Terry, see inline... On Tue, Jan 26, 2010 at 7:42 PM, Terry MacDonald <terry.macdon...@gmail.com>wrote:
> > Hi All, > > > > I’ve got some questions that someone may be able to help with around the > configuration of Capture-HPC and any restrictions on it's use. > > > - Does Capture-HPC have the ability to run multiple types of Client VMs on > a single VMWare host? i.e. one group of 3 VM's of Windows XP SP2, and > another group of 2 VM's with Windows XP SP3 at the same time? And have them > all report back to the single Capture-HPC Server? > > > You can run multiple types of VMs, but cant selectively send one URL to a specific one. > - Does a single Capture-HPC Server support controlling Capture-HPC > clients on more than one VMWare server? i.e. If we have Capture-HPC client > VMs running on 4 separate ESXi hosts will one instance of Capture-HPC Server > handle controlling them all? Will the MySQL database support getting data > from these instances? > > > Yes > - Can I run some URL's through Internet Explorer, and some other's > through Firefox, and some other's through Acrobat Reader, but all from > within the same VM image? i.e. If a Capture-HPC Client VM image has firefox > and Adobe Acrobat reader installed on it, can I instruct Capture-HPC to open > all URL's ending in .pdf from within acrobat, and all .swf files in Internet > Explorer, and all the rest in Firefox? > > > Yes, as part of the input file, you can specify which application to open it with. > - Next question – in the Capture-HPC Server Readme.txt, Christian talks > about different vm’s and same vm’s as part of the explanation in the > ‘same_vm_revert_delay’ and ‘different_vm_revert_delay’. Do you know what > he’s meaning with those two settings? Does it mean that I can run different > client VM’s on the same VMWare host? Or is it that I can run different > Client VM’s on different VMWare hosts? Or some other explaination? > > > it just pertains to the VM instance. Assume you have three VM instances on one box: A, B, C. If you revert A twice, it would wait same_vm_revert_delay seconds; if you revert A and then B, it would wait different_vm_revert_delay. > - Next – if I supply the list of urls to test to the command line, I know > that Capture-HPC logs which URL’s it has processed. I also know that if I > want to supply a new list of URL’s I can do that easily by supplying a new > file. Now, if I instead use the new database way of introducing URL’s, does > Capture-HPC server clear out those URL’s from that url table itself, or do I > need to clear it out? Is the list of URL’s supposed to stay in the database > and the table just keep growing? Or is the URL ‘lifed’ so that after a > certain length of time the url will be removed from the url table (if it > hasn’t been check in X days) > > > I believe you need to clear it out; however, if capture visited URLs, it will tag them as such. So if you add additional URLs to the table, you should be fine. No need to clear out the old entries... > - And finally, is there a way of selecting the snapshot that the > Capture-HPC Server reverts the client back to? Or is it always the last one > that was made for that virtual machine? > > > No, that is currently not supported. Can you explain the use case for reverting to different snapshots? > Thanks > > > Terry MacDonald > > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > -- ---- Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert PGP key http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
