From IPTABLES:
Packets: 6.31 M
Traffic: 432.80 MB <<< WOW. watching this number change in realtime
!sentinel: Dynamic firewall bypass for Minipot HTTP
Is there a way i can peek into actual traffic in the Sentinel Honeypots?
The service it ends up in is sentinel-minipots. You can enable logging for it in init script but I do not think that you can make sense of it. It is pretty much debug prints.
Unfortunately at the moment there is no other option. We are at the moment working on https://view.sentinel.turris.cz/. In the future you should be able to filter out just data from your specific device.
Well you can turn off setinel-proxy and replace it with https://gitlab.nic.cz/turris/sentinel/proxy/-/merge_requests/7 temporally. This is going to give you all messages sent from your router to our network. Unfortunately I would not classify it as peeking as in such case nothing is sent to our servers.
In general we collect actions such as “connect” and “login attempt”. In case of login attempts we collect username and password. In case of HTTP we also get user-agent and few other fields. Of course we also get attacker’s IP address.