Because of Below capture server running error message, I’m checking my capture system setting as many.
When capture server is not running, I’m not able to telnet from the client machine to the capture server on port 7070 But When capture server is running, I am able to telnet from the client machine to the capture server on port 7070 I can see following message from client(vm). <connect server="2.5" /> Does it mean that capture server open 7070 port successfully?? I’ve had capture server error for 3 weeks. I was being tired more and more… please help! From: 나성수 [mailto:doovoo0...@gmail.com] Sent: Thursday, July 01, 2010 8:49 PM To: 'vanla...@gmail.com'; 'christian.seif...@gmail.com'; 'rsteen...@gmail.com' Cc: 'capture-hpc@public.honeynet.org'; 'mailman-ow...@public.honeynet.org' Subject: [Capture-HPC] VIX Error on reverting to snapshot. Dear All, I still have same problem for some weeks when I run capture server(java command). I really don’t know why this problem happened. I want to know that what I have to check to solve this problem. My Capture-HPC System is following this. ------------------------------------------------------ Capture Server(Host) is - windows xp sp2 (IIS 5.1 installed) - capture-server-2.5.1-389 - vmware 1.0.6 - Java JRE 1.6.0 Capture Client(Guest OS) is - windows xp sp2 - capture-client-2.5.1-389 - Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 - VMware tools ------------------------------------------------------ This is Capture-server(Host) ipconfig infomation from cmd.exe ====================================== Windows IP Configuration Ethernet adapter VMware Network Adapter VMnet8: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.0.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet adapter VMware Network Adapter VMnet1: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.217.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet adapter 로컬 영역 연결: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 220.70.1.59 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 220.70.1.254 ====================================== This is Guest OS(Client) ipconfig infomation from cmd.exe ====================================== Windows IP Configuration Ethernet adapter 로컬 영역 연결: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.159.2 ====================================== VMware network connection : NAT(Used to share the host’s IP address) This is my config.xml of capture-server(host) ============================================================ <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:noNamespaceSchemaLocation="config.xsd"> <!-- version 2.5 --> <global collect-modified-files="true" client-default="iexplorebulk" client-default-visit-time="20" capture-network-packets-malicious="true" capture-network-packets-benign="false" send-exclusion-lists="false" terminate="true" group_size="20" vm_stalled_after_revert_timeout="120" revert_timeout="120" client_inactivity_timeout="60" vm_stalled_during_operation_timeout="300" same_vm_revert_delay="6" different_vm_revert_delay="24" /> <exclusion-list monitor="file" file="FileMonitor.exl" /> <exclusion-list monitor="process" file="ProcessMonitor.exl" /> <exclusion-list monitor="registry" file="RegistryMonitor.exl" /> <virtual-machine-server type="vmware-server" address="192.168.0.1(Am I right?)" port="7070" username="Administrator" password="****"> <virtual-machine vm-path="D:\download\Virtual Machines\Windows XP Professional\Windows XP Professional.vmx" client- path="C:\Progra~1\Capture\CaptureClient.bat" username="doovoo" password="****"/> </virtual-machine-server> </config> ============================================================ But, I have this problem… \capture-server-2.5.1-389>java -Djava.net.preferIPv4Stack=true -jar CaptureServer.jar -s 192.168.0.1:7070 -f input_urls_example.txt Option added: server-listen-port => 7070 Option added: server-listen-address => 192.168.0.1 Option added: input_urls => input_urls_example.txt CaptureServer: Listening for connections Validating config.xml ... config.xml successfully validated Option added: capture-network-packets-benign => false Option added: capture-network-packets-malicious => false Option added: client-default => iexplorebulk Option added: client-default-visit-time => 20 Option added: client_inactivity_timeout => 60 Option added: collect-modified-files => true Option added: different_vm_revert_delay => 24 Option added: group_size => 20 Option added: revert_timeout => 120 Option added: same_vm_revert_delay => 6 Option added: send-exclusion-lists => false Option added: terminate => true Option added: vm_stalled_after_revert_timeout => 120 Option added: vm_stalled_during_operation_timeout => 300 ExclusionList: file - FileMonitor.exl: File not found ExclusionList: process - ProcessMonitor.exl: File not found ExclusionList: registry - RegistryMonitor.exl: File not found [192.168.0.1:7070] VM added [6월 29, 2010 11:00:34 오후-192.168.0.1:7070-3374351] VMSetState: WAITING_TO_BE_REVERTED PARSING PREPROCESSOR n is null Waiting for input URLs... [6월 29, 2010 11:00:36 오후-192.168.0.1:7070-3374351] VMSetState: REVERTING VIX Error on reverting to snapshot: The system returned an error. Communication with the virtual machine may have been interrupted E Disconnected [6월 29, 2010 11:01:02 오후 192.168.0.1:7070-3374351] VMware error -1 [6월 29, 2010 11:01:02 오후-192.168.0.1:7070-3374351] VMSetState: ERROR Reverting different VM...waiting considerably
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
