Why is your guest os not on the same subnet as vmnet8?
On Jun 29, 2010, at 7:07 AM, 나성수 <doovoo0...@gmail.com> wrote: > Although I was waiting for your response, there was no response. > > Please, I sincerely hope your response..!!! > > > > > > > > ↓ following is my capture system setting & configuration > > > > > > My Capture-HPC System is following this. > > ------------------------------------------------------ > > Capture Server(Host) is > > - windows xp sp2 (IIS 5.1 installed) > > - capture-server-2.5.1-389 > > - vmware 1.0.6 > > - Java JRE 1.6.0 > > > > Capture Client(Guest OS) is > > - windows xp sp2 > > - capture-client-2.5.1-389 > > - Microsoft Visual C++ 2008 Redistributable – x86 9.0.21022 > > - VMware tools > > ------------------------------------------------------ > > > > > > This is Capture-server(Host) ipconfig infomation from cmd.exe > > ====================================== > > Windows IP Configuration > > > > Ethernet adapter VMware Network Adapter VMnet8: > > > > Connection-specific DNS Suffix . : > > IP Address. . . . . . . . . . . . : 192.168.0.1 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : > > > > Ethernet adapter VMware Network Adapter VMnet1: > > > > Connection-specific DNS Suffix . : > > IP Address. . . . . . . . . . . . : 192.168.18.1 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : > > > > Ethernet adapter 로컬 영역 연결: > > > > Connection-specific DNS Suffix . : > > IP Address. . . . . . . . . . . . : 220.70.1.59 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 220.70.1.254 > > ====================================== > > > > > > This is Guest OS(Client) ipconfig infomation from cmd.exe > > ====================================== > > Windows IP Configuration > > > > Ethernet adapter 로컬 영역 연결: > > > > Connection-specific DNS Suffix . : > > IP Address. . . . . . . . . . . . : 192.168.159.128 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.159.2 > > ====================================== > > > > Above guess os ip setting is used to share the host’s IP address -> > VMnet8(NAT) setting > > > > > > > > This is my config.xml of capture-server(host) > > ============================================================ > > <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > xsi:noNamespaceSchemaLocation="config.xsd"> > > <!-- version 2.5 --> > > > > <global collect-modified-files="true" > > client-default="iexplorebulk" > > client-default-visit-time="20" > > capture-network-packets-malicious="true" > > capture-network-packets-benign="false" > > send-exclusion-lists="false" > > terminate="true" > > group_size="20" > > vm_stalled_after_revert_timeout="120" > > revert_timeout="120" > > client_inactivity_timeout="60" > > vm_stalled_during_operation_timeout="300" > > same_vm_revert_delay="6" > > different_vm_revert_delay="24" > > /> > > > > <exclusion-list monitor="file" file="FileMonitor.exl" /> > > <exclusion-list monitor="process" file="ProcessMonitor.exl" /> > > <exclusion-list monitor="registry" file="RegistryMonitor.exl" /> > > > > <virtual-machine-server type="vmware-server" > address="192.168.0.1(Am I right?)" port="7070" username="Administrator" > password="****"> > > <virtual-machine vm-path="D:\download\Virtual Machines\Windows XP > Professional\Windows XP Professional.vmx" > > > client-path="C:\Progra~1\Capture\CaptureClient.bat" > > > username="doovoo" > > > password="****"/> > > </virtual-machine-server> > > </config> > > ============================================================ > > > > > > But, I have this problem… > > > > \capture-server-2.5.1-389>java -Djava.net.preferIPv4Stack=true -jar > CaptureServer.jar -s 192.168.0.1:7070 -f input_urls_example.txt > > > > Option added: server-listen-port => 7070 > > Option added: server-listen-address => 192.168.0.1 > > Option added: input_urls => input_urls_example.txt > > CaptureServer: Listening for connections > > Validating config.xml ... > > config.xml successfully validated > > Option added: capture-network-packets-benign => false > > Option added: capture-network-packets-malicious => false > > Option added: client-default => iexplorebulk > > Option added: client-default-visit-time => 20 > > Option added: client_inactivity_timeout => 60 > > Option added: collect-modified-files => true > > Option added: different_vm_revert_delay => 24 > > Option added: group_size => 20 > > Option added: revert_timeout => 120 > > Option added: same_vm_revert_delay => 6 > > Option added: send-exclusion-lists => false > > Option added: terminate => true > > Option added: vm_stalled_after_revert_timeout => 120 > > Option added: vm_stalled_during_operation_timeout => 300 > > ExclusionList: file - FileMonitor.exl: File not found > > ExclusionList: process - ProcessMonitor.exl: File not found > > ExclusionList: registry - RegistryMonitor.exl: File not found > > [192.168.0.1:7070] VM added > > [6월 29, 2010 11:00:34 오후-192.168.0.1:7070-3374351] VMSetState: > WAITING_TO_BE_REVERTED > > PARSING PREPROCESSOR > > n is null > > Waiting for input URLs... > > [6월 29, 2010 11:00:36 오후-192.168.0.1:7070-3374351] VMSetState: REVERTING > > VIX Error on reverting to snapshot: The system returned an error. > Communication > > with the virtual machine may have been interrupted > > E Disconnected > > [6월 29, 2010 11:01:02 오후 192.168.0.1:7070-3374351] VMware error -1 > > [6월 29, 2010 11:01:02 오후-192.168.0.1:7070-3374351] VMSetState: ERROR > > Reverting different VM...waiting considerably > > > > > > > > I really don’t know why this problem happened. > > Please check my wrong setting…!!! > > Thanks! > > > >
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
