Although I was waiting for your response, there was no response.
Please, I sincerely hope your response..!!!
↓ following is my capture system setting & configuration
My Capture-HPC System is following this.
------------------------------------------------------
Capture Server(Host) is
- windows xp sp2 (IIS 5.1 installed)
- capture-server-2.5.1-389
- vmware 1.0.6
- Java JRE 1.6.0
Capture Client(Guest OS) is
- windows xp sp2
- capture-client-2.5.1-389
- Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
- VMware tools
------------------------------------------------------
This is Capture-server(Host) ipconfig infomation from cmd.exe
======================================
Windows IP Configuration
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.18.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter 로컬 영역 연결:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 220.70.1.59
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 220.70.1.254
======================================
This is Guest OS(Client) ipconfig infomation from cmd.exe
======================================
Windows IP Configuration
Ethernet adapter 로컬 영역 연결:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.159.128
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.159.2
======================================
Above guess os ip setting is used to share the host’s IP address ->
VMnet8(NAT) setting
This is my config.xml of capture-server(host)
============================================================
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:noNamespaceSchemaLocation="config.xsd">
<!-- version 2.5 -->
<global collect-modified-files="true"
client-default="iexplorebulk"
client-default-visit-time="20"
capture-network-packets-malicious="true"
capture-network-packets-benign="false"
send-exclusion-lists="false"
terminate="true"
group_size="20"
vm_stalled_after_revert_timeout="120"
revert_timeout="120"
client_inactivity_timeout="60"
vm_stalled_during_operation_timeout="300"
same_vm_revert_delay="6"
different_vm_revert_delay="24"
/>
<exclusion-list monitor="file" file="FileMonitor.exl" />
<exclusion-list monitor="process" file="ProcessMonitor.exl" />
<exclusion-list monitor="registry" file="RegistryMonitor.exl" />
<virtual-machine-server type="vmware-server"
address="192.168.0.1(Am I right?)" port="7070" username="Administrator"
password="****">
<virtual-machine vm-path="D:\download\Virtual Machines\Windows XP
Professional\Windows XP Professional.vmx"
client-
path="C:\Progra~1\Capture\CaptureClient.bat"
username="doovoo"
password="****"/>
</virtual-machine-server>
</config>
============================================================
But, I have this problem…
\capture-server-2.5.1-389>java -Djava.net.preferIPv4Stack=true -jar
CaptureServer.jar -s 192.168.0.1:7070 -f input_urls_example.txt
Option added: server-listen-port => 7070
Option added: server-listen-address => 192.168.0.1
Option added: input_urls => input_urls_example.txt
CaptureServer: Listening for connections
Validating config.xml ...
config.xml successfully validated
Option added: capture-network-packets-benign => false
Option added: capture-network-packets-malicious => false
Option added: client-default => iexplorebulk
Option added: client-default-visit-time => 20
Option added: client_inactivity_timeout => 60
Option added: collect-modified-files => true
Option added: different_vm_revert_delay => 24
Option added: group_size => 20
Option added: revert_timeout => 120
Option added: same_vm_revert_delay => 6
Option added: send-exclusion-lists => false
Option added: terminate => true
Option added: vm_stalled_after_revert_timeout => 120
Option added: vm_stalled_during_operation_timeout => 300
ExclusionList: file - FileMonitor.exl: File not found
ExclusionList: process - ProcessMonitor.exl: File not found
ExclusionList: registry - RegistryMonitor.exl: File not found
[192.168.0.1:7070] VM added
[6월 29, 2010 11:00:34 오후-192.168.0.1:7070-3374351] VMSetState:
WAITING_TO_BE_REVERTED
PARSING PREPROCESSOR
n is null
Waiting for input URLs...
[6월 29, 2010 11:00:36 오후-192.168.0.1:7070-3374351] VMSetState: REVERTING
VIX Error on reverting to snapshot: The system returned an error.
Communication
with the virtual machine may have been interrupted
E Disconnected
[6월 29, 2010 11:01:02 오후 192.168.0.1:7070-3374351] VMware error -1
[6월 29, 2010 11:01:02 오후-192.168.0.1:7070-3374351] VMSetState: ERROR
Reverting different VM...waiting considerably
I really don’t know why this problem happened.
Please check my wrong setting…!!!
Thanks!
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
