Sure…here you are.
[r...@seymour ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1C:25:52:53:BA
inet addr:192.168.10.13 Bcast:192.168.10.255 Mask:
255.255.255.0
inet6 addr: fe80::21c:25ff:fe52:53ba/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:627 errors:0 dropped:0 overruns:0 frame:0
TX packets:214 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:78013 (76.1 KiB) TX bytes:22667 (22.1 KiB)
Interrupt:19
eth1 Link encap:Ethernet HWaddr 00:14:C1:4B:C0:04
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:21 Base address:0x8000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5006 errors:0 dropped:0 overruns:0 frame:0
TX packets:5006 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:256436 (250.4 KiB) TX bytes:256436 (250.4 KiB)
vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:
255.255.255.0
inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
From: capture-hpc-boun...@public.honeynet.org [mailto:capture-hpc-
boun...@public.honeynet.org] On Behalf Of Christian Seifert
Sent: Thursday, January 21, 2010 10:01 PM
To: General discussion list for Capture-HPC users
Cc: General discussion list for Capture-HPC users
Subject: Re: [Capture-HPC] (no subject)
could you send the output of ifconfig cmd?
On Jan 21, 2010, at 8:44 PM, "Andre Hall" <ah...@westcoast.com> wrote:
So….with nc –l 7070 on running the host side I telnet from the XP
VM and I get a blank screen…I’m connected to my host terminal
From: capture-hpc-boun...@public.honeynet.org [mailto:capture-hpc-
boun...@public.honeynet.org] On Behalf Of Christian Seifert
Sent: Thursday, January 21, 2010 8:20 PM
To: General discussion list for Capture-HPC users
Subject: Re: [Capture-HPC] (no subject)
Andre, shouldnt it be the other way around?
You run netcat to listen on 7070 on the host os (your fedora) and
telnet from your guest os (xp)...
On Thu, Jan 21, 2010 at 8:14 PM, Andre Hall <ah...@westcoast.com>
wrote:
Hi Christian,
I installed netcat on my XP VM with the command options to listen on
port 7070, then execute cmd.exe
From the terminal in Fedora I was able to telnet to my XP VM on port
7070 where I have access to the command prompt. Does that help you
out?
From: capture-hpc-boun...@public.honeynet.org [mailto:capture-hpc-
boun...@public.honeynet.org] On Behalf Of Christian Seifert
Sent: Thursday, January 21, 2010 7:51 PM
To: General discussion list for Capture-HPC users
Subject: Re: [Capture-HPC] (no subject)
can you open a listening tcp connection on port 7070 with another
tool - say netcat?
On Thu, Jan 21, 2010 at 7:45 PM, Andre Hall <ah...@westcoast.com>
wrote:
Yes, I’m running as root but I don’t see it listening after I run
the capture server.
From: capture-hpc-boun...@public.honeynet.org [mailto:capture-hpc-
boun...@public.honeynet.org] On Behalf Of Christian Seifert
Sent: Thursday, January 21, 2010 7:42 PM
To: General discussion list for Capture-HPC users
Subject: Re: [Capture-HPC] (no subject)
After you run the capture server, do you see it listening on port
7070? Maybe its a permission issue? Are you running as root?
On Thu, Jan 21, 2010 at 6:54 PM, Andre Hall <ah...@westcoast.com>
wrote:
Hi Christian,
I've confirmed that there's no other service on port 7070. I can't
however make any connections on port 7070 via telnet from within the
VM. This is the exact problem I'm having with the other kit I have
setup (Ubuntu 8.10/ VMWare 1.0.7). These boxes are both new installs
on isolated networks before I set the up to test.
The instructions you provide with Capture aren't extremely difficult
to follow. I really don't see how after at least a half dozen
attempts I haven't reached my goal of completing this install.
Any other suggestions?
-----Original Message-----
From: capture-hpc-boun...@public.honeynet.org [mailto:capture-hpc-
boun...@public.honeynet.org] On Behalf Of Christian Seifert
Sent: Thursday, January 21, 2010 5:08 PM
To: General discussion list for Capture-HPC users
Cc: <capture-hpc@public.honeynet.org>
Subject: Re: [Capture-HPC] (no subject)
Andre, looking at the error it may be that there is another process
running on port 7070 already. Can you check?
After you start the server it should be listening on 7070 and you
should be able to connect to it from within the vm. (just use telnet
to try)
Christian
On Jan 21, 2010, at 4:01 PM, "Andre Hall" <ah...@westcoast.com> wrote:
> Hello,
>
>
>
>
>
> I’ve been frantically making an attempt to successfully setting
up
> Capture-HPC for some testing – about three weeks. I’ve read bo
th
> Readme.txt file for the client and server configurations and I’m h
op
> ing I’m using a fairly supported platform as I have tried this my
se
> tup on different Linux OSes and my results are still the same. I ha
> ve one system which I’m trying to run Capture’s server, VMServer
> and the VM clients all from the same machine. Here’s a breakdown
of
> my current configuration. I’m using the latest version of Capture-
HP
> C - 2.5.1.
>
>
>
> Fedora 9
>
> VMWare Server 1.0.6 (tgz file was download from VMWare’s site. Do
es
> not specify if it contains VIX as all Capture documentation insists)
>
> I currently have VMWare networking set up with the bridge to eth0,
> NAT config for server is 192.168.1.1, no host only config.
>
> Xinted is installed
>
> Java 1.6
>
> Capture-HPC server files with ‘vmware-server IP: 192.168.1.1’
>
> Path to VMs: /var/lib/vmware/VM/WinXP/WinXP.vmx
>
> Path to Capture Client on VM: C:\Progra~1\capture\CaptureClient.bat
>
>
>
> Guest VM
>
> Windows XP Professional SP2 (no update or firewall enabled)
>
> My VM is network currently set to NAT (the VMWare is distributes the
> IP to the guest. At startup the IP is 192.168.1.128).
>
> Visual C++ 2008 Redistributable Package(SP0)
>
> Internet Explorer 6
>
> I unzipped the CaptureClient and ran the executable. The VM
> rebooted. I checked the exclusion files and made changes to the
> Application.conf file. Is there anything else I didn’t do on the
cl
> ient? Now what?
>
>
>
> *Since there aren’t any detailed installation instructions for h
ow
> VMWare’s networking should be configured the assumption is that my
c
> onfiguration is fine in utilizing NAT. I’m able to lauch my guest
VM
> and browse the Internet in either setting – NAT or Bridged. The
on
> ly difference is in Bridged mode my VM acquires and IP from a DHCP s
> erver I have on my network. If this is wrong it’s an easy fix.
>
>
>
> Where I’m running into trouble is at the point of running the serv
er
> command. Here is the output I receive:
>
>
>
> [r...@seymour capture-server]# java -
Djava.net.preferIPv4Stack=true -
> jar CaptureServer.jar -s 192.168.1.1 -f input_urls.txt
> PROJECT: Capture-HPC
> VERSION: 2.5
> DATE: Apr 25, 2008
> COPYRIGHT HOLDER: Victoria University of Wellington, NZ
> AUTHORS:
> Christian Seifert (christian.seif...@gmail.com)
> Ramon Steenson(ramon.steen...@gmail.com)
>
> Capture-HPC is free software; you can redistribute it and/or modify
> it under the terms of the GNU General Public License, V2 as
> published by
> the Free Software Foundation.
>
> Capture-HPC is distributed in the hope that it will be useful,
> but WITHOUT ANY WARRANTY; without even the implied warranty of
> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> GNU General Public License for more details.
>
> You should have received a copy of the GNU General Public License
> along with Capture-HPC; if not, write to the Free Software
> Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
> 02110-1301,USA
>
>
> Option added: server-listen-port => 904
> Option added: server-listen-address => 192.168.1.1
> Option added: input_urls => input_urls.txt
> CaptureServer: exception - java.net.BindException: Address already
> in use
> java.net.BindException: Address already in use
> at java.net.PlainSocketImpl.socketBind(Native Method)
> at java.net.AbstractPlainSocketImpl.bind
> (AbstractPlainSocketImpl.java:336)
> at java.net.ServerSocket.bind(ServerSocket.java:336)
> at java.net.ServerSocket.<init>(ServerSocket.java:202)
> at capture.ClientsController.run(ClientsController.java:39)
> at java.lang.Thread.run(Thread.java:636)
> Validating config.xml ...
> config.xml successfully validated
> Option added: capture-network-packets-benign => false
> Option added: capture-network-packets-malicious => false
> Option added: client-default => iexplore
> Option added: client-default-visit-time => 20
> Option added: client_inactivity_timeout => 60
> Option added: collect-modified-files => true
> Option added: different_vm_revert_delay => 24
> Option added: group_size => 20
> Option added: revert_timeout => 120
> Option added: same_vm_revert_delay => 6
> Option added: send-exclusion-lists => false
> Option added: terminate => true
> Option added: vm_stalled_after_revert_timeout => 120
> Option added: vm_stalled_during_operation_timeout => 300
> ExclusionList: file - FileMonitor.exl: File not found
> ExclusionList: process - ProcessMonitor.exl: File not found
> ExclusionList: registry - RegistryMonitor.exl: File not found
> [192.168.1.1:904] VM added
> [Jan 21, 2010 1:18:48 PM-192.168.1.1:902-6259058] VMSetState:
> WAITING_TO_BE_REVERTED
> PARSING PREPROCESSOR
> n is null
> Waiting for input URLs...
> [Jan 21, 2010 1:18:51 PM-192.168.1.1:904-6259058] VMSetState:
> REVERTING
> VIX Error on connect in connect: The system returned an error.
> Communication with the virtual machine may have been interrupted
> E Disconnected
> [Jan 21, 2010 1:18:56 PM 192.168.1.1:904-6259058] VMware error 255
> [Jan 21, 2010 1:18:56 PM-192.168.1.1:904-6259058] VMSetState: ERROR
> Reverting different VM...waiting considerably
> [Jan 21, 2010 1:19:20 PM-192.168.1.1:904-6259058] Finished
> processing VM item: revert
>
>
>
>
>
> I’ve tried the configuration a number of ways and I can’t seem
to
> figure out the cause of the error. The troubleshooting page indicat
> es the VIX error could possibly be IP and port of the virtual machin
> e-server setting in config.xml – the VMWare server console and the
V
> Ms all reside on the same machine. I’ve tried the localhost IP add
re
> ss, the IP issued by my DHCP server (10.10.10.13) as well as the VMW
> are NAT network server IP address (192.168.1.1) . I’ve even switc
he
> d the XP VM networking to Bridged which doesn’t seem to help. I c
an
> telnet to the 904 port where I get the VMWare Authentication service
> running. I’m baffled that I’m having this much trouble in this
> self contained environment. All the connections are taking place on
> the same machine.
>
>
>
> I would really appreciate some help with this. I have spent a great
> deal of time troubleshooting this issue and trying to get started in
> using Capture. As I’m not a novice to networking, Linux, or virtu
al
> machines help from the most knowledgeable of this project is
welcomed.
>
>
>
>
>
> Thanks in advance.
>
>
>
>
>
> This e-mail and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please
> notify the sender by replying to this e-mail. Replies to this email
> may be monitored by the Haymarket Group for operational or business
> reasons. Whilst every endeavour is taken to ensure that e-mails are
> free from viruses, no liability can be accepted and the recipient is
> requested to use their own virus checking software.
> www.haymarket.com Haymarket Media Group Limited Registered in
> England no. 267189 Registered Office: 174 Hammersmith Road, London
> W6 7JP --ES
> _______________________________________________
> Capture-HPC mailing list
> Capture-HPC@public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/capture-hpc
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
--
----
Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert
PGP key
http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt
Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583
B046 BAEF
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please
notify the sender by replying to this e-mail. Replies to this email
may be monitored by the Haymarket Group for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are
free from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
www.haymarket.com Haymarket Media Group Limited Registered in
England no. 267189 Registered Office: 174 Hammersmith Road, London
W6 7JP --ES
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
--
----
Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert
PGP key
http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt
Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583
B046 BAEF
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
--
----
Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert
PGP key
http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt
Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583
B046 BAEF
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
