You are correct. I've been at this way too long.
From: capture-hpc-boun...@public.honeynet.org [mailto:capture-hpc-boun...@public.honeynet.org] On Behalf Of Christian Seifert Sent: Thursday, January 21, 2010 8:20 PM To: General discussion list for Capture-HPC users Subject: Re: [Capture-HPC] (no subject) Andre, shouldnt it be the other way around? You run netcat to listen on 7070 on the host os (your fedora) and telnet from your guest os (xp)... On Thu, Jan 21, 2010 at 8:14 PM, Andre Hall <ah...@westcoast.com> wrote: Hi Christian, I installed netcat on my XP VM with the command options to listen on port 7070, then execute cmd.exe >From the terminal in Fedora I was able to telnet to my XP VM on port 7070 where I have access to the command prompt. Does that help you out? From: capture-hpc-boun...@public.honeynet.org [mailto:capture-hpc-boun...@public.honeynet.org] On Behalf Of Christian Seifert Sent: Thursday, January 21, 2010 7:51 PM To: General discussion list for Capture-HPC users Subject: Re: [Capture-HPC] (no subject) can you open a listening tcp connection on port 7070 with another tool - say netcat? On Thu, Jan 21, 2010 at 7:45 PM, Andre Hall <ah...@westcoast.com> wrote: Yes, I'm running as root but I don't see it listening after I run the capture server. From: capture-hpc-boun...@public.honeynet.org [mailto:capture-hpc-boun...@public.honeynet.org] On Behalf Of Christian Seifert Sent: Thursday, January 21, 2010 7:42 PM To: General discussion list for Capture-HPC users Subject: Re: [Capture-HPC] (no subject) After you run the capture server, do you see it listening on port 7070? Maybe its a permission issue? Are you running as root? On Thu, Jan 21, 2010 at 6:54 PM, Andre Hall <ah...@westcoast.com> wrote: Hi Christian, I've confirmed that there's no other service on port 7070. I can't however make any connections on port 7070 via telnet from within the VM. This is the exact problem I'm having with the other kit I have setup (Ubuntu 8.10/ VMWare 1.0.7). These boxes are both new installs on isolated networks before I set the up to test. The instructions you provide with Capture aren't extremely difficult to follow. I really don't see how after at least a half dozen attempts I haven't reached my goal of completing this install. Any other suggestions? -----Original Message----- From: capture-hpc-boun...@public.honeynet.org [mailto:capture-hpc-boun...@public.honeynet.org] On Behalf Of Christian Seifert Sent: Thursday, January 21, 2010 5:08 PM To: General discussion list for Capture-HPC users Cc: <capture-hpc@public.honeynet.org> Subject: Re: [Capture-HPC] (no subject) Andre, looking at the error it may be that there is another process running on port 7070 already. Can you check? After you start the server it should be listening on 7070 and you should be able to connect to it from within the vm. (just use telnet to try) Christian On Jan 21, 2010, at 4:01 PM, "Andre Hall" <ah...@westcoast.com> wrote: > Hello, > > > > > > I've been frantically making an attempt to successfully setting up > Capture-HPC for some testing - about three weeks. I've read both > Readme.txt file for the client and server configurations and I'm hop > ing I'm using a fairly supported platform as I have tried this my se > tup on different Linux OSes and my results are still the same. I ha > ve one system which I'm trying to run Capture's server, VMServer > and the VM clients all from the same machine. Here's a breakdown of > my current configuration. I'm using the latest version of Capture-HP > C - 2.5.1. > > > > Fedora 9 > > VMWare Server 1.0.6 (tgz file was download from VMWare's site. Does > not specify if it contains VIX as all Capture documentation insists) > > I currently have VMWare networking set up with the bridge to eth0, > NAT config for server is 192.168.1.1, no host only config. > > Xinted is installed > > Java 1.6 > > Capture-HPC server files with 'vmware-server IP: 192.168.1.1' > > Path to VMs: /var/lib/vmware/VM/WinXP/WinXP.vmx > > Path to Capture Client on VM: C:\Progra~1\capture\CaptureClient.bat > > > > Guest VM > > Windows XP Professional SP2 (no update or firewall enabled) > > My VM is network currently set to NAT (the VMWare is distributes the > IP to the guest. At startup the IP is 192.168.1.128). > > Visual C++ 2008 Redistributable Package(SP0) > > Internet Explorer 6 > > I unzipped the CaptureClient and ran the executable. The VM > rebooted. I checked the exclusion files and made changes to the > Application.conf file. Is there anything else I didn't do on the cl > ient? Now what? > > > > *Since there aren't any detailed installation instructions for how > VMWare's networking should be configured the assumption is that my c > onfiguration is fine in utilizing NAT. I'm able to lauch my guest VM > and browse the Internet in either setting - NAT or Bridged. The on > ly difference is in Bridged mode my VM acquires and IP from a DHCP s > erver I have on my network. If this is wrong it's an easy fix. > > > > Where I'm running into trouble is at the point of running the server > command. Here is the output I receive: > > > > [r...@seymour capture-server]# java -Djava.net.preferIPv4Stack=true - > jar CaptureServer.jar -s 192.168.1.1 -f input_urls.txt > PROJECT: Capture-HPC > VERSION: 2.5 > DATE: Apr 25, 2008 > COPYRIGHT HOLDER: Victoria University of Wellington, NZ > AUTHORS: > Christian Seifert (christian.seif...@gmail.com) > Ramon Steenson(ramon.steen...@gmail.com) > > Capture-HPC is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License, V2 as > published by > the Free Software Foundation. > > Capture-HPC is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > > You should have received a copy of the GNU General Public License > along with Capture-HPC; if not, write to the Free Software > Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA > 02110-1301,USA > > > Option added: server-listen-port => 904 > Option added: server-listen-address => 192.168.1.1 > Option added: input_urls => input_urls.txt > CaptureServer: exception - java.net.BindException: Address already > in use > java.net.BindException: Address already in use > at java.net.PlainSocketImpl.socketBind(Native Method) > at java.net.AbstractPlainSocketImpl.bind > (AbstractPlainSocketImpl.java:336) > at java.net.ServerSocket.bind(ServerSocket.java:336) > at java.net.ServerSocket.<init>(ServerSocket.java:202) > at capture.ClientsController.run(ClientsController.java:39) > at java.lang.Thread.run(Thread.java:636) > Validating config.xml ... > config.xml successfully validated > Option added: capture-network-packets-benign => false > Option added: capture-network-packets-malicious => false > Option added: client-default => iexplore > Option added: client-default-visit-time => 20 > Option added: client_inactivity_timeout => 60 > Option added: collect-modified-files => true > Option added: different_vm_revert_delay => 24 > Option added: group_size => 20 > Option added: revert_timeout => 120 > Option added: same_vm_revert_delay => 6 > Option added: send-exclusion-lists => false > Option added: terminate => true > Option added: vm_stalled_after_revert_timeout => 120 > Option added: vm_stalled_during_operation_timeout => 300 > ExclusionList: file - FileMonitor.exl: File not found > ExclusionList: process - ProcessMonitor.exl: File not found > ExclusionList: registry - RegistryMonitor.exl: File not found > [192.168.1.1:904] VM added > [Jan 21, 2010 1:18:48 PM-192.168.1.1:902-6259058] VMSetState: > WAITING_TO_BE_REVERTED > PARSING PREPROCESSOR > n is null > Waiting for input URLs... > [Jan 21, 2010 1:18:51 PM-192.168.1.1:904-6259058] VMSetState: > REVERTING > VIX Error on connect in connect: The system returned an error. > Communication with the virtual machine may have been interrupted > E Disconnected > [Jan 21, 2010 1:18:56 PM 192.168.1.1:904-6259058] VMware error 255 > [Jan 21, 2010 1:18:56 PM-192.168.1.1:904-6259058] VMSetState: ERROR > Reverting different VM...waiting considerably > [Jan 21, 2010 1:19:20 PM-192.168.1.1:904-6259058] Finished > processing VM item: revert > > > > > > I've tried the configuration a number of ways and I can't seem to > figure out the cause of the error. The troubleshooting page indicat > es the VIX error could possibly be IP and port of the virtual machin > e-server setting in config.xml - the VMWare server console and the V > Ms all reside on the same machine. I've tried the localhost IP addre > ss, the IP issued by my DHCP server (10.10.10.13) as well as the VMW > are NAT network server IP address (192.168.1.1) . I've even switche > d the XP VM networking to Bridged which doesn't seem to help. I can > telnet to the 904 port where I get the VMWare Authentication service > running. I'm baffled that I'm having this much trouble in this > self contained environment. All the connections are taking place on > the same machine. > > > > I would really appreciate some help with this. I have spent a great > deal of time troubleshooting this issue and trying to get started in > using Capture. As I'm not a novice to networking, Linux, or virtual > machines help from the most knowledgeable of this project is welcomed. > > > > > > Thanks in advance. > > > > > > This e-mail and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please > notify the sender by replying to this e-mail. Replies to this email > may be monitored by the Haymarket Group for operational or business > reasons. Whilst every endeavour is taken to ensure that e-mails are > free from viruses, no liability can be accepted and the recipient is > requested to use their own virus checking software. > www.haymarket.com Haymarket Media Group Limited Registered in > England no. 267189 Registered Office: 174 Hammersmith Road, London > W6 7JP --ES > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc -- ---- Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert PGP key http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt <http://homepages.ecs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to this e-mail. Replies to this email may be monitored by the Haymarket Group for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software. www.haymarket.com Haymarket Media Group Limited Registered in England no. 267189 Registered Office: 174 Hammersmith Road, London W6 7JP --ES _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc -- ---- Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert PGP key http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt <http://homepages.ecs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc -- ---- Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert PGP key http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
