Jeremy, the state of the VM (as long as a snapshot does exist) should not matter.
One configuration option that is incorrct in your setup is the client-path. It needs to be Progra~1 instead of Program Files. Although, I dont think this matters as the error msg would be different. Sometimes, VMware is in a state in which a revert is not possible, so a restart of the VMware service sometimes clears up issues. Let me know how it goes. Christian On Fri, May 9, 2008 at 6:31 AM, Jeremy Du Bruyn <[EMAIL PROTECTED]> wrote: > Hi all, > > My Setup: > > System specs: > OS: Debian (etch) > VMWare: VMware Server 1.0.4 build-56528 > Capture Server: capture-server-2.1.0-300 > > Revert was rebuilt from source as I recieved a "Floating Point Exception" > when executing the packaged one. > > Command used to invoke capture-server: > > java -Djava.net.preferIPv4Stack=true -jar > /home/<user>/capture-server-2.1.0-300/CaptureServer.jar -s > 192.168.1.80:7070 -f input_urls_example.txt > > Error received: > > Option added: server-listen-port => 7070 > Option added: server-listen-address => 192.168.1.80 > Option added: input_urls => input_urls_example.txt > CaptureServer: Listening for connections > Validating config.xml ... > config.xml successfully validated > Option added: capture-network-packets-benign => false > Option added: capture-network-packets-malicious => false > Option added: client-default-visit-time => 10 > Option added: collect-modified-files => false > Option added: p_m => 0.019 > Option added: send-exclusion-lists => false > ExclusionList: file - FileMonitor.exl: File not found > ExclusionList: process - ProcessMonitor.exl: File not found > ExclusionList: registry - RegistryMonitor.exl: File not found > [192.168.1.80:902] VM added > [May 9, 2008 3:10:53 PM-192.168.1.80:902-23764290] VMSetState: > WAITING_TO_BE_REVERTED > [May 9, 2008 3:10:53 PM-192.168.1.80:902-23764290] VMSetState: REVERTING > VIX Error on reverting to snapshot: The system returned an error. > Communication with the virtual machine may have been interrupted > E Disconnected > [May 9, 2008 3:10:55 PM 192.168.1.80:902-23764290] VMware error 255 > [May 9, 2008 3:10:55 PM-192.168.1.80:902-23764290] VMSetState: ERROR > > AND > > ./revert 192.168.1.80 <username> <password> > "/var/lib/vmware/VirtualMachines/XPProSP2-1/Windows XP Professional.vmx" > "Administrator" "<password>" "cmd.exe" "/K C:\program > files\capture\captureclient.bat -s 192.168.1.80 -p 7070 -a 1 -b 2" > VIX Error on reverting to snapshot: The system returned an error. > Communication with the virtual machine may have been interrupted > E Disconnected > > *** username and password replaced by <username> and <password> > repsectively, obviously :) *** > > A tcpdump shows traffic between the vmware-authd service and > capture-server/revert: > > ---snip --- > > 15:10:19.596533 IP 192.168.1.80.60050 > 192.168.1.80.vmware-authd: S > 3987959762:3987959762(0) win 32792 <mss 16396,sackOK,timestamp 123508 > 0,nop,wscale 7> > 15:10:19.630124 IP 192.168.1.80.vmware-authd > 192.168.1.80.60050: S > 3994695723:3994695723(0) ack 3987959763 win 32768 <mss > 16396,sackOK,timestamp 123508 123508,nop,wscale 7> > 15:10:19.630160 IP 192.168.1.80.60050 > 192.168.1.80.vmware-authd: . ack 1 > win 257 <nop,nop,timestamp 123508 123508> > 15:10:19.601887 IP 192.168.1.80.vmware-authd > 192.168.1.80.60050: P > 1:87(86) ack 1 win 256 <nop,nop,timestamp 123509 123508> > 15:10:19.601935 IP 192.168.1.80.60050 > 192.168.1.80.vmware-authd: . ack 87 > win 257 <nop,nop,timestamp 123509 123509> > --- snip --- > > I am able to connect to the captures-server, via the vmware-console, both > from localhost and remotely using the info in config.xml: > > --- snip --- > > <exclusion-list monitor="file" file="FileMonitor.exl" /> > <exclusion-list monitor="process" file="ProcessMonitor.exl" /> > <exclusion-list monitor="registry" file="RegistryMonitor.exl" /> > > <virtual-machine-server type="vmware-server" address="192.168.1.80" > port="902" > username="<user>" password="<password>"> > <virtual-machine > vm-path="/var/lib/vmware/VirtualMachines/XPProSP2-1/Windows XP > Professional.vmx" > client-path="C:\Program > Files\Capture\CaptureClient.bat" > username="<user>" > password="<password>"/> > -- snip --- > > *** username and password replaced by <username> and <password> > repsectively, obviously :) *** > > Must the Guest OS be in an specifc state (on, suspended, off)? > > Any ideas or suggestions? > > Thanks in advance > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > -- ---- Web: http://www.mcs.vuw.ac.nz/~cseifert PGP key http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
