Now there is only one "java.exe" task running when I run the capture server but still the same problem. Any other ideas? ________________________________
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Christian Seifert Gesendet: Donnerstag, 6. November 2008 19:21 An: General discussion list for Capture-HPC users Betreff: Re: [Capture-HPC] Capture-HPC: Client inactivity, reverting VM the error msg indicates that you are already running a capture process. kill all java processes and retry... On Thu, Nov 6, 2008 at 10:17 AM, admin [at] abuse.ch <[EMAIL PROTECTED]> wrote: Hi there! I installed & configured Capture-HPC client and Capture-HPC server. When I start the capture server I always get the message "Waiting for input URLs..." and after a while "Client inactivity, reverting VM". Here are some information about my installation: Host system: Windows 2003 Server SP2 (German) Capture-Server: 2.5.1 - 389 VMware server: 1.0.7 Java version: Java RE 6 Update 10 MS Visual C++ 2008 Redistributable (9.0.21022) IP address: 192.168.1.4 Guest system: Windows XP SP2 (English) Capture-client: 2.5.1 - 389 Java version: Java RE 6 Update 10 MS Visual C++ 2008 Redistributable (9.0.21022) IP address: 192.168.1.41 After I start the Capture Server (CaptureServer.jar) it reverts the VM and starts a DOS-window on the guest system (capture-client): "C:\WINDOWS\system32>c:\progra~1\capture\CaptureClient.exe -s 192.168.1.4 -p 902 -a 13220408 -b 31379709 1>c:\progra~1\capture\capture.log" After that, nothing happens. After a while the capture server reverts the VM again.... again... and again. Capture server output: "C:\honey>java -Djava.net.preferIPv4Stack=true -jar CaptureServer.jar -s 192.168.1.4:902 -f C:\honey\input_uris.txt PROJECT: Capture-HPC VERSION: 2.5 DATE: Apr 25, 2008 Capture-HPC is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, V2 as published by the Free Software Foundation. Capture-HPC is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with Capture-HPC; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,USA Option added: server-listen-port => 902 Option added: server-listen-address => 192.168.1.4 Option added: input_urls => C:\honey\input_uris.txt CaptureServer: exception - java.net.BindException: Address already in use: JVM_B ind java.net.BindException: Address already in use: JVM_Bind at java.net.PlainSocketImpl.socketBind(Native Method) at java.net.PlainSocketImpl.bind(Unknown Source) at java.net.ServerSocket.bind(Unknown Source) at java.net.ServerSocket.<init>(Unknown Source) at capture.ClientsController.run(ClientsController.java:39) at java.lang.Thread.run(Unknown Source) Validating config.xml ... config.xml successfully validated Option added: capture-network-packets-benign => false Option added: capture-network-packets-malicious => false Option added: client-default => iexplorebulk Option added: client-default-visit-time => 20 Option added: client_inactivity_timeout => 60 Option added: collect-modified-files => false Option added: different_vm_revert_delay => 24 Option added: group_size => 20 Option added: revert_timeout => 120 Option added: same_vm_revert_delay => 6 Option added: send-exclusion-lists => false Option added: terminate => true Option added: vm_stalled_after_revert_timeout => 120 Option added: vm_stalled_during_operation_timeout => 300 ExclusionList: file - FileMonitor.exl: File not found ExclusionList: process - ProcessMonitor.exl: File not found ExclusionList: registry - RegistryMonitor.exl: File not found [192.168.1.4:902] VM added [Nov 6, 2008 6:43:57 PM-192.168.1.4:902-8029412] VMSetState: WAITING_TO_BE_REVERTED PARSING PREPROCESSOR n is null Waiting for input URLs... [Nov 6, 2008 6:43:59 PM-192.168.1.4:902-8029412] VMSetState: REVERTING [Nov 6, 2008 6:44:22 PM-192.168.1.4:902-8029412] VMSetState: RUNNING Reverting different VM...waiting considerably [Nov 6, 2008 6:44:46 PM-192.168.1.4:902-8029412] Finished processing VM item: revert Waiting for input URLs... [Nov 6, 2008 6:45:22 PM-192.168.1.4:902-8029412] Client inactivity, reverting VM [Nov 6, 2008 6:45:22 PM-192.168.1.4:902-8029412] VMSetState: WAITING_TO_BE_REVERTED [Nov 6, 2008 6:45:24 PM-192.168.1.4:902-8029412] VMSetState: REVERTING [Nov 6, 2008 6:45:45 PM-192.168.1.4:902-8029412] VMSetState: RUNNING Reverting same VM...just waiting a bit [Nov 6, 2008 6:45:51 PM-192.168.1.4:902-8029412] Finished processing VM item: revert Waiting for input URLs... [Nov 6, 2008 6:46:45 PM-192.168.1.4:902-8029412] Client inactivity, reverting VM [Nov 6, 2008 6:46:45 PM-192.168.1.4:902-8029412] VMSetState: WAITING_TO_BE_REVERTED [Nov 6, 2008 6:46:46 PM-192.168.1.4:902-8029412] VMSetState: REVERTING" Capture server configuration (config.xml): "<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:noNamespaceSchemaLocation="config.xsd"> <!-- version 2.5 --> <global collect-modified-files="false" client-default="iexplorebulk" client-default-visit-time="20" capture-network-packets-malicious="false" capture-network-packets-benign="false" send-exclusion-lists="false" terminate="true" group_size="20" vm_stalled_after_revert_timeout="120" revert_timeout="120" client_inactivity_timeout="60" vm_stalled_during_operation_timeout="300" same_vm_revert_delay="6" different_vm_revert_delay="24" /> <exclusion-list monitor="file" file="FileMonitor.exl" /> <exclusion-list monitor="process" file="ProcessMonitor.exl" /> <exclusion-list monitor="registry" file="RegistryMonitor.exl" /> <!--preprocessor classname="example"> <![CDATA[ <example-config attribute1="1.0" attribute2="40" attribute2="log/output.log"/> ]]> </preprocessor--> <!--virtual-machine-server type="mock-vm-server" address="127.0.0.1" port="902" username="User" password="Password"> <virtual-machine vm-path="dummyPath" client-path="dummyClientPath" username="User" password="Password"/> </virtual-machine-server--> <virtual-machine-server type="vmware-server" address="192.168.1.4" port="902" username="Administrator" password="hidden"> <virtual-machine vm-path="D:\VirutalWorld\honeyclient\WinXP_SP2_EN\WinXP.vmx" client-path="C:\Progra~1\capture\CaptureClient.bat" username="Administrator" password="hidden"/> </virtual-machine-server> </config>" Input_uris.txt (C:\honey\input_uris.txt): "#several urls. as shown below, one can specify a client application identifier (iexplore) as well as overwrite the default visitation time for the url http://www.google.ch http://www.google.at http://www.google.com http://www.google.de http://www.google.fr http://www.google.it http://www.google.co.nz"; Applications.conf: "#[Client Name] [Client Path] (Download URL to temp directory and open from there?) firefox C:\Program Files\Mozilla Firefox\firefox.exe opera C:\Program Files\Opera\opera.exe acrobatreader C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe yes" So whats the point? Can you help me? Regards _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc -- ---- Web: http://www.mcs.vuw.ac.nz/~cseifert PGP key http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
