could you enable network capture and disable file copy. does it crash then?
On Wed, Sep 24, 2008 at 4:27 AM, asm <[EMAIL PROTECTED]> wrote: > Hi, Christian; > Running "7za a -tzip test.zip .\logs" in cmd line is successful. > All of my past experiments didn't enable network capture. > Besides, you're always warmhearted and helpful. > Thanks again. > > Thanks & Regards, > Asm > > ------------------------------ > asm > 2008-09-24 > ------------------------------ > *发件人:* Christian Seifert > *发送时间:* 2008-09-23 23:19:04 > *收件人:* General discussion list for Capture-HPC users > *抄送:* > *主题:* Re: [Capture-HPC] No Malicious Sites > > asm, can you try the same and see whether this will "solve" your problem? > > Matthias, when running capture with the server vs just running the client > exe with option -c is the zipping of the logs dir. I am wondering whether > the 7z.exe is causing your trouble. Can you try running it on the client > manually to zip up the log dir? > > Also, what happens if you enable network capture and copying of client > files on the server. Crash? > > Thanks for helping me to track this issue down remotely. Once I have a > repro case on my end I will investigate on my end and release a patch.... > > Christian > > On Tue, Sep 23, 2008 at 5:12 PM, Matthias Luft < > [EMAIL PROTECTED]> wrote: > >> no crash :)) >> >> Christian Seifert wrote: >> >>> can you disable the copy modified file option in your config.xml and let >>> me know if it crashes? >>> >>> On Tue, Sep 23, 2008 at 3:40 PM, Matthias Luft < >>> [EMAIL PROTECTED] <mailto: >>> [EMAIL PROTECTED]>> wrote: >>> >>> Hi, >>> >>> Christian Seifert wrote: >>> >>> Getting closer. ... >>> >>> sounds so ;-) >>> >>> >>> Can you >>> 1. execute on the client 'CaptureClient.exe -c', >>> 2. copy a file manually from a to b using your windows explorer >>> 3. on the capture client window, press q and then enter >>> >>> crash or no crash? >>> >>> no crash, logfile attached. >>> >>> >>> Also, have you tried out installing winpcap and 2005 c++ sp1 >>> redist libs? >>> >>> Aye, I installed both, but it still crashes. >>> >>> >>> Also, one more question: What exact version of CaptureClient >>> are you using? >>> >>> It's 251-384 for both catpure-server and capture-client. >>> >>> Thanks & Regards, >>> Matthias >>> >>> Microsoft Windows XP [Version 5.1.2600] >>> (C) Copyright 1985-2001 Microsoft Corp. >>> >>> C:\Documents and Settings\Administrator>cd \ >>> >>> C:\>cd "Program Files" >>> >>> C:\Program Files>cd Capture >>> >>> C:\Program Files\Capture>CaptureClient.exe -c >>> PROJECT: Capture-HPC >>> VERSION: 2.5 >>> DATE: August 6, 2008 >>> COPYRIGHT HOLDER: Victoria University of Wellington, NZ >>> AUTHORS: >>> Christian Seifert ([EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>) >>> Ramon Steenson([EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>) >>> >>> >>> Capture-HPC is free software; you can redistribute it and/or modify >>> it under the terms of the GNU General Public License, V2 as >>> published by >>> the Free Software Foundation. >>> >>> Capture-HPC is distributed in the hope that it will be useful, >>> but WITHOUT ANY WARRANTY; without even the implied warranty of >>> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >>> GNU General Public License for more details. >>> >>> You should have received a copy of the GNU General Public License >>> along with Capture-HPC; if not, write to the Free Software >>> Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA >>> 02110-1301,USA >>> >>> Option: Collecting modified files >>> Starting Capture Client 2.5 >>> hereLoaded plugin: Application_ClientConfigManager.dll >>> inserted: added application: acrobatreader >>> inserted: added application: firefox >>> inserted: added application: opera >>> inserted: added application: word >>> inserted: added application: oowriter >>> Loaded plugin: Application_InternetExplorer.dll >>> inserted: added application: iexplore >>> Loaded plugin: Application_InternetExplorerBulk.dll >>> inserted: added application: iexplorebulk >>> Loaded plugin: Application_Safari.dll >>> inserted: added application: safari >>> Driver already loaded: CaptureProcessMonitor >>> Driver already loaded: CaptureRegistryMonitor >>> Loaded filter driver: CaptureFileMonitor >>> --------------------------------------------------------- >>> Start capturing modified files ... >>> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >>> HKCU\Software\Microsoft >>> \Internet Explorer\Toolbar\Locked >>> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >>> HKCU\Software\Microsoft >>> \Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass >>> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >>> HKCU\Software\Microsoft >>> \Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName >>> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >>> HKCU\Software\Microsoft >>> \Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet >>> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >>> HKCU\Software\Microsoft >>> \Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass >>> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >>> HKCU\Software\Microsoft >>> \Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName >>> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >>> HKCU\Software\Microsoft >>> \Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet >>> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >>> HKCU\Software\Microsoft >>> \Internet >>> Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} >>> registry: SetValueKey 1284 C:\WINDOWS\explorer.exe -> -1 >>> HKCU\Software\Microsoft >>> \Internet Explorer\Toolbar\Explorer\ITBarLayout >>> process: created 4294967295 UNKNOWN -> C:\WINDOWS\explorer.exe 1708 >>> file: Write 1284 C:\WINDOWS\explorer.exe -> -1 C:\Program >>> Files\Capture\Copy of >>> COPYING >>> q >>> Copying monitored files >>> Copying file: C:\Program Files\Capture\Copy of COPYING >>> ... done >>> Resetting hStopEventResetting hStopEventResetting hStopEvent >>> C:\Program Files\Capture> >>> _______________________________________________ >>> Capture-HPC mailing list >>> Capture-HPC@public.honeynet.org >>> <mailto:Capture-HPC@public.honeynet.org> >>> https://public.honeynet.org/mailman/listinfo/capture-hpc >>> >>> >>> >>> >>> -- >>> ---- >>> Web: >>> http://www.mcs.vuw.ac.nz/~cseifert<http://www.mcs.vuw.ac.nz/%7Ecseifert>< >>> http://www.mcs.vuw.ac.nz/%7Ecseifert> >>> >>> PGP key >>> http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt<http://www.mcs.vuw.ac.nz/%7Ecseifert/pgpkey.txt>< >>> http://www.mcs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> >>> Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 >>> BAEF >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Capture-HPC mailing list >>> Capture-HPC@public.honeynet.org >>> https://public.honeynet.org/mailman/listinfo/capture-hpc >>> >>> >> >> >> _______________________________________________ >> Capture-HPC mailing list >> Capture-HPC@public.honeynet.org >> https://public.honeynet.org/mailman/listinfo/capture-hpc >> >> > > > -- > ---- > Web: http://www.mcs.vuw.ac.nz/~cseifert<http://www.mcs.vuw.ac.nz/%7Ecseifert> > > PGP key > http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt<http://www.mcs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > -- ---- Web: http://www.mcs.vuw.ac.nz/~cseifert PGP key http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
