Dear Terry, I have been trying to compile the HPC client after going through your guide, however I get a few errors, I know your guide says those error might occur however should not effect the compling process. However we could not locate the file CaptureClient-Setup.exe after compiling as your notes say that after compiling that file should be found.
At the end of the compiling process as error says "makensis.exe is not recognized as internal or external command, the system cannot find the file specified. I'm wondering why CaptureClient-Setup.exe is not created after compiling! Thanks. From: capture-hpc-boun...@public.honeynet.org [mailto:capture-hpc-boun...@public.honeynet.org] On Behalf Of Terry MacDonald Sent: Friday, September 07, 2012 12:46 AM To: General discussion list for Capture-HPC users Subject: Re: [Capture-HPC] Capture-HPC VMWare error Hi Mohamed, Not sure what that error is I'm afraid. Its probably something to do with the fact that the server is trying to do the revert, and the VIX library doesn't accept the input. You'll need to check if the VIX library licensing has changed in the verseion you run. I had to do some research last time to find out that there was a restricted API available on unlicensed VIX libraries. Thats when I made my work around script revert.sh (in the docs). That was written for VMWare ESXi (Free version). It probably won;t work for VMware Server 2.0 but you could try. And maybe you can modify it to work with the commands available on VMware server 2.0? Failing that, you should probably look at the Capture-HPC NG. They made it work with VirtualBox, which I understand doesn't have any licensing restrictions. Terry MacDonald On 5 September 2012 22:50, Mohamed Hamed Al Rashdi <mohamed.alras...@ita.gov.om<mailto:mohamed.alras...@ita.gov.om>> wrote: Terry, We have reached to a good point now, whilst we run the capture-hpc all works fine, however it gets to a point that says reverting - waiting for input URI's .. then it says VMware error 17. And sometimes VM stalled Vix NULL. From: capture-hpc-boun...@public.honeynet.org<mailto:capture-hpc-boun...@public.honeynet.org> [mailto:capture-hpc-boun...@public.honeynet.org<mailto:capture-hpc-boun...@public.honeynet.org>] On Behalf Of Mohamed Hamed Al Rashdi Sent: Tuesday, September 04, 2012 2:44 PM To: General discussion list for Capture-HPC users Subject: Re: [Capture-HPC] Capture-HPC VMWare error Dear Terry, I've started all over again following your guide, however ive faced erros while compiling. I've attached an image of how the error looks like, ________________________________ From: capture-hpc-boun...@public.honeynet.org<mailto:capture-hpc-boun...@public.honeynet.org> [capture-hpc-boun...@public.honeynet.org<mailto:capture-hpc-boun...@public.honeynet.org>] On Behalf Of Terry MacDonald [terry.macdon...@gmail.com<mailto:terry.macdon...@gmail.com>] Sent: Tuesday, August 28, 2012 3:35 PM To: General discussion list for Capture-HPC users Subject: Re: [Capture-HPC] Capture-HPC VMWare error Hi Mohamed, I would recommend reading section 5 of the How_to_compile_Capture-HPC_v1.2.doc if you are running Capture Server for linux. That specific command is part of a replacement shell script that I wrote for the revert binary that uses plink ssh client to connect from the CaptureHPC server to the VMware server running the CaptureHPC clients, and restarts them. Thats in section 5.10.3. But I would recommend running through the complete section 5 as the commands were all written to work as a whole. Also, if you;ve found some better ways to get around some of the issues I'd love to hear about them. Cheers Terry MacDonald On 28 August 2012 21:56, Mohamed Hamed Al Rashdi <mohamed.alras...@ita.gov.om<mailto:mohamed.alras...@ita.gov.om>> wrote: Dear Terry, Thanks for your reply, however can you illustrate how to use a vin-cmd command executed over ssh ? Thanks. From: capture-hpc-boun...@public.honeynet.org<mailto:capture-hpc-boun...@public.honeynet.org> [mailto:capture-hpc-boun...@public.honeynet.org<mailto:capture-hpc-boun...@public.honeynet.org>] On Behalf Of Terry MacDonald Sent: Tuesday, August 28, 2012 12:52 PM To: General discussion list for Capture-HPC users Subject: Re: [Capture-HPC] Capture-HPC VMWare error Hi Mohamed, You might be hitting a problem I remember having. VMWare changed the licensing on their VIX libraries on later versions to limit the number of API's you could use without a valid license. And that stopped the built-in linux revert script from working. So I found a different way. It seemed that you could use a vin-cmd command executed over ssh to get it to work. Its probably time to resend out the documentation I wrote early last year as you might find it handy. The docs cover how to compile CaptureHPC v1.2, and how to configure CaptureHPC v1.3. (I didnt get round to writing the how to compile CaptureHPC v1.3 doc). But hopefully you find it useful. If you have any corrections you find, it would be good if you could post the workarounds here for everyone to use. Hope that helps Terry MacDonald On 28 August 2012 20:31, Mohamed Hamed Al Rashdi <mohamed.alras...@ita.gov.om<mailto:mohamed.alras...@ita.gov.om>> wrote: Dear experts, I have been trying to implement the capture-HPC for a month now, and I've had trouble initiating it. Been troubleshooting ever since 4 weeks. Here's the latest result, Option added: server-listen-port => 7070 Option added: server-listen-address => 10.30.10.234 Option added: input_urls => input_urls_example.txt CaptureServer: Listening for connections Validating config.xml ... config.xml successfully validated Option added: capture-network-packets-benign => false Option added: capture-network-packets-malicious => false Option added: client-default => iexplorebulk Option added: client-default-visit-time => 20 Option added: client_inactivity_timeout => 60 Option added: collect-modified-files => false Option added: different_vm_revert_delay => 24 Option added: group_size => 20 Option added: revert_timeout => 120 Option added: same_vm_revert_delay => 6 Option added: send-exclusion-lists => false Option added: terminate => true Option added: vm_stalled_after_revert_timeout => 120 Option added: vm_stalled_during_operation_timeout => 300 ExclusionList: file - FileMonitor.exl: File not found ExclusionList: process - ProcessMonitor.exl: File not found ExclusionList: registry - RegistryMonitor.exl: File not found [10.30.10.234:7070<http://10.30.10.234:7070>] VM added [Aug 28, 2012 12:27:33 PM-10.30.10.234:7070-9616314] VMSetState: WAITING_TO_BE_REVERTED PARSING PREPROCESSOR n is null PARSING POSTPROCESSOR n is null Got 0 in URL queue. Waiting for input URLs... [Aug 28, 2012 12:27:35 PM-10.30.10.234:7070-9616314] VMSetState: REVERTING [Aug 28, 2012 12:27:36 PM 10.30.10.234:7070-9616314] VMware error 2 [Aug 28, 2012 12:27:36 PM-10.30.10.234:7070-9616314] VMSetState: ERROR Reverting different VM...waiting considerably [Aug 28, 2012 12:28:00 PM-10.30.10.234:7070-9616314] Finished processing VM item: revert Waiting for input URLs... I've been trying to figure out the "VMware error2" problem, however I was unable to locate anything useful. Any help? Thanks. Regards Mohamed Hamed Al-Rashdi Digital Forensics Specialist Oman National CERT | www.cert.gov.om<https://webmail.ita.gov.om/owa/UrlBlockedError.aspx> Information Technology Authority Sultanate Of Oman | +968 24166743<tel:%2B968%2024166743> | P.O.Box: 1807 | +968 24166818<tel:%2B968%2024166818> | P.C: 130 | Azaibah mohamed.alras...@ita.gov.om<mailto:mohamed.alras...@ita.gov.om> | www.ita.gov.om<http://www.ita.gov.om/> ________________________________ The information contained in this message and any file and/or attachment transmitted herewith is confidential and may be legally privileged. It is intended solely for the use of the addressee and must not be disclosed to or used by anyone other than the addressee. If you receive this transmission by error, please notify the sender immediately by reply e-mail and destroy the original transmission and its attachments. If you are not the intended recipient, please be advised that viewing, copying, forwarding, printing and disseminating any information related to this mail is prohibited and you should not take any action based on the content of this mail and/or the attachments. _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org<mailto:Capture-HPC@public.honeynet.org> https://public.honeynet.org/mailman/listinfo/capture-hpc ________________________________ The information contained in this message and any file and/or attachment transmitted herewith is confidential and may be legally privileged. It is intended solely for the use of the addressee and must not be disclosed to or used by anyone other than the addressee. If you receive this transmission by error, please notify the sender immediately by reply e-mail and destroy the original transmission and its attachments. If you are not the intended recipient, please be advised that viewing, copying, forwarding, printing and disseminating any information related to this mail is prohibited and you should not take any action based on the content of this mail and/or the attachments. _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org<mailto:Capture-HPC@public.honeynet.org> https://public.honeynet.org/mailman/listinfo/capture-hpc ________________________________ The information contained in this message and any file and/or attachment transmitted herewith is confidential and may be legally privileged. It is intended solely for the use of the addressee and must not be disclosed to or used by anyone other than the addressee. If you receive this transmission by error, please notify the sender immediately by reply e-mail and destroy the original transmission and its attachments. If you are not the intended recipient, please be advised that viewing, copying, forwarding, printing and disseminating any information related to this mail is prohibited and you should not take any action based on the content of this mail and/or the attachments. ________________________________ The information contained in this message and any file and/or attachment transmitted herewith is confidential and may be legally privileged. It is intended solely for the use of the addressee and must not be disclosed to or used by anyone other than the addressee. If you receive this transmission by error, please notify the sender immediately by reply e-mail and destroy the original transmission and its attachments. If you are not the intended recipient, please be advised that viewing, copying, forwarding, printing and disseminating any information related to this mail is prohibited and you should not take any action based on the content of this mail and/or the attachments. _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org<mailto:Capture-HPC@public.honeynet.org> https://public.honeynet.org/mailman/listinfo/capture-hpc ________________________________ The information contained in this message and any file and/or attachment transmitted herewith is confidential and may be legally privileged. It is intended solely for the use of the addressee and must not be disclosed to or used by anyone other than the addressee. If you receive this transmission by error, please notify the sender immediately by reply e-mail and destroy the original transmission and its attachments. If you are not the intended recipient, please be advised that viewing, copying, forwarding, printing and disseminating any information related to this mail is prohibited and you should not take any action based on the content of this mail and/or the attachments.
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
