Hi Christian, Found the issue. Seems my snapshot went for a walk and thats why it wasnt working :(
Thanks for taking the time to reply though. Do you perhaps want installation howto's for different host OS's? If so, I may have some time to write up a Debian install guide. Thanks again Cheers On Fri, May 9, 2008 at 5:18 PM, Christian Seifert < [EMAIL PROTECTED]> wrote: > Jeremy, the state of the VM (as long as a snapshot does exist) should not > matter. > > One configuration option that is incorrct in your setup is the client-path. > It needs to be Progra~1 instead of Program Files. Although, I dont think > this matters as the error msg would be different. > > Sometimes, VMware is in a state in which a revert is not possible, so a > restart of the VMware service sometimes clears up issues. > > Let me know how it goes. > Christian > > On Fri, May 9, 2008 at 6:31 AM, Jeremy Du Bruyn <[EMAIL PROTECTED]> > wrote: > >> Hi all, >> >> My Setup: >> >> System specs: >> OS: Debian (etch) >> VMWare: VMware Server 1.0.4 build-56528 >> Capture Server: capture-server-2.1.0-300 >> >> Revert was rebuilt from source as I recieved a "Floating Point Exception" >> when executing the packaged one. >> >> Command used to invoke capture-server: >> >> java -Djava.net.preferIPv4Stack=true -jar >> /home/<user>/capture-server-2.1.0-300/CaptureServer.jar -s >> 192.168.1.80:7070 -f input_urls_example.txt >> >> Error received: >> >> Option added: server-listen-port => 7070 >> Option added: server-listen-address => 192.168.1.80 >> Option added: input_urls => input_urls_example.txt >> CaptureServer: Listening for connections >> Validating config.xml ... >> config.xml successfully validated >> Option added: capture-network-packets-benign => false >> Option added: capture-network-packets-malicious => false >> Option added: client-default-visit-time => 10 >> Option added: collect-modified-files => false >> Option added: p_m => 0.019 >> Option added: send-exclusion-lists => false >> ExclusionList: file - FileMonitor.exl: File not found >> ExclusionList: process - ProcessMonitor.exl: File not found >> ExclusionList: registry - RegistryMonitor.exl: File not found >> [192.168.1.80:902] VM added >> [May 9, 2008 3:10:53 PM-192.168.1.80:902-23764290] VMSetState: >> WAITING_TO_BE_REVERTED >> [May 9, 2008 3:10:53 PM-192.168.1.80:902-23764290] VMSetState: REVERTING >> VIX Error on reverting to snapshot: The system returned an error. >> Communication with the virtual machine may have been interrupted >> E Disconnected >> [May 9, 2008 3:10:55 PM 192.168.1.80:902-23764290] VMware error 255 >> [May 9, 2008 3:10:55 PM-192.168.1.80:902-23764290] VMSetState: ERROR >> >> AND >> >> ./revert 192.168.1.80 <username> <password> >> "/var/lib/vmware/VirtualMachines/XPProSP2-1/Windows XP Professional.vmx" >> "Administrator" "<password>" "cmd.exe" "/K C:\program >> files\capture\captureclient.bat -s 192.168.1.80 -p 7070 -a 1 -b 2" >> VIX Error on reverting to snapshot: The system returned an error. >> Communication with the virtual machine may have been interrupted >> E Disconnected >> >> *** username and password replaced by <username> and <password> >> repsectively, obviously :) *** >> >> A tcpdump shows traffic between the vmware-authd service and >> capture-server/revert: >> >> ---snip --- >> >> 15:10:19.596533 IP 192.168.1.80.60050 > 192.168.1.80.vmware-authd: S >> 3987959762:3987959762(0) win 32792 <mss 16396,sackOK,timestamp 123508 >> 0,nop,wscale 7> >> 15:10:19.630124 IP 192.168.1.80.vmware-authd > 192.168.1.80.60050: S >> 3994695723:3994695723(0) ack 3987959763 win 32768 <mss >> 16396,sackOK,timestamp 123508 123508,nop,wscale 7> >> 15:10:19.630160 IP 192.168.1.80.60050 > 192.168.1.80.vmware-authd: . ack 1 >> win 257 <nop,nop,timestamp 123508 123508> >> 15:10:19.601887 IP 192.168.1.80.vmware-authd > 192.168.1.80.60050: P >> 1:87(86) ack 1 win 256 <nop,nop,timestamp 123509 123508> >> 15:10:19.601935 IP 192.168.1.80.60050 > 192.168.1.80.vmware-authd: . ack >> 87 win 257 <nop,nop,timestamp 123509 123509> >> --- snip --- >> >> I am able to connect to the captures-server, via the vmware-console, both >> from localhost and remotely using the info in config.xml: >> >> --- snip --- >> >> <exclusion-list monitor="file" file="FileMonitor.exl" /> >> <exclusion-list monitor="process" file="ProcessMonitor.exl" /> >> <exclusion-list monitor="registry" file="RegistryMonitor.exl" /> >> >> <virtual-machine-server type="vmware-server" address=" >> 192.168.1.80" port="902" >> username="<user>" password="<password>"> >> <virtual-machine >> vm-path="/var/lib/vmware/VirtualMachines/XPProSP2-1/Windows XP >> Professional.vmx" >> client-path="C:\Program >> Files\Capture\CaptureClient.bat" >> username="<user>" >> password="<password>"/> >> -- snip --- >> >> *** username and password replaced by <username> and <password> >> repsectively, obviously :) *** >> >> Must the Guest OS be in an specifc state (on, suspended, off)? >> >> Any ideas or suggestions? >> >> Thanks in advance >> >> _______________________________________________ >> Capture-HPC mailing list >> Capture-HPC@public.honeynet.org >> https://public.honeynet.org/mailman/listinfo/capture-hpc >> >> > > > -- > ---- > Web: http://www.mcs.vuw.ac.nz/~cseifert > > PGP key > http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > >
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
