[Honeywall] Sebek data from Windows does not integrate with walleye

Bjoern Weiland bjoern.weiland at rz.uni-karlsruhe.de
Wed Jun 11 09:16:05 EDT 2008


Hey Rob

 > P.S   Any other issues so far with the release of 1.4?

Yes, actually there is :) Now thanks for your patch, sebek on my linux 
Honeypot now compiled and is working fine, also integrating with walleye 
with the process tree and related flows.
The windows sebek client does not integrate though. I am on XP SP3, 
fully patched. What I do get in walleye is only the UDP sebek data flow 
to port 1101 listed as a normal connection initiated from the honeypot. 
No tree views or the like:
Moreover, if you look at the screenshot provided, I don't get why the 
Linux system sends UDP to port 1025 of the pinged system as well, but 
this just to mention...

Screenshot: http://bjou.de/walleye2.jpg

  -best regards, bjoern


More information about the Honeywall mailing list