console. But i could not succeed on that.
Before installing, in the sbk_install.sh i have set the following
parameters -
- DESTINATION_MAC
This i have set up as the MAC addr of eth1 interface of
Honeywall
- DESTINATION_IP
Destination ip of default gateway
- DESTINATION_PORT
1101
- SOURCE_PORT
1101
Can anyone please tell me if i'm doing anything wrong here?
Be a better friend, newshound, and know-it-all with Yahoo! Mobile.
Try it now._______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
