Hello
I've been frantically making an attempt to successfully setting up
Capture-HPC for some testing - about three weeks. I've read both
Readme.txt file for the client and server configurations and I'm hoping
I'm using a fairly supported platform as I have tried this my setup on
different Linux OSes and my results are still the same. I have one
system which I'm trying to run Capture's server, VMServer and the VM
clients all from the same machine. Here's a breakdown of my current
configuration. I'm using the latest version of Capture-HPC - 2.5.1.
Fedora 9
VMWare Server 1.0.6 (tgz file was download from VMWare's site. Does not
specify if it contains VIX as all Capture documentation insists)
I currently have VMWare networking set up with the bridge to eth0, NAT
config for server is 192.168.1.1, no host only config.
Xinted is installed
Java 1.6
Capture-HPC server files with 'vmware-server IP: 192.168.1.1'
Path to VMs: /var/lib/vmware/VM/WinXP/WinXP.vmx
Path to Capture Client on VM: C:\Progra~1\capture\CaptureClient.bat
Guest VM
Windows XP Professional SP2 (no update or firewall enabled)
My VM is network currently set to NAT (the VMWare is distributes the IP
to the guest. At startup the IP is 192.168.1.128).
Visual C++ 2008 Redistributable Package(SP0)
Internet Explorer 6
I unzipped the CaptureClient and ran the executable. The VM rebooted. I
checked the exclusion files and made changes to the Application.conf
file. Is there anything else I didn't do on the client? Now what?
*Since there aren't any detailed installation instructions for how
VMWare's networking should be configured the assumption is that my
configuration is fine in utilizing NAT. I'm able to lauch my guest VM
and browse the Internet in either setting - NAT or Bridged. The only
difference is in Bridged mode my VM acquires and IP from a DHCP server I
have on my network. If this is wrong it's an easy fix.
Where I'm running into trouble is at the point of running the server
command. Here is the output I receive:
[r...@seymour capture-server]# java -Djava.net.preferIPv4Stack=true -jar
CaptureServer.jar -s 192.168.1.1 -f input_urls.txt
PROJECT: Capture-HPC
VERSION: 2.5
DATE: Apr 25, 2008
COPYRIGHT HOLDER: Victoria University of Wellington, NZ
AUTHORS:
Christian Seifert (christian.seif...@gmail.com)
Ramon Steenson(ramon.steen...@gmail.com)
Capture-HPC is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License, V2 as published by
the Free Software Foundation.
Capture-HPC is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Capture-HPC; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
02110-1301,USA
Option added: server-listen-port => 904
Option added: server-listen-address => 192.168.1.1
Option added: input_urls => input_urls.txt
CaptureServer: exception - java.net.BindException: Address already in
use
java.net.BindException: Address already in use
at java.net.PlainSocketImpl.socketBind(Native Method)
at
java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:336)
at java.net.ServerSocket.bind(ServerSocket.java:336)
at java.net.ServerSocket.<init>(ServerSocket.java:202)
at capture.ClientsController.run(ClientsController.java:39)
at java.lang.Thread.run(Thread.java:636)
Validating config.xml ...
config.xml successfully validated
Option added: capture-network-packets-benign => false
Option added: capture-network-packets-malicious => false
Option added: client-default => iexplore
Option added: client-default-visit-time => 20
Option added: client_inactivity_timeout => 60
Option added: collect-modified-files => true
Option added: different_vm_revert_delay => 24
Option added: group_size => 20
Option added: revert_timeout => 120
Option added: same_vm_revert_delay => 6
Option added: send-exclusion-lists => false
Option added: terminate => true
Option added: vm_stalled_after_revert_timeout => 120
Option added: vm_stalled_during_operation_timeout => 300
ExclusionList: file - FileMonitor.exl: File not found
ExclusionList: process - ProcessMonitor.exl: File not found
ExclusionList: registry - RegistryMonitor.exl: File not found
[192.168.1.1:904] VM added
[Jan 21, 2010 1:18:48 PM-192.168.1.1:902-6259058] VMSetState:
WAITING_TO_BE_REVERTED
PARSING PREPROCESSOR
n is null
Waiting for input URLs...
[Jan 21, 2010 1:18:51 PM-192.168.1.1:904-6259058] VMSetState: REVERTING
VIX Error on connect in connect: The system returned an error.
Communication with the virtual machine may have been interrupted
E Disconnected
[Jan 21, 2010 1:18:56 PM 192.168.1.1:904-6259058] VMware error 255
[Jan 21, 2010 1:18:56 PM-192.168.1.1:904-6259058] VMSetState: ERROR
Reverting different VM...waiting considerably
[Jan 21, 2010 1:19:20 PM-192.168.1.1:904-6259058] Finished processing VM
item: revert
I've tried the configuration a number of ways and I can't seem to figure
out the cause of the error. The troubleshooting page indicates the VIX
error could possibly be IP and port of the virtual machine-server
setting in config.xml - the VMWare server console and the VMs all reside
on the same machine. I've tried the localhost IP address, the IP issued
by my DHCP server (10.10.10.13) as well as the VMWare NAT network
server IP address (192.168.1.1) . I've even switched the XP VM
networking to Bridged which doesn't seem to help. I can telnet to the
904 port where I get the VMWare Authentication service running. I'm
baffled that I'm having this much trouble in this self contained
environment. All the connections are taking place on the same machine.
I would really appreciate some help with this. I have spent a great deal
of time troubleshooting this issue and trying to get started in using
Capture. As I'm not a novice to networking, Linux, or virtual machines
help from the most knowledgeable of this project is welcomed.
Thanks in advance.
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender by replying to this e-mail.
Replies to this email may be monitored by the Haymarket Group
for operational or business reasons.
Whilst every endeavour is taken to ensure that e-mails are free from
viruses, no liability can be accepted and the recipient is requested
to use their own virus checking software.
www.haymarket.com
Haymarket Media Group Limited
Registered in England no. 267189
Registered Office: 174 Hammersmith Road, London W6 7JP
--ES
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
