Re: [Capture-HPC] Capture-3.0 Questions

Mon, 02 Nov 2009 12:00:01 -0800 

Ferran, thanks for your feedback.
Re version 2.6 issues, I am unsure whether they will exist in 3.0 as 2.6 was never released and therefore didn't receive a lot of testing. 


I would appreciate if you could take a look at 3.0 and let us know  
(via a ticket) on whether you are still encountering these issues.



also to answer your question: 3.0 should work on win7. let us know if  
you have any issues.


thanks
Christian




On Nov 2, 2009, at 5:02 AM, Ferran Pichel <fpic...@isecauditors.com>  
wrote:



On Sunday 01 November 2009 21:18:15 Christian Seifert wrote:

Folks,


after a year of silence, we are releasing a new version of Capture- 
HPC
3.0.0 beta. The new functionality is a mix of some longer term  
efforts of

Ramon (Connection Monitor) and myself (pcap postprocessor) as well as
improvements that resulted from the Google Summer of Code project (DB

integration) by our student Van Lam Le (mentored by Peter  
Komisarczuk from

the New Zealand Honeynet Project Chapter).

You can download the new version from the Beta Release section at
https://projects.honeynet.org/capture-hpc/wiki/Releases.

Capture-HPC 3.0.0 contains the following new features:

+ added connection monitor that can alert on connection/listening  
events on
the network. This could be used to identify attacks that merely  
reside in

memory.
+ added support for a backend mysql or postgress database

+ added post processor plugin architecture. Postprocessors allow to  
perform

actions on classified URLs.

+ added a post processor that analyzes the network data of a  
classified
URL. It extracts DNS information, HTTP requests and determines  
whether any
domain name is part of a fast flux network. Note that this post  
processor
only works with a group size of 1. Otherwise the network of the  
entire

group is analyzed.

It is a beta release and as such as not received as much testing as
official releases. I am getting this release in front of you all to

solicit some of your support in testing this beta prior to the  
official

release. I need a few volunteers that take a look at specific
functionality:
- DB integration mysql
- DB integration postgress
- Connection montior
- Pcap postprocessor
- regression

Pls reply to me directly if you can take on one of these areas, so  
I know

which ones get appropriate coverage.

As you identify issues, pls file a ticket in our ticketing system at

https://projects.honeynet.org/capture-hpc/newticket. (be sure to  
select

version 3.0.0)


We have done some cursory testing and already identified some  
issues, which

are listed under https://projects.honeynet.org/capture-hpc/report/2 .

Christian


Hi everybody!


We have some doubts with capture2.6 and we would like to know if  
they have

been solved in capture3.0.

- Windows 7 is supported by Capture-3.0?

- Sometimes the inclusion/exclusion lists are not working correctly.  
It seems
a random behaviour, today is OK and maybe tomorrow Fails. Any  
suggestion? The

syntax is OK, we can asure you that.

- Finally, we have had some misterious problems with Vista  
environment, any

Idea?

That's all for today :) Thank you for you attention.

Regards.
--
_________________________________
Ferran Pichel Llaquet
Analista en Seguridad
CEH
Dpto. de Auditoría
fpic...@isecauditors.com

Internet Security Auditors
www.isecauditors.com

c. Santander, 101. Edif. A. 2º
E-08030 Barcelona (Spain)
Tel: +34 93 305 13 18
Fax: +34 93 278 22 48

Pº. de la Castellana, 164-166. Entlo. 1ª
E-28046 Madrid (Spain)
Tel: +34 91 788 57 78
Fax: +34 91 788 57 01
____________________________________

Este mensaje y los documentos que, en su caso lleve anexos, pueden  
contener

información CONFIDENCIAL. Por ello, se informa al destinatario que la

información contenida en el mismo es reservada y su uso no autorizad 
o,
publicación o difusión, entera o parcialmente, tanto en formato o me 
dio físico
como electrónico, sin el previo consentimiento de Internet Security  
Auditors,

está prohibida legalmente.


Si ha recibido este correo por error, le rogamos que nos lo  
comunique por la
misma vía o por teléfono (+34 93 305 13 18), se abstenga derealizar  
copias del
mensaje o remitirlo o entregarlo a otra persona y proceda a borrarlo  
de

inmediato.


En cumplimiento de la Ley Orgánica 15/1999 de 13 de diciembre de pro 
tección de
datos de carácter personal, Internet Security Auditors, le informa d 
e que sus
datos personales se han incluido en ficheros informatizados  
titularidad de
Internet Security Auditors, que será el único destinatario de dichos 
 datos, y
cuya finalidad exclusiva es la gestión de clientes y acciones de com 
unicación
comercial, y de que tiene la posibilidad de ejercer los derechos de  
acceso,
rectificación, cancelación y oposición previstos en la ley  
mediante carta
dirigida a Internet Security Auditors, c. Santander, 101. Edif. A. 2 
º, E-08030

Barcelona, o vía e-mail a la siguiente dirección de correo:
le...@isecauditors.com
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc

_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc






















					Reply via email to