Andre, Make sure your Firewall settings are right.. If you are using iptables on the Fedora box, turn it off until the problem is resolved. And double check the XP box FW.
mark On Fri, Jan 22, 2010 at 2:18 AM, Andre Hall <ah...@westcoast.com> wrote: > I tried it a with and without 904 specified. I also tried with 7070 and > I still get the error . I’ve attached my config.xml file. I’ve flipped this > config file around a number of ways already. I hope you have luck figuring > out what’s wrong. > > > > Question: There is a line in the config file for setting up a username and > password for the VM console to connect remotely. Since I connect through > VMWare to the guest from the same box is the username password necessary in > my case? > > > > > > > > > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Christian Seifert > *Sent:* Thursday, January 21, 2010 10:47 PM > > *To:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] (no subject) > > > > I think I know: > > you need to start capture server with the port 7070: > > Example: java -Djava.net.preferIPv4Stack=true -jar CaptureServer.jar -s <IP > listening address>:*<IP listening port>* -f input_uris.txt. > > > >From your output below, seems like you dont specify a port and it defaults > to 904...not sure why it chooses that one as a default... > > try 7070 --- if it still doesnt work, pls send your config.xml file... > > On Thu, Jan 21, 2010 at 10:29 PM, Andre Hall <ah...@westcoast.com> wrote: > > Now you know how I feel. :o) > > > > I’m sure you’re currently running capture servers. What OS are you running > on the host and which version of VMWare. My configuration does meet the > requirements correct? VMWare network configuration OK? I’m trying to > eliminate all differences necessary. I just want to get this thing going. So > far I out of luck. L > > Hope you can figure this out? > > > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Christian Seifert > *Sent:* Thursday, January 21, 2010 10:23 PM > > > *To:* General discussion list for Capture-HPC users > *Cc:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] (no subject) > > > > Andre, bit baffled be this. Let me think a bit what we could try next ... > I'll get back to you... > > > > Christian > > > On Jan 21, 2010, at 10:11 PM, "Andre Hall" <ah...@westcoast.com> wrote: > > Sure…here you are. > > > > [r...@seymour ~]# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:1C:25:52:53:BA > > inet addr:192.168.10.13 Bcast:192.168.10.255 Mask:255.255.255.0 > > inet6 addr: fe80::21c:25ff:fe52:53ba/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:627 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:214 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:78013 (76.1 KiB) TX bytes:22667 (22.1 KiB) > > Interrupt:19 > > > > eth1 Link encap:Ethernet HWaddr 00:14:C1:4B:C0:04 > > UP BROADCAST MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > Interrupt:21 Base address:0x8000 > > > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:5006 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:5006 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:256436 (250.4 KiB) TX bytes:256436 (250.4 KiB) > > > > vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08 > > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 > > inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:25 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > > > > > > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Christian Seifert > *Sent:* Thursday, January 21, 2010 10:01 PM > *To:* General discussion list for Capture-HPC users > *Cc:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] (no subject) > > > > could you send the output of ifconfig cmd? > > > On Jan 21, 2010, at 8:44 PM, "Andre Hall" <ah...@westcoast.com> wrote: > > So….with nc –l 7070 on running the host side I telnet from the XP VM and > I get a blank screen…I’m connected to my host terminal > > > > > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Christian Seifert > *Sent:* Thursday, January 21, 2010 8:20 PM > *To:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] (no subject) > > > > Andre, shouldnt it be the other way around? > > You run netcat to listen on 7070 on the host os (your fedora) and telnet > from your guest os (xp)... > > On Thu, Jan 21, 2010 at 8:14 PM, Andre Hall <ah...@westcoast.com> wrote: > > Hi Christian, > > > > I installed netcat on my XP VM with the command options to listen on port > 7070, then execute cmd.exe > > > > From the terminal in Fedora I was able to telnet to my XP VM on port 7070 > where I have access to the command prompt. Does that help you out? > > > > > > > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Christian Seifert > *Sent:* Thursday, January 21, 2010 7:51 PM > > > *To:* General discussion list for Capture-HPC users > *Subject:* Re: [Capture-HPC] (no subject) > > > > can you open a listening tcp connection on port 7070 with another tool - > say netcat? > > On Thu, Jan 21, 2010 at 7:45 PM, Andre Hall <ah...@westcoast.com> wrote: > > Yes, I’m running as root but I don’t see it listening after I run the > capture server. > > > > *From:* capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] *On Behalf Of *Christian Seifert > *Sent:* Thursday, January 21, 2010 7:42 PM > > > *To:* General discussion list for Capture-HPC users > > *Subject:* Re: [Capture-HPC] (no subject) > > > > After you run the capture server, do you see it listening on port 7070? > Maybe its a permission issue? Are you running as root? > > On Thu, Jan 21, 2010 at 6:54 PM, Andre Hall <ah...@westcoast.com> wrote: > > Hi Christian, > > > I've confirmed that there's no other service on port 7070. I can't however > make any connections on port 7070 via telnet from within the VM. This is the > exact problem I'm having with the other kit I have setup (Ubuntu 8.10/ > VMWare 1.0.7). These boxes are both new installs on isolated networks before > I set the up to test. > > The instructions you provide with Capture aren't extremely difficult to > follow. I really don't see how after at least a half dozen attempts I > haven't reached my goal of completing this install. > > > Any other suggestions? > > > > > -----Original Message----- > From: capture-hpc-boun...@public.honeynet.org [mailto: > capture-hpc-boun...@public.honeynet.org] On Behalf Of Christian Seifert > Sent: Thursday, January 21, 2010 5:08 PM > To: General discussion list for Capture-HPC users > Cc: <capture-hpc@public.honeynet.org> > Subject: Re: [Capture-HPC] (no subject) > > Andre, looking at the error it may be that there is another process > running on port 7070 already. Can you check? > > After you start the server it should be listening on 7070 and you > should be able to connect to it from within the vm. (just use telnet > to try) > > Christian > > > > On Jan 21, 2010, at 4:01 PM, "Andre Hall" <ah...@westcoast.com> wrote: > > > Hello, > > > > > > > > > > > > I’ve been frantically making an attempt to successfully setting up > > Capture-HPC for some testing – about three weeks. I’ve read both > > Readme.txt file for the client and server configurations and I’m hop > > ing I’m using a fairly supported platform as I have tried this my se > > tup on different Linux OSes and my results are still the same. I ha > > ve one system which I’m trying to run Capture’s server, VMServer > > and the VM clients all from the same machine. Here’s a breakdown of > > my current configuration. I’m using the latest version of Capture-HP > > C - 2.5.1. > > > > > > > > Fedora 9 > > > > VMWare Server 1.0.6 (tgz file was download from VMWare’s site. Does > > not specify if it contains VIX as all Capture documentation insists) > > > > I currently have VMWare networking set up with the bridge to eth0, > > NAT config for server is 192.168.1.1, no host only config. > > > > Xinted is installed > > > > Java 1.6 > > > > Capture-HPC server files with ‘vmware-server IP: 192.168.1.1’ > > > > Path to VMs: /var/lib/vmware/VM/WinXP/WinXP.vmx > > > > Path to Capture Client on VM: C:\Progra~1\capture\CaptureClient.bat > > > > > > > > Guest VM > > > > Windows XP Professional SP2 (no update or firewall enabled) > > > > My VM is network currently set to NAT (the VMWare is distributes the > > IP to the guest. At startup the IP is 192.168.1.128). > > > > Visual C++ 2008 Redistributable Package(SP0) > > > > Internet Explorer 6 > > > > I unzipped the CaptureClient and ran the executable. The VM > > rebooted. I checked the exclusion files and made changes to the > > Application.conf file. Is there anything else I didn’t do on the cl > > ient? Now what? > > > > > > > > *Since there aren’t any detailed installation instructions for how > > VMWare’s networking should be configured the assumption is that my c > > onfiguration is fine in utilizing NAT. I’m able to lauch my guest VM > > and browse the Internet in either setting – NAT or Bridged. The on > > ly difference is in Bridged mode my VM acquires and IP from a DHCP s > > erver I have on my network. If this is wrong it’s an easy fix. > > > > > > > > Where I’m running into trouble is at the point of running the server > > command. Here is the output I receive: > > > > > > > > [r...@seymour capture-server]# java -Djava.net.preferIPv4Stack=true - > > jar CaptureServer.jar -s 192.168.1.1 -f input_urls.txt > > PROJECT: Capture-HPC > > VERSION: 2.5 > > DATE: Apr 25, 2008 > > COPYRIGHT HOLDER: Victoria University of Wellington, NZ > > AUTHORS: > > Christian Seifert (christian.seif...@gmail.com) > > Ramon Steenson(ramon.steen...@gmail.com) > > > > Capture-HPC is free software; you can redistribute it and/or modify > > it under the terms of the GNU General Public License, V2 as > > published by > > the Free Software Foundation. > > > > Capture-HPC is distributed in the hope that it will be useful, > > but WITHOUT ANY WARRANTY; without even the implied warranty of > > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > GNU General Public License for more details. > > > > You should have received a copy of the GNU General Public License > > along with Capture-HPC; if not, write to the Free Software > > Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA > > 02110-1301,USA > > > > > > Option added: server-listen-port => 904 > > Option added: server-listen-address => 192.168.1.1 > > Option added: input_urls => input_urls.txt > > CaptureServer: exception - java.net.BindException: Address already > > in use > > java.net.BindException: Address already in use > > at java.net.PlainSocketImpl.socketBind(Native Method) > > at java.net.AbstractPlainSocketImpl.bind > > (AbstractPlainSocketImpl.java:336) > > at java.net.ServerSocket.bind(ServerSocket.java:336) > > at java.net.ServerSocket.<init>(ServerSocket.java:202) > > at capture.ClientsController.run(ClientsController.java:39) > > at java.lang.Thread.run(Thread.java:636) > > Validating config.xml ... > > config.xml successfully validated > > Option added: capture-network-packets-benign => false > > Option added: capture-network-packets-malicious => false > > Option added: client-default => iexplore > > Option added: client-default-visit-time => 20 > > Option added: client_inactivity_timeout => 60 > > Option added: collect-modified-files => true > > Option added: different_vm_revert_delay => 24 > > Option added: group_size => 20 > > Option added: revert_timeout => 120 > > Option added: same_vm_revert_delay => 6 > > Option added: send-exclusion-lists => false > > Option added: terminate => true > > Option added: vm_stalled_after_revert_timeout => 120 > > Option added: vm_stalled_during_operation_timeout => 300 > > ExclusionList: file - FileMonitor.exl: File not found > > ExclusionList: process - ProcessMonitor.exl: File not found > > ExclusionList: registry - RegistryMonitor.exl: File not found > > [192.168.1.1:904] VM added > > [Jan 21, 2010 1:18:48 PM-192.168.1.1:902-6259058] VMSetState: > > WAITING_TO_BE_REVERTED > > PARSING PREPROCESSOR > > n is null > > Waiting for input URLs... > > [Jan 21, 2010 1:18:51 PM-192.168.1.1:904-6259058] VMSetState: > > REVERTING > > VIX Error on connect in connect: The system returned an error. > > Communication with the virtual machine may have been interrupted > > E Disconnected > > [Jan 21, 2010 1:18:56 PM 192.168.1.1:904-6259058] VMware error 255 > > [Jan 21, 2010 1:18:56 PM-192.168.1.1:904-6259058] VMSetState: ERROR > > Reverting different VM...waiting considerably > > [Jan 21, 2010 1:19:20 PM-192.168.1.1:904-6259058] Finished > > processing VM item: revert > > > > > > > > > > > > I’ve tried the configuration a number of ways and I can’t seem to > > figure out the cause of the error. The troubleshooting page indicat > > es the VIX error could possibly be IP and port of the virtual machin > > e-server setting in config.xml – the VMWare server console and the V > > Ms all reside on the same machine. I’ve tried the localhost IP addre > > ss, the IP issued by my DHCP server (10.10.10.13) as well as the VMW > > are NAT network server IP address (192.168.1.1) . I’ve even switche > > d the XP VM networking to Bridged which doesn’t seem to help. I can > > telnet to the 904 port where I get the VMWare Authentication service > > running. I’m baffled that I’m having this much trouble in this > > self contained environment. All the connections are taking place on > > the same machine. > > > > > > > > I would really appreciate some help with this. I have spent a great > > deal of time troubleshooting this issue and trying to get started in > > using Capture. As I’m not a novice to networking, Linux, or virtual > > machines help from the most knowledgeable of this project is welcomed. > > > > > > > > > > > > Thanks in advance. > > > > > > > > > > > > This e-mail and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please > > notify the sender by replying to this e-mail. Replies to this email > > may be monitored by the Haymarket Group for operational or business > > reasons. Whilst every endeavour is taken to ensure that e-mails are > > free from viruses, no liability can be accepted and the recipient is > > requested to use their own virus checking software. > > www.haymarket.com Haymarket Media Group Limited Registered in > > England no. 267189 Registered Office: 174 Hammersmith Road, London > > W6 7JP --ES > > _______________________________________________ > > Capture-HPC mailing list > > Capture-HPC@public.honeynet.org > > https://public.honeynet.org/mailman/listinfo/capture-hpc > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > -- > ---- > Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert > > PGP key > http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 > BAEF > > This e-mail and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the sender by > replying to this e-mail. Replies to this email may be monitored by the > Haymarket Group for operational or business reasons. Whilst every endeavour > is taken to ensure that e-mails are free from viruses, no liability can be > accepted and the recipient is requested to use their own virus checking > software. www.haymarket.com Haymarket Media Group Limited Registered in > England no. 267189 Registered Office: 174 Hammersmith Road, London W6 7JP > --ES > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > -- > ---- > Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert > > PGP key > http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 > BAEF > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > -- > ---- > Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert > > PGP key > http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 > BAEF > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > -- > ---- > Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert > > PGP key > http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 > BAEF > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > >
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
