It appears as though 902 is in fact open. I telneted to the machine on that port and received: > Connected to host_ip. > Escape character is '^]'. > 220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , VMXARGS supported
I'm not exactly sure what you mean about the directory. It exists, and is accessible. Do I need to escape the spaces in the directory path? Perhaps my configuration file is incorrect? ------------------------------------- *Louis W. Lang III *E: lo...@louislang.com P: (731) 335-6847 On Tue, Mar 22, 2011 at 12:00 PM, <capture-hpc-requ...@public.honeynet.org>wrote: > Send Capture-HPC mailing list submissions to > capture-hpc@public.honeynet.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://public.honeynet.org/mailman/listinfo/capture-hpc > or, via email, send a message with subject or body 'help' to > capture-hpc-requ...@public.honeynet.org > > You can reach the person managing the list at > capture-hpc-ow...@public.honeynet.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Capture-HPC digest..." > > > Today's Topics: > > 1. Re: VM not reverting, n is null, and no browser launched on > the client (Van Lam Le) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 22 Mar 2011 11:31:11 +1300 > From: Van Lam Le <vanla...@gmail.com> > Subject: Re: [Capture-HPC] VM not reverting, n is null, and no browser > launched on the client > To: General discussion list for Capture-HPC users > <capture-hpc@public.honeynet.org> > Message-ID: > <AANLkTi=2vxixjt-ivokbjeimolumqjklw8l_fpk_u...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > Hi, > You can check whether the port 902 (for vmware) is opened yet? And then > check the path "/var/lib/vmware/ > Virtual Machines/Windows XP/Windows XP.vmx", is it correct? > Kind regards, > Lam. > > > On Sun, Mar 20, 2011 at 12:52 PM, Louis Lang <louis.w.l...@gmail.com> > wrote: > > > I'm having issues resolving several problems I have with my Capture-HPC > > installation. I am currently running on the latest version of Debian, > with > > VMware 2.0, and the latest version of Capture-HPC. My clients are Windows > XP > > SP2. I am running the server using the following command: > > > > > $ sudo -E java -Djava.net.preferIPv4Stack=true -jar CaptureServer.jar > > -s 172.16.43.1:7070 -f urls.txt > > > > The resulting output is as follows: > > > > > PROJECT: Capture-HPC > > > VERSION: 3.0 > > > DATE: Oct 24, 2009 > > > COPYRIGHT HOLDER: Victoria University of Wellington, NZ > > > AUTHORS: > > > Christian Seifert (christian.seif...@gmail.com) > > > Ramon Steenson(ramon.steen...@gmail.com) > > > Van Lam Le (vanla...@gmail.com) > > > > > > For help, please refer to Capture-HPC mailing list at: > > > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > Capture-HPC is free software; you can redistribute it and/or modify > > > it under the terms of the GNU General Public License, V2 as published > > by > > > the Free Software Foundation. > > > > > > Capture-HPC is distributed in the hope that it will be useful, > > > but WITHOUT ANY WARRANTY; without even the implied warranty of > > > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > GNU General Public License for more details. > > > > > > You should have received a copy of the GNU General Public License > > > along with Capture-HPC; if not, write to the Free Software > > > Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA > > 02110-1301,USA > > > > > Option added: server-listen-port => 7070 > > > Option added: server-listen-address => 172.16.43.1 > > > Option added: input_urls => urls.txt > > > CaptureServer: Listening for connections > > > Validating config.xml ... > > > config.xml successfully validated > > > Option added: capture-network-packets-benign => false > > > Option added: capture-network-packets-malicious => false > > > Option added: client-default => iexplorebulk > > > Option added: client-default-visit-time => 20 > > > Option added: client_inactivity_timeout => 60 > > > Option added: collect-modified-files => false > > > Option added: different_vm_revert_delay => 24 > > > Option added: group_size => 20 > > > Option added: revert_timeout => 120 > > > Option added: same_vm_revert_delay => 6 > > > Option added: send-exclusion-lists => false > > > Option added: terminate => true > > > Option added: vm_stalled_after_revert_timeout => 120 > > > Option added: vm_stalled_during_operation_timeout => 300 > > > ExclusionList: file - FileMonitor.exl: File not found > > > ExclusionList: process - ProcessMonitor.exl: File not found > > > ExclusionList: registry - RegistryMonitor.exl: File not found > > > [172.16.43.1:902] VM added > > > [Mar 19, 2011 6:46:45 PM-172.16.43.1:902-5041714] VMSetState: > > WAITING_TO_BE_REVERTED > > > PARSING PREPROCESSOR > > > n is null > > > PARSING POSTPROCESSOR > > > n is null > > > Got 0 in URL queue. > > > Waiting for input URLs... > > > [Mar 19, 2011 6:46:48 PM-172.16.43.1:902-5041714] VMSetState: > > REVERTING > > > > I've read through the mailing list, as well as the Trouble Shooting > Guide<https://projects.honeynet.org/capture-hpc/wiki/TroubleshootingGuide > >, > > particular the part about the "n is null" error. I have verified that the > > urls.txt file is accessible, and is in the same directory as the jar, and > > where I am issuing my command from. I've also verified that the > permissions > > for this file is set appropriately. > > > > My primary issue, it would seem, is that the VM is not being reverted. > > That, and no command window appears on the Windows XP client. As > recommended > > from the mailing list, I have run *netcat* on the host, and can > > successfully telnet to the host from the windows client. Is there > anything > > else I should take a look at? Just for good measure, here is my > > configuration file: > > > > > <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > xsi:noNamespaceSchemaLocation="config.xsd"> > > > <!-- version 2.6 --> > > > <global collect-modified-files="false" > > > client-default="iexplorebulk" > > > client-default-visit-time="20" > > > capture-network-packets-malicious="false" > > > capture-network-packets-benign="false" > > > send-exclusion-lists="false" > > > terminate="true" > > > group_size="20" > > > vm_stalled_after_revert_timeout="120" > > > revert_timeout="120" > > > client_inactivity_timeout="60" > > > vm_stalled_during_operation_timeout="300" > > > same_vm_revert_delay="6" > > > different_vm_revert_delay="24" /> > > > <exclusion-list monitor="file" file="FileMonitor.exl" /> > > > <exclusion-list monitor="process" file="ProcessMonitor.exl" /> > > > <exclusion-list monitor="registry" file="RegistryMonitor.exl" /> > > > > > > <virtual-machine-server type="vmware-server" address="172.16.43.1" > > port="902" > > > username="louis" password="the_password"> > > > <virtual-machine vm-path="/var/lib/vmware/Virtual Machines/Windows > > XP/Windows XP.vmx" > > > client-path="C:\Program Files\Capture\CaptureClient.bat" > > > username="louis" > > > password=""/> > > > </virtual-machine-server> > > > </config> > > > > The user, *louis*, is also an administrator on the Windows machine, which > > I read was a requirement. > > > > Any help that can be provided would be very much appreciated! > > > > _______________________________________________ > > Capture-HPC mailing list > > Capture-HPC@public.honeynet.org > > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://public.honeynet.org/pipermail/capture-hpc/attachments/20110322/26862927/attachment-0001.html > > ------------------------------ > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > End of Capture-HPC Digest, Vol 40, Issue 8 > ****************************************** >
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
