Re: [Honeywall] Sebek logs

[Nandhini Thiagarajan]

i'm using sebek-linux26-3.2.0b.
   
  i did the foll-
   
  1) ./configure --disable-raw-socket-replacement
   
  2) make  -                 this produced an error - 
/root/Desktop/sebek-lin26-3.2.0b/src/net.c:198: error: ‘struct net_device’ has 
no member named ‘xmit_lock’
   
    After doing some analysis, came to know that in 2.6.18 kernels xmit_lock 
has been renamed to _xmit_lock. 
    So i added this line to the src/net.c file.
  #define xmit_lock _xmit_lock
   
  Then the make command got through. It created a binary tar file.
   
  3) I extracted that and modified the sbk_sh file. 
  4) ./sbk_install.sh  succeeded.
   
  When i do a lsmod, i can see sbk loaded.
   
  But when i turn on a network sniffer looking for sebek port 1101, and when i 
ssh to the box and type something i dont see any packets for that port. I see 
other TCP packets through other ports.
   
  Not sure what is going wrong.
   
  Thanks
   
  

Robert Mcmillen <[EMAIL PROTECTED]> wrote:
  What version of sebek client are you using?  Did you make any modifications 
to get it to compile?  What configuration options did you use to compile sebek? 
 Did you get any errors when loading sebek?  Did you load sebek in testing 
mode?  If so, does an lsmod show sbk module loaded?  If you turn on a sniffer 
looking for your sebek port.... and you ssh to the box and type something... do 
you see any packets flowing?  

  Rob
  
    On Feb 29, 2008, at 10:04 PM, Nandhini Thiagarajan wrote:

    Hello all,
   
  I successfully installed Sebek in Honeypot (Fedora core 5 2.6.18 kernels).
   
  So for my pen testing, i used this honeypot. I have roo 1.2 running on the 
same network.
  I wanted to see keystrokes on roo for whatever i was typing on my honeypot's 
command line see keystrokes by running  "sbk_extract -i eth1 -p 1101 | 
sbk_ks_log.pl" 
on console.  But i could not succeed on that.
   
  Before installing, in the sbk_install.sh i have set the following parameters -
   - DESTINATION_MAC
   
        This i have set up as the MAC addr of eth1 interface of Honeywall
   
   - DESTINATION_IP
        
        Destination ip of default gateway
   
   - DESTINATION_PORT
   
       1101 
   - SOURCE_PORT
             1101
   
   
  Can anyone please tell me if i'm doing anything wrong here?

  

  
---------------------------------
  Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it 
now._______________________________________________
Honeywall mailing list
Honeywall@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/honeywall



_______________________________________________
Honeywall mailing list
Honeywall@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/honeywall


       
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile.  Try it now.
_______________________________________________
Honeywall mailing list
Honeywall@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/honeywall