Thanks you Christian. Your replies are always very fast!
The ticket has been created (https://projects.honeynet.org/capture-hpc/ticket/743
) and the PDF answers my questions.
Last unanswered question though: How to enforce the archiving of the
folder (zip of \logs\) at the end of the analysis?
I have winzip, zip, 7za, 7z installed and available in $PATH as well
as the %Capture% folder.
Regards,
--
Nicolas
On Jan 7, 2009, at 12:36 PM, Christian Seifert wrote:
Nicholas, right now the log location is hardcoded. I think you are
making a
good suggestion. I would like to ask you to file a ticket (have
feature
request in the title) at https://projects.honeynet.org/capture-hpc.
Re the communication between the client and the server, the answer
to your
question is yes. Capture uses a simple XML protocol over TCP/IP,
which is
documented here:
https://projects.honeynet.org/capture-hpc/attachment/wiki/AboutCapture/Capture%20Communication%20Protocol.pdf-
it should allow you to do what you are looking for...
Christian
On Tue, Jan 6, 2009 at 7:28 PM, Nicolas Collery
<nicolas.coll...@gmail.com>wrote:
Hi,
I have been using Capture HPC in standalone mode for quite some
time now
but I have few questions below:
I start Capture as such: CaptureClient.exe -c -n -l F:\Capture.log
F: being a smb shared drive on the network, mapped in windows
1/ Is it possible to have the folder 'logs' containing the pcap +
file
deleted|modified in another location (in my F: drive)
- In case Capture HPC or the VM crashes I still have part of the
analysis.
2/ Is it possible to have this folder called differently every-time
(using
the date for instance - logs-0701091018)
- to avoid override the previous analysis
- i tried passing the following parameter
%date:~10,4%%date:~7,2%%date:~4,2%-capture.log but it doesn't work.
And I
don't know how to specify the folder name.
3/ I don't know why but I can't have the folder zipped
automatically once
finished (when I press Enter in the console)
- i tried copying zip, 7zip in the folder, installing different
tools but
the folder is never zipped
- i'd like to have the zip file named differently (based on time for
instance) if the log folder is 'logs', or if the folder itself is
different,
to have this zip file named after (ex: logs-0701091018.zip)
4/ Is there a way to send raw data captured by Capture HPC to another
server different from Capture HPC Server (like netcat or custom
scripts)?
- I am not using VMware because I can't but i can easily control the
environment (restore snapshot for instance)
So if I could retrieve the live analysis over the network, I could
control
the VM.
In other words, I'd like to port some of the Capture HPC Server into
another architecture / Language
5/ If I want to send some instructions to the Capture HPC Client,
without
the Capture HPC Server (like Launch IE at this url), how can I do
it (using
netcat or custom scripts)?
- See 4/
I hope this hasn't been discussed yet (I can't recall this
discussion on
the ML) if so, I apologize and will look more carefully.
Capture HPC is a great tools! I am using it everyday ;)
Thanks Christian,
--
Nicolas
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
--
----
Web: http://www.mcs.vuw.ac.nz/~cseifert
PGP key
http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt
Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583
B046 BAEF
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
