Hello,
I installed Capture-HPC v2.5.1; the server was installed on
Windows XP SP2, and the client was installed on Windows XP SP3.
When capture server was started, the client application, iexplore,
cannot start:( Last day, same trouble was posted to this ml,
but my issue was not solved if i configured "client-default=iexplorebulk."
The following are capture server and client log(too long, sorry).
Why this issue is happen?
# XP SP3?
client log
--------------------------------
PROJECT: Capture-HPC
VERSION: 2.5
DATE: August 6, 2008
COPYRIGHT HOLDER: Victoria University of Wellington, NZ
AUTHORS:
Christian Seifert ([EMAIL PROTECTED])
Ramon Steenson([EMAIL PROTECTED])
Capture-HPC is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License, V2 as published by
the Free Software Foundation.
Capture-HPC is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Capture-HPC; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,USA
Option: Connect to server ip: 192.168.0.30
Option: Connect to server port: 7070
Starting Capture Client 2.5
hereLoaded plugin: Application_ClientConfigManager.dll
inserted: added application: acrobatreader
inserted: added application: firefox
inserted: added application: opera
inserted: added application: word
inserted: added application: oowriter
Loaded plugin: Application_InternetExplorer.dll
inserted: added application: iexplore
Loaded plugin: Application_InternetExplorerBulk.dll
inserted: added application: iexplorebulk
Loaded plugin: Application_Safari.dll
inserted: added application: safari
Driver already loaded: CaptureProcessMonitor
Driver already loaded: CaptureRegistryMonitor
Loaded filter driver: CaptureFileMonitor
Connected to server at 192.168.0.30
Got connect status changed
---------------------------------------------------------
ServerReceive. Bytes received: 25
Got: <connect server="2.5" />
Got connect event
ServerReceive. Bytes received: 64
Got: <option name="capture-network-packets-malicious" value="true"/>
Creating network dumper
Loading network packet dumper
network adapter found: 192.168.0.50
ServerReceive. Bytes received: 115
Got: <option name="capture-network-packets-benign" value="false"/>
Got: <option name="collect-modified-files" value="true"/>
ServerReceive. Bytes received: 9
Got: <ping/>
ServerReceive. Bytes received: 9
Got: <ping/>
ServerReceive. Bytes received: 9
Got: <ping/>
ServerReceive. Bytes received: 9
Got: <ping/>
--------------------------------
server log
--------------------------------
G:\Program Files\capture-server-2.5.1-389>java -Djava.net.preferIPv4Stack=true -
jar CaptureServer.jar -s 192.168.0.30 -f sample-uri.txt
PROJECT: Capture-HPC
VERSION: 2.5
DATE: Apr 25, 2008
COPYRIGHT HOLDER: Victoria University of Wellington, NZ
AUTHORS:
Christian Seifert ([EMAIL PROTECTED])
Ramon Steenson([EMAIL PROTECTED])
Capture-HPC is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License, V2 as published by
the Free Software Foundation.
Capture-HPC is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Capture-HPC; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,USA
Option added: server-listen-port => 7070
Option added: server-listen-address => 192.168.0.30
Option added: input_urls => sample-uri.txt
CaptureServer: Listening for connections
Validating config.xml ...
config.xml successfully validated
Option added: capture-network-packets-benign => false
Option added: capture-network-packets-malicious => true
Option added: client-default => iexplore
Option added: client-default-visit-time => 60
Option added: client_inactivity_timeout => 6
Option added: collect-modified-files => true
Option added: different_vm_revert_delay => 24
Option added: group_size => 20
Option added: revert_timeout => 120
Option added: same_vm_revert_delay => 6
Option added: send-exclusion-lists => false
Option added: terminate => true
Option added: vm_stalled_after_revert_timeout => 120
Option added: vm_stalled_during_operation_timeout => 300
ExclusionList: file - FileMonitor.exl: File not found
ExclusionList: process - ProcessMonitor.exl: File not found
ExclusionList: registry - RegistryMonitor.exl: File not found
[192.168.0.30:902] VM added
[10 16, 2008 1:11:16 午前-192.168.0.30:902-8568863] VMSetState: WAITING_TO_BE_RE
VERTED
PARSING PREPROCESSOR
n is null
Waiting for input URLs...
[10 16, 2008 1:11:19 午前-192.168.0.30:902-8568863] VMSetState: REVERTING
[10 16, 2008 1:11:29 午前-192.168.0.30:902-8568863] VMSetState: RUNNING
Reverting different VM...waiting considerably
Received msg from client: <connect vm-server-id="31378924" vm-id="8568863"/>
[10 16, 2008 1:11:30 午前-192.168.0.30:902-8568863] ClientSetState: CONNECTED
[10 16, 2008 1:11:30 午前-192.168.0.30:902-8568863] ClientSetState: WAITING
[10 16, 2008 1:11:35 午前-192.168.0.30:902-8568863] Client inactivity, reverting
VM
Sending <ping/>
Sending <ping/>
[10 16, 2008 1:11:53 午前-192.168.0.30:902-8568863] Finished processing VM item:
revert
Sending <ping/>
Sending <ping/>
Sending <ping/>
Waiting for input URLs...
Sending <ping/>
Sending <ping/>
--------------------------------
--
kaito<[EMAIL PROTECTED]>
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
