Hi,
I just filed a bug report on Sebek,
https:/
/bugs.honeynet.org/show_bug.cgi?id=447
Sebek is not reporting important information on UDP traffic
under
Windows. It seems to report the source IP (which is of
course the
honeypot), but not the destination IP, destination port, or
source
port. Sometimes it doesn't report anything.
For example, try running hping2 on Windows, and capture the
results
with Sebek. You will see zeros for destination IP,
destination port,
and source port. Try running tracert, and you won't see
any Sebek
report at all.
Has anyone found a solution to this? I can of course
capture the UDP
traffic externally, but then I won't get the process ID
like I would
with Sebek.
-Jon Andersen
Graduate Student
734-763-4521 (work)
734-763-8428 (home)
Computer Science & Engineering - Rm 4917
University of Michigan
|