Hi,
I have a little problem with Walleye (I use roo-1.0.hw-189
with one Windows honeypot).
In fact, Walleye show *only one* Sebek record when the
honeypot starts.
So, Walleye don't show the other sebek packets: they are
considered as they were normal traffic.
I.e., the Sebek packet's source IP is the IP of the Honeypot
(source port = 1101), it's destination IP and port are the
IP and port that I've chosen.
So, the buttons for get additional information on Sebek data
are not displayed.
Of course, I've indicated to the Honeywall the destination
IP and port that Sebek client use.
Thanks
Regards
------------------------------------------------------
Fino al 30% di risparmio + sconto extra del 10%. Scopri
Direct Line con il preventivo gratuito, entro il 31 Ottobre!
http://click.libe
ro.it/direct_line7
|