Terry, You're replies are useful, I've made sure all steps are correct, however other sources suggest we initiate the ANT before compiling the Capture-Hpc, so we decided to set up the ant, and once the ant is initiated an error popped out saying net/sf/antcontrib/antcontrib.properties "cannot be found" .
Hmm.. running ANT is crucial to compile capture-hpc ? and yes thanks for the alternative solution of spiderhoney network CAPTURE, we are giving it a go now, perhaps the older version has lots of bugs. Are there any useful installation guides available? Thanks. -----Original Message----- From: capture-hpc-boun...@public.honeynet.org [mailto:capture-hpc-boun...@public.honeynet.org] On Behalf Of Terry MacDonald Sent: Wednesday, September 05, 2012 9:18 AM To: General discussion list for Capture-HPC users Subject: Re: [Capture-HPC] Capture-HPC VMWare error Mohamed, If you still can't get it working, then maybe this project is better suited. http://pl.honeynet.org/HoneySpiderNetworkCapture The polish honeynet project have rewritten capture-hpc to work with virtualbox, and extended it with other functionality. I've not used it yet so can't comment on how easy it is to install. But it may be worth a look? If you do decide to try it I'd love to hear feedback to this list on how it went? Cheers Terry MacDonald On 05/09/2012, Mohamed Hamed Al Rashdi <mohamed.alras...@ita.gov.om> wrote: > Dear Terry, > > I am not using ESXi Free version not the Vsphere. I'm using the VMWARE > server 2.0 and Vmware VIX 1.6. > > Oh such a hustle to make this compile correctly! Hints ?? > > -----Original Message----- > From: capture-hpc-boun...@public.honeynet.org > [mailto:capture-hpc-boun...@public.honeynet.org] On Behalf Of Terry > MacDonald > Sent: Wednesday, September 05, 2012 4:15 AM > To: General discussion list for Capture-HPC users > Subject: Re: [Capture-HPC] Capture-HPC VMWare error > > Hi Mohammed, > > Its been a while since I did this, so please forgive me if my > suggestions don't work.... > > You may have a different version of the VIX libraries from the ones > that were about when I used them.I have a few questions though: > > - Are you using ESXi free version, or ESX/VSphere full paid version? > If you are using ESXi free then the revert binary won't compile. You > need to use the script provided in the docuemnt instead. > - If you are using ESX/VSphere paid version, then you need to edit the > compile_revert_linux.sh script and change the library '.so' its > looking for to a different one (section 5.10.2 in my doc). It tries to > look for the libvmware-vix.so, whereas ESXi free uses libvix.so > > I remember that this part was the trickiest part of all. I had to make > sure that the shell environment variables listed in section 5.8.2 were > correctly set up before the the compile would take place. > > Hope that helps a bit? > > Cheers > > Terry MacDonald > > On 04/09/2012, Mohamed Hamed Al Rashdi <mohamed.alras...@ita.gov.om> wrote: >> Dear Terry, >> >> I've started all over again following your guide, however ive faced >> erros while compiling. >> I've attached an image of how the error looks like, >> >> >> >> ________________________________ >> From: capture-hpc-boun...@public.honeynet.org >> [capture-hpc-boun...@public.honeynet.org] On Behalf Of Terry >> MacDonald [terry.macdon...@gmail.com] >> Sent: Tuesday, August 28, 2012 3:35 PM >> To: General discussion list for Capture-HPC users >> Subject: Re: [Capture-HPC] Capture-HPC VMWare error >> >> Hi Mohamed, >> >> I would recommend reading section 5 of the >> How_to_compile_Capture-HPC_v1.2.doc if you are running Capture Server >> for linux. That specific command is part of a replacement shell >> script that I wrote for the revert binary that uses plink ssh client >> to connect from the CaptureHPC server to the VMware server running >> the CaptureHPC clients, and restarts them. Thats in section 5.10.3. >> But I would recommend running through the complete section 5 as the >> commands were all written to work as a whole. >> >> Also, if you;ve found some better ways to get around some of the >> issues I'd love to hear about them. >> >> Cheers >> >> Terry MacDonald >> >> >> >> On 28 August 2012 21:56, Mohamed Hamed Al Rashdi >> <mohamed.alras...@ita.gov.om<mailto:mohamed.alras...@ita.gov.om>> wrote: >> Dear Terry, >> >> Thanks for your reply, however can you illustrate how to use a >> vin-cmd command executed over ssh ? >> >> Thanks. >> >> From: >> capture-hpc-boun...@public.honeynet.org<mailto:capture-hpc-bounces@pu >> b >> lic.honeynet.org> >> [mailto:capture-hpc-boun...@public.honeynet.org<mailto:capture-hpc-bo >> u >> n...@public.honeynet.org>] >> On Behalf Of Terry MacDonald >> Sent: Tuesday, August 28, 2012 12:52 PM >> To: General discussion list for Capture-HPC users >> Subject: Re: [Capture-HPC] Capture-HPC VMWare error >> >> Hi Mohamed, >> >> You might be hitting a problem I remember having. VMWare changed the >> licensing on their VIX libraries on later versions to limit the >> number of API's you could use without a valid license. And that >> stopped the built-in linux revert script from working. So I found a >> different way. >> It seemed that you could use a vin-cmd command executed over ssh to >> get it to work. >> >> Its probably time to resend out the documentation I wrote early last >> year as you might find it handy. The docs cover how to compile >> CaptureHPC v1.2, and how to configure CaptureHPC v1.3. (I didnt get >> round to writing the how to compile CaptureHPC v1.3 doc). But >> hopefully you find it useful. If you have any corrections you find, >> it would be good if you could post the workarounds here for everyone to use. >> >> Hope that helps >> >> Terry MacDonald >> >> >> On 28 August 2012 20:31, Mohamed Hamed Al Rashdi >> <mohamed.alras...@ita.gov.om<mailto:mohamed.alras...@ita.gov.om>> wrote: >> Dear experts, >> >> I have been trying to implement the capture-HPC for a month now, and >> I've had trouble initiating it. Been troubleshooting ever since 4 weeks. >> >> Here's the latest result, >> >> Option added: server-listen-port => 7070 Option added: >> server-listen-address => 10.30.10.234 Option added: input_urls => >> input_urls_example.txt >> CaptureServer: Listening for connections Validating config.xml ... >> config.xml successfully validated >> Option added: capture-network-packets-benign => false Option added: >> capture-network-packets-malicious => false Option added: >> client-default => iexplorebulk Option added: >> client-default-visit-time => 20 Option added: client_inactivity_timeout => >> 60 Option added: >> collect-modified-files => false Option added: >> different_vm_revert_delay => 24 Option added: group_size => 20 Option >> added: revert_timeout => 120 Option added: same_vm_revert_delay => 6 >> Option added: send-exclusion-lists => false Option added: terminate >> => true Option added: vm_stalled_after_revert_timeout => 120 Option >> added: vm_stalled_during_operation_timeout => 300 >> ExclusionList: file - FileMonitor.exl: File not found >> ExclusionList: process - ProcessMonitor.exl: File not found >> ExclusionList: registry - RegistryMonitor.exl: File not found >> [10.30.10.234:7070<http://10.30.10.234:7070>] VM added [Aug 28, 2012 >> 12:27:33 PM-10.30.10.234:7070-9616314] VMSetState: >> WAITING_TO_BE_REVERTED >> PARSING PREPROCESSOR >> n is null >> PARSING POSTPROCESSOR >> n is null >> Got 0 in URL queue. >> Waiting for input URLs... >> [Aug 28, 2012 12:27:35 PM-10.30.10.234:7070-9616314] VMSetState: >> REVERTING [Aug 28, 2012 12:27:36 PM 10.30.10.234:7070-9616314] VMware >> error 2 [Aug 28, 2012 12:27:36 PM-10.30.10.234:7070-9616314] >> VMSetState: ERROR Reverting different VM...waiting considerably [Aug >> 28, 2012 12:28:00 PM-10.30.10.234:7070-9616314] Finished processing >> VM >> item: revert >> Waiting for input URLs... >> >> I've been trying to figure out the "VMware error2" problem, however I >> was unable to locate anything useful. >> >> Any help? >> >> Thanks. >> >> >> Regards >> >> Mohamed Hamed Al-Rashdi >> Digital Forensics Specialist >> Oman National CERT | >> www.cert.gov.om<https://webmail.ita.gov.om/owa/UrlBlockedError.aspx> >> >> >> Information Technology Authority >> Sultanate Of Oman >> >> | +968 24166743<tel:%2B968%2024166743> | P.O.Box: 1807 >> >> >> | +968 24166818<tel:%2B968%2024166818> | P.C: 130 | Azaibah >> >> >> >> >> mohamed.alras...@ita.gov.om<mailto:mohamed.alras...@ita.gov.om> | >> www.ita.gov.om<http://www.ita.gov.om/> >> >> >> >> >> >> ________________________________ >> >> The information contained in this message and any file and/or >> attachment transmitted herewith is confidential and may be legally >> privileged. It is intended solely for the use of the addressee and >> must not be disclosed to or used by anyone other than the addressee. >> If you receive this transmission by error, please notify the sender >> immediately by reply e-mail and destroy the original transmission and >> its attachments. If you are not the intended recipient, please be >> advised that viewing, copying, forwarding, printing and disseminating >> any information related to this mail is prohibited and you should not >> take any action based on the content of this mail and/or the attachments. >> >> _______________________________________________ >> Capture-HPC mailing list >> Capture-HPC@public.honeynet.org<mailto:capture-...@public.honeynet.or >> g >> > https://public.honeynet.org/mailman/listinfo/capture-hpc >> >> >> ________________________________ >> >> The information contained in this message and any file and/or >> attachment transmitted herewith is confidential and may be legally >> privileged. It is intended solely for the use of the addressee and >> must not be disclosed to or used by anyone other than the addressee. >> If you receive this transmission by error, please notify the sender >> immediately by reply e-mail and destroy the original transmission and >> its attachments. If you are not the intended recipient, please be >> advised that viewing, copying, forwarding, printing and disseminating >> any information related to this mail is prohibited and you should not >> take any action based on the content of this mail and/or the attachments. >> >> _______________________________________________ >> Capture-HPC mailing list >> Capture-HPC@public.honeynet.org<mailto:capture-...@public.honeynet.or >> g >> > https://public.honeynet.org/mailman/listinfo/capture-hpc >> >> >> >> ________________________________ >> >> The information contained in this message and any file and/or >> attachment transmitted herewith is confidential and may be legally >> privileged. It is intended solely for the use of the addressee and >> must not be disclosed to or used by anyone other than the addressee. >> If you receive this transmission by error, please notify the sender >> immediately by reply e-mail and destroy the original transmission and >> its attachments. If you are not the intended recipient, please be >> advised that viewing, copying, forwarding, printing and disseminating >> any information related to this mail is prohibited and you should not >> take any action based on the content of this mail and/or the attachments. >> > > > -- > Terry MacDonald > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > The information contained in this message and any file and/or > attachment transmitted herewith is confidential and may be legally > privileged. It is intended solely for the use of the addressee and > must not be disclosed to or used by anyone other than the addressee. > If you receive this transmission by error, please notify the sender > immediately by reply e-mail and destroy the original transmission and > its attachments. If you are not the intended recipient, please be > advised that viewing, copying, forwarding, printing and disseminating > any information related to this mail is prohibited and you should not > take any action based on the content of this mail and/or the attachments. > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > -- Terry MacDonald _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc The information contained in this message and any file and/or attachment transmitted herewith is confidential and may be legally privileged. It is intended solely for the use of the addressee and must not be disclosed to or used by anyone other than the addressee. If you receive this transmission by error, please notify the sender immediately by reply e-mail and destroy the original transmission and its attachments. If you are not the intended recipient, please be advised that viewing, copying, forwarding, printing and disseminating any information related to this mail is prohibited and you should not take any action based on the content of this mail and/or the attachments. _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
