After you run the capture server, do you see it listening on port 7070? Maybe its a permission issue? Are you running as root?
On Thu, Jan 21, 2010 at 6:54 PM, Andre Hall <ah...@westcoast.com> wrote: > Hi Christian, > > > I've confirmed that there's no other service on port 7070. I can't however > make any connections on port 7070 via telnet from within the VM. This is the > exact problem I'm having with the other kit I have setup (Ubuntu 8.10/ > VMWare 1.0.7). These boxes are both new installs on isolated networks before > I set the up to test. > > The instructions you provide with Capture aren't extremely difficult to > follow. I really don't see how after at least a half dozen attempts I > haven't reached my goal of completing this install. > > > Any other suggestions? > > > > -----Original Message----- > From: capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] On Behalf Of Christian Seifert > Sent: Thursday, January 21, 2010 5:08 PM > To: General discussion list for Capture-HPC users > Cc: <capture-hpc@public.honeynet.org> > Subject: Re: [Capture-HPC] (no subject) > > Andre, looking at the error it may be that there is another process > running on port 7070 already. Can you check? > > After you start the server it should be listening on 7070 and you > should be able to connect to it from within the vm. (just use telnet > to try) > > Christian > > > > On Jan 21, 2010, at 4:01 PM, "Andre Hall" <ah...@westcoast.com> wrote: > > > Hello, > > > > > > > > > > > > I’ve been frantically making an attempt to successfully setting up > > Capture-HPC for some testing – about three weeks. I’ve read both > > Readme.txt file for the client and server configurations and I’m hop > > ing I’m using a fairly supported platform as I have tried this my se > > tup on different Linux OSes and my results are still the same. I ha > > ve one system which I’m trying to run Capture’s server, VMServer > > and the VM clients all from the same machine. Here’s a breakdown of > > my current configuration. I’m using the latest version of Capture-HP > > C - 2.5.1. > > > > > > > > Fedora 9 > > > > VMWare Server 1.0.6 (tgz file was download from VMWare’s site. Does > > not specify if it contains VIX as all Capture documentation insists) > > > > I currently have VMWare networking set up with the bridge to eth0, > > NAT config for server is 192.168.1.1, no host only config. > > > > Xinted is installed > > > > Java 1.6 > > > > Capture-HPC server files with ‘vmware-server IP: 192.168.1.1’ > > > > Path to VMs: /var/lib/vmware/VM/WinXP/WinXP.vmx > > > > Path to Capture Client on VM: C:\Progra~1\capture\CaptureClient.bat > > > > > > > > Guest VM > > > > Windows XP Professional SP2 (no update or firewall enabled) > > > > My VM is network currently set to NAT (the VMWare is distributes the > > IP to the guest. At startup the IP is 192.168.1.128). > > > > Visual C++ 2008 Redistributable Package(SP0) > > > > Internet Explorer 6 > > > > I unzipped the CaptureClient and ran the executable. The VM > > rebooted. I checked the exclusion files and made changes to the > > Application.conf file. Is there anything else I didn’t do on the cl > > ient? Now what? > > > > > > > > *Since there aren’t any detailed installation instructions for how > > VMWare’s networking should be configured the assumption is that my c > > onfiguration is fine in utilizing NAT. I’m able to lauch my guest VM > > and browse the Internet in either setting – NAT or Bridged. The on > > ly difference is in Bridged mode my VM acquires and IP from a DHCP s > > erver I have on my network. If this is wrong it’s an easy fix. > > > > > > > > Where I’m running into trouble is at the point of running the server > > command. Here is the output I receive: > > > > > > > > [r...@seymour capture-server]# java -Djava.net.preferIPv4Stack=true - > > jar CaptureServer.jar -s 192.168.1.1 -f input_urls.txt > > PROJECT: Capture-HPC > > VERSION: 2.5 > > DATE: Apr 25, 2008 > > COPYRIGHT HOLDER: Victoria University of Wellington, NZ > > AUTHORS: > > Christian Seifert (christian.seif...@gmail.com) > > Ramon Steenson(ramon.steen...@gmail.com) > > > > Capture-HPC is free software; you can redistribute it and/or modify > > it under the terms of the GNU General Public License, V2 as > > published by > > the Free Software Foundation. > > > > Capture-HPC is distributed in the hope that it will be useful, > > but WITHOUT ANY WARRANTY; without even the implied warranty of > > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > GNU General Public License for more details. > > > > You should have received a copy of the GNU General Public License > > along with Capture-HPC; if not, write to the Free Software > > Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA > > 02110-1301,USA > > > > > > Option added: server-listen-port => 904 > > Option added: server-listen-address => 192.168.1.1 > > Option added: input_urls => input_urls.txt > > CaptureServer: exception - java.net.BindException: Address already > > in use > > java.net.BindException: Address already in use > > at java.net.PlainSocketImpl.socketBind(Native Method) > > at java.net.AbstractPlainSocketImpl.bind > > (AbstractPlainSocketImpl.java:336) > > at java.net.ServerSocket.bind(ServerSocket.java:336) > > at java.net.ServerSocket.<init>(ServerSocket.java:202) > > at capture.ClientsController.run(ClientsController.java:39) > > at java.lang.Thread.run(Thread.java:636) > > Validating config.xml ... > > config.xml successfully validated > > Option added: capture-network-packets-benign => false > > Option added: capture-network-packets-malicious => false > > Option added: client-default => iexplore > > Option added: client-default-visit-time => 20 > > Option added: client_inactivity_timeout => 60 > > Option added: collect-modified-files => true > > Option added: different_vm_revert_delay => 24 > > Option added: group_size => 20 > > Option added: revert_timeout => 120 > > Option added: same_vm_revert_delay => 6 > > Option added: send-exclusion-lists => false > > Option added: terminate => true > > Option added: vm_stalled_after_revert_timeout => 120 > > Option added: vm_stalled_during_operation_timeout => 300 > > ExclusionList: file - FileMonitor.exl: File not found > > ExclusionList: process - ProcessMonitor.exl: File not found > > ExclusionList: registry - RegistryMonitor.exl: File not found > > [192.168.1.1:904] VM added > > [Jan 21, 2010 1:18:48 PM-192.168.1.1:902-6259058] VMSetState: > > WAITING_TO_BE_REVERTED > > PARSING PREPROCESSOR > > n is null > > Waiting for input URLs... > > [Jan 21, 2010 1:18:51 PM-192.168.1.1:904-6259058] VMSetState: > > REVERTING > > VIX Error on connect in connect: The system returned an error. > > Communication with the virtual machine may have been interrupted > > E Disconnected > > [Jan 21, 2010 1:18:56 PM 192.168.1.1:904-6259058] VMware error 255 > > [Jan 21, 2010 1:18:56 PM-192.168.1.1:904-6259058] VMSetState: ERROR > > Reverting different VM...waiting considerably > > [Jan 21, 2010 1:19:20 PM-192.168.1.1:904-6259058] Finished > > processing VM item: revert > > > > > > > > > > > > I’ve tried the configuration a number of ways and I can’t seem to > > figure out the cause of the error. The troubleshooting page indicat > > es the VIX error could possibly be IP and port of the virtual machin > > e-server setting in config.xml – the VMWare server console and the V > > Ms all reside on the same machine. I’ve tried the localhost IP addre > > ss, the IP issued by my DHCP server (10.10.10.13) as well as the VMW > > are NAT network server IP address (192.168.1.1) . I’ve even switche > > d the XP VM networking to Bridged which doesn’t seem to help. I can > > telnet to the 904 port where I get the VMWare Authentication service > > running. I’m baffled that I’m having this much trouble in this > > self contained environment. All the connections are taking place on > > the same machine. > > > > > > > > I would really appreciate some help with this. I have spent a great > > deal of time troubleshooting this issue and trying to get started in > > using Capture. As I’m not a novice to networking, Linux, or virtual > > machines help from the most knowledgeable of this project is welcomed. > > > > > > > > > > > > Thanks in advance. > > > > > > > > > > > > This e-mail and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please > > notify the sender by replying to this e-mail. Replies to this email > > may be monitored by the Haymarket Group for operational or business > > reasons. Whilst every endeavour is taken to ensure that e-mails are > > free from viruses, no liability can be accepted and the recipient is > > requested to use their own virus checking software. > > www.haymarket.com Haymarket Media Group Limited Registered in > > England no. 267189 Registered Office: 174 Hammersmith Road, London > > W6 7JP --ES > > _______________________________________________ > > Capture-HPC mailing list > > Capture-HPC@public.honeynet.org > > https://public.honeynet.org/mailman/listinfo/capture-hpc > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > -- ---- Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert PGP key http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc