Seems like this is a bug (I filed a bug ... #723) in that the ping/pong message gets in the way with the binary data...stay tuned for a fix... Christian
On Sun, Mar 30, 2008 at 11:58 AM, Booth, Cary L <[EMAIL PROTECTED]> wrote: > Thanks to Jamie's Christian's assistance, I've got HPC running. > > > > I am continuing to battle an issue when running in client/server mode > though. > > > > First, my setup: > > > > Host OS setup: > > - XP PRO fully patched w/ Microsoft's firewall enabled. > > - AVG Antivirus > > - VMWare Server 1.0.4 > > - capture-server-2.0.1-261 > > - config.xml > > - collect-modified-files="true" > > - capture-network-packets="true" > > - send-exclusion-lists="false" > > > > Guest OS/Client setup #1: > > - XP Pro w/ SP2 only > > - Firewall & auto updates disabled. > > - VMWare Tools > > - vcredist_x86.exe SP1 > > - winpcap 4.0.1 > > > > Guest OS/Client setup #2: > > - XP Pro w/ SP2, patches and applications as installed by our oldest > standard corporate build left on the network > > - VMWare Tools > > - vcredist_x86.exe SP1 > > - winpcap 4.0.1 > > - apps that our users most likely would have installed with known > vulnerabilities and often used by malware-kits > > - quicktime > > - shockwave > > - flash player > > - realtime player > > > > Malware hosting site: www.bookbox21.c_m > > > > Issue: > > Zipped log data transfer to host OS fails midway through. > > Screen output on the server is as follows: > > <part name="C:\Program Files\capture\capture_3032008_1014.zip" > part-start="450560" encoding="base64" part-end="458752"> > > <pong/> > > [192.168.0.74:7070-8029412] XML document structures must start and end > within the same entity. > > [192.168.0.74:7070-8029412]SAXException: Buffer=<part name="C:\Program > Files\capture\capture_3032008_1014.zip" part-start="450560" > encoding="base64" part-end="458752"> > > <pong/> > > org.xml.sax.SAXParseException: XML document structures must start and end > within the same entity. > > [192.168.0.74:7070-8029412] ClientSetState: DISCONNECTED > > > > > > Any suggestions or guidance would be appreciated. > > > > Cary Booth > > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > -- ---- Web: http://www.mcs.vuw.ac.nz/~cseifert PGP key http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
