Correcting Port Errors
You may see that some ports in the
Ports View are marked as being
in
Error.
This means that KFSensor failed to bind to a port.
Only one service can bind to a port, so this is usually because another service is already using this port.
While a port is in an error state KFSensor will not be able to respond to connections made to that port or to monitor
the traffic on that port. So these errors should be fixed.
Port 0 error
Ports TCP 0 and UDP 0 may be in an error state.
The are special ports that represent all ports that do not have a Listen definition defined for them.
If these ports are in error then this means that the
KFSensor's Network Protocol Analyzer feature is not enabled.
To correct this problem you need to ensure either the WinPCap library or the Npcap library is installed and the Network Protocol Analyzer
setting in KFSensor is enabled.
Normal port errors
There are three ways in which port errors can be corrected.
1. De-activate the Listen Definition
The simplest but least desirable way of correcting the port error is to disable the listen definition for the port.
KFSensor will then ignore this port.
Go to the Scenario ->
Edit Active Scenario dialog box.
Select the port and press the Active button.
2. Close the other service
The most secure way is to disable the service that is currently bound to the port.
By doing this the port will be available for KFSensor to bind its Sim Server to.
The
Server lock down section later in this guide, gives details on how to do this and the
sorts or common services that bind to ports on a Windows installation.
3. Convert to native
The Professional and Enterprise Editions of KFSensor have the ability monitor network traffic of other services.
This enables a native service such as the IIS web server to be used as part of the honeypot.
All connections made to this services will be logged in the same was as connections made to a sim server.
This is done by changing the Listen definition's to Action Type to the Native setting.
When set to Native KFSensor will not attempt to bind to the port, but will instead monitor traffic to that port in the background.
To make things easy the Scenario -> Edit Active Scenario dialog has a button
"Convert To Native..." that display the Convert To Native dialog box.
This allows you to choose which ports in error should be converted to Native.
KFSensor On-Line Manual Contents