I'm mystified. I've tried installing the Sebek client (ver
3.0.3 and
3.0.4) on 2 different WinXP machines. Installation goes
fine, but I
don't get any output. (I've tried typing into a command
prompt and
opening a telnet connection.) I know that Sebek is on the
PC because the
config program works fine and I can see it when I run the
recovery
console. The honeywall (Roo 1.1) just doesn't receive any
Sebek packets.
Sbk_extract is running on the honeywall (although sbk_upload
is not).
I've also tried running sbk_extract and piping the output to
sbk_ks_log, running tcpdump, and sniffing with Wireshark. I
can see other
traffic from that host, but no Sebek output.
I've configured Sebek with the IP and MAC address of my
gateway (a
cheap Linksys router), and I've set up the same IP and port
on the
honeywall, which is set to route and log Sebek packets. I
didn't see any place
to set the magic number on the honeywall, so I guess that's
not
required.
Any ideas? Have I just not done anything that would trigger
it to
phone home?
TIA
|