[Honeywall] Sebek-packages but no data?

Rob McMillen rvmcmil at gmail.com
Thu Jul 31 15:48:21 EDT 2008


If you ssh into the honeypot and sebek is running on the honeypot, you
should see anything the user types at the keyboard.  You should also
see the ssh banner.  You just need to locate the ssh session in
walleye.  This session should have the sebek icon which will let you
analyze the process tree and keystrokes.

Would it be helpful to craft a sample with screenshots?

Rob

On Thu, Jul 31, 2008 at 3:39 PM, Jefferson, Shawn
<Shawn.Jefferson at bcferries.com> wrote:
> Rob,
>
> Will you be able to see SSH keystrokes if you are making a connection
> from the attacker INTO the Honeywall, like in this case?
>
> Shawn


More information about the Honeywall mailing list