I think I know: you need to start capture server with the port 7070:
Example: java -Djava.net.preferIPv4Stack=true -jar CaptureServer.jar -s <IP listening address>:*<IP listening port>* -f input_uris.txt. >From your output below, seems like you dont specify a port and it defaults to 904...not sure why it chooses that one as a default... try 7070 --- if it still doesnt work, pls send your config.xml file... On Thu, Jan 21, 2010 at 10:29 PM, Andre Hall <ah...@westcoast.com> wrote: > Now you know how I feel. :o) > > > > I’m sure you’re currently running capture servers. What OS are you running > on the host and which version of VMWare. My configuration does meet the > requirements correct? VMWare network configuration OK? I’m trying to > eliminate all differences necessary. I just want to get this thing going. So > far I out of luck. L > > Hope you can figure this out? > > > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Christian Seifert > *Sent:* Thursday, January 21, 2010 10:23 PM > > *To:* General discussion list for Capture-HPC users > *Cc:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] (no subject) > > > > Andre, bit baffled be this. Let me think a bit what we could try next ... > I'll get back to you... > > > > Christian > > > On Jan 21, 2010, at 10:11 PM, "Andre Hall" <ah...@westcoast.com> wrote: > > Sure…here you are. > > > > [r...@seymour ~]# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:1C:25:52:53:BA > > inet addr:192.168.10.13 Bcast:192.168.10.255 Mask:255.255.255.0 > > inet6 addr: fe80::21c:25ff:fe52:53ba/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:627 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:214 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:78013 (76.1 KiB) TX bytes:22667 (22.1 KiB) > > Interrupt:19 > > > > eth1 Link encap:Ethernet HWaddr 00:14:C1:4B:C0:04 > > UP BROADCAST MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > Interrupt:21 Base address:0x8000 > > > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:5006 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:5006 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:256436 (250.4 KiB) TX bytes:256436 (250.4 KiB) > > > > vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08 > > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 > > inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:25 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > > > > > > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Christian Seifert > *Sent:* Thursday, January 21, 2010 10:01 PM > *To:* General discussion list for Capture-HPC users > *Cc:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] (no subject) > > > > could you send the output of ifconfig cmd? > > > On Jan 21, 2010, at 8:44 PM, "Andre Hall" <ah...@westcoast.com> wrote: > > So….with nc –l 7070 on running the host side I telnet from the XP VM and > I get a blank screen…I’m connected to my host terminal > > > > > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Christian Seifert > *Sent:* Thursday, January 21, 2010 8:20 PM > *To:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] (no subject) > > > > Andre, shouldnt it be the other way around? > > You run netcat to listen on 7070 on the host os (your fedora) and telnet > from your guest os (xp)... > > On Thu, Jan 21, 2010 at 8:14 PM, Andre Hall <ah...@westcoast.com> wrote: > > Hi Christian, > > > > I installed netcat on my XP VM with the command options to listen on port > 7070, then execute cmd.exe > > > > From the terminal in Fedora I was able to telnet to my XP VM on port 7070 > where I have access to the command prompt. Does that help you out? > > > > > > > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Christian Seifert > *Sent:* Thursday, January 21, 2010 7:51 PM > > > *To:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] (no subject) > > > > can you open a listening tcp connection on port 7070 with another tool - > say netcat? > > On Thu, Jan 21, 2010 at 7:45 PM, Andre Hall <ah...@westcoast.com> wrote: > > Yes, I’m running as root but I don’t see it listening after I run the > capture server. > > > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Christian Seifert > *Sent:* Thursday, January 21, 2010 7:42 PM > > > *To:* General discussion list for Capture-HPC users > > *Subject:* Re: [Capture-HPC] (no subject) > > > > After you run the capture server, do you see it listening on port 7070? > Maybe its a permission issue? Are you running as root? > > On Thu, Jan 21, 2010 at 6:54 PM, Andre Hall <ah...@westcoast.com> wrote: > > Hi Christian, > > > I've confirmed that there's no other service on port 7070. I can't however > make any connections on port 7070 via telnet from within the VM. This is the > exact problem I'm having with the other kit I have setup (Ubuntu 8.10/ > VMWare 1.0.7). These boxes are both new installs on isolated networks before > I set the up to test. > > The instructions you provide with Capture aren't extremely difficult to > follow. I really don't see how after at least a half dozen attempts I > haven't reached my goal of completing this install. > > > Any other suggestions? > > > > > -----Original Message----- > From: capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] On Behalf Of Christian Seifert > Sent: Thursday, January 21, 2010 5:08 PM > To: General discussion list for Capture-HPC users > Cc: <capture-hpc@public.honeynet.org> > Subject: Re: [Capture-HPC] (no subject) > > Andre, looking at the error it may be that there is another process > running on port 7070 already. Can you check? > > After you start the server it should be listening on 7070 and you > should be able to connect to it from within the vm. (just use telnet > to try) > > Christian > > > > On Jan 21, 2010, at 4:01 PM, "Andre Hall" <ah...@westcoast.com> wrote: > > > Hello, > > > > > > > > > > > > I’ve been frantically making an attempt to successfully setting up > > Capture-HPC for some testing – about three weeks. I’ve read both > > Readme.txt file for the client and server configurations and I’m hop > > ing I’m using a fairly supported platform as I have tried this my se > > tup on different Linux OSes and my results are still the same. I ha > > ve one system which I’m trying to run Capture’s server, VMServer > > and the VM clients all from the same machine. Here’s a breakdown of > > my current configuration. I’m using the latest version of Capture-HP > > C - 2.5.1. > > > > > > > > Fedora 9 > > > > VMWare Server 1.0.6 (tgz file was download from VMWare’s site. Does > > not specify if it contains VIX as all Capture documentation insists) > > > > I currently have VMWare networking set up with the bridge to eth0, > > NAT config for server is 192.168.1.1, no host only config. > > > > Xinted is installed > > > > Java 1.6 > > > > Capture-HPC server files with ‘vmware-server IP: 192.168.1.1’ > > > > Path to VMs: /var/lib/vmware/VM/WinXP/WinXP.vmx > > > > Path to Capture Client on VM: C:\Progra~1\capture\CaptureClient.bat > > > > > > > > Guest VM > > > > Windows XP Professional SP2 (no update or firewall enabled) > > > > My VM is network currently set to NAT (the VMWare is distributes the > > IP to the guest. At startup the IP is 192.168.1.128). > > > > Visual C++ 2008 Redistributable Package(SP0) > > > > Internet Explorer 6 > > > > I unzipped the CaptureClient and ran the executable. The VM > > rebooted. I checked the exclusion files and made changes to the > > Application.conf file. Is there anything else I didn’t do on the cl > > ient? Now what? > > > > > > > > *Since there aren’t any detailed installation instructions for how > > VMWare’s networking should be configured the assumption is that my c > > onfiguration is fine in utilizing NAT. I’m able to lauch my guest VM > > and browse the Internet in either setting – NAT or Bridged. The on > > ly difference is in Bridged mode my VM acquires and IP from a DHCP s > > erver I have on my network. If this is wrong it’s an easy fix. > > > > > > > > Where I’m running into trouble is at the point of running the server > > command. Here is the output I receive: > > > > > > > > [r...@seymour capture-server]# java -Djava.net.preferIPv4Stack=true - > > jar CaptureServer.jar -s 192.168.1.1 -f input_urls.txt > > PROJECT: Capture-HPC > > VERSION: 2.5 > > DATE: Apr 25, 2008 > > COPYRIGHT HOLDER: Victoria University of Wellington, NZ > > AUTHORS: > > Christian Seifert (christian.seif...@gmail.com) > > Ramon Steenson(ramon.steen...@gmail.com) > > > > Capture-HPC is free software; you can redistribute it and/or modify > > it under the terms of the GNU General Public License, V2 as > > published by > > the Free Software Foundation. > > > > Capture-HPC is distributed in the hope that it will be useful, > > but WITHOUT ANY WARRANTY; without even the implied warranty of > > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > GNU General Public License for more details. > > > > You should have received a copy of the GNU General Public License > > along with Capture-HPC; if not, write to the Free Software > > Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA > > 02110-1301,USA > > > > > > Option added: server-listen-port => 904 > > Option added: server-listen-address => 192.168.1.1 > > Option added: input_urls => input_urls.txt > > CaptureServer: exception - java.net.BindException: Address already > > in use > > java.net.BindException: Address already in use > > at java.net.PlainSocketImpl.socketBind(Native Method) > > at java.net.AbstractPlainSocketImpl.bind > > (AbstractPlainSocketImpl.java:336) > > at java.net.ServerSocket.bind(ServerSocket.java:336) > > at java.net.ServerSocket.<init>(ServerSocket.java:202) > > at capture.ClientsController.run(ClientsController.java:39) > > at java.lang.Thread.run(Thread.java:636) > > Validating config.xml ... > > config.xml successfully validated > > Option added: capture-network-packets-benign => false > > Option added: capture-network-packets-malicious => false > > Option added: client-default => iexplore > > Option added: client-default-visit-time => 20 > > Option added: client_inactivity_timeout => 60 > > Option added: collect-modified-files => true > > Option added: different_vm_revert_delay => 24 > > Option added: group_size => 20 > > Option added: revert_timeout => 120 > > Option added: same_vm_revert_delay => 6 > > Option added: send-exclusion-lists => false > > Option added: terminate => true > > Option added: vm_stalled_after_revert_timeout => 120 > > Option added: vm_stalled_during_operation_timeout => 300 > > ExclusionList: file - FileMonitor.exl: File not found > > ExclusionList: process - ProcessMonitor.exl: File not found > > ExclusionList: registry - RegistryMonitor.exl: File not found > > [192.168.1.1:904] VM added > > [Jan 21, 2010 1:18:48 PM-192.168.1.1:902-6259058] VMSetState: > > WAITING_TO_BE_REVERTED > > PARSING PREPROCESSOR > > n is null > > Waiting for input URLs... > > [Jan 21, 2010 1:18:51 PM-192.168.1.1:904-6259058] VMSetState: > > REVERTING > > VIX Error on connect in connect: The system returned an error. > > Communication with the virtual machine may have been interrupted > > E Disconnected > > [Jan 21, 2010 1:18:56 PM 192.168.1.1:904-6259058] VMware error 255 > > [Jan 21, 2010 1:18:56 PM-192.168.1.1:904-6259058] VMSetState: ERROR > > Reverting different VM...waiting considerably > > [Jan 21, 2010 1:19:20 PM-192.168.1.1:904-6259058] Finished > > processing VM item: revert > > > > > > > > > > > > I’ve tried the configuration a number of ways and I can’t seem to > > figure out the cause of the error. The troubleshooting page indicat > > es the VIX error could possibly be IP and port of the virtual machin > > e-server setting in config.xml – the VMWare server console and the V > > Ms all reside on the same machine. I’ve tried the localhost IP addre > > ss, the IP issued by my DHCP server (10.10.10.13) as well as the VMW > > are NAT network server IP address (192.168.1.1) . I’ve even switche > > d the XP VM networking to Bridged which doesn’t seem to help. I can > > telnet to the 904 port where I get the VMWare Authentication service > > running. I’m baffled that I’m having this much trouble in this > > self contained environment. All the connections are taking place on > > the same machine. > > > > > > > > I would really appreciate some help with this. I have spent a great > > deal of time troubleshooting this issue and trying to get started in > > using Capture. As I’m not a novice to networking, Linux, or virtual > > machines help from the most knowledgeable of this project is welcomed. > > > > > > > > > > > > Thanks in advance. > > > > > > > > > > > > This e-mail and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please > > notify the sender by replying to this e-mail. Replies to this email > > may be monitored by the Haymarket Group for operational or business > > reasons. Whilst every endeavour is taken to ensure that e-mails are > > free from viruses, no liability can be accepted and the recipient is > > requested to use their own virus checking software. > > www.haymarket.com Haymarket Media Group Limited Registered in > > England no. 267189 Registered Office: 174 Hammersmith Road, London > > W6 7JP --ES > > _______________________________________________ > > Capture-HPC mailing list > > Capture-HPC@public.honeynet.org > > https://public.honeynet.org/mailman/listinfo/capture-hpc > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > -- > ---- > Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert > > PGP key > http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt<http://homepages.ecs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 > BAEF > > This e-mail and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the sender by > replying to this e-mail. Replies to this email may be monitored by the > Haymarket Group for operational or business reasons. Whilst every endeavour > is taken to ensure that e-mails are free from viruses, no liability can be > accepted and the recipient is requested to use their own virus checking > software. www.haymarket.com Haymarket Media Group Limited Registered in > England no. 267189 Registered Office: 174 Hammersmith Road, London W6 7JP > --ES > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > -- > ---- > Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert > > PGP key > http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt<http://homepages.ecs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 > BAEF > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > -- > ---- > Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert > > PGP key > http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt<http://homepages.ecs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 > BAEF > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > -- ---- Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert PGP key http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
