RE: [sniffer] Your Sniffer Setup
Hi Keith, It's pretty straightforward: A) Download the Windows 2000 Server Resource Kit utilities. B) Locate the path to srvany.exe. C) run: instsrv Sniffer c:\path-to-resource-kit\srvany.exe Sniffer is just the name that will appear in the services applet later D) Start RegEedit and add the following entries to the new Sniffer service you just created: Add a new Parameters subkey in the following registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sniffer Add new subkeys to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sniffer\Parameters as follows: Application: REG_SZ: C:\Your.Path.to.your\sniffer-license-code.exe AppParameters: REG_SZ: sniffer-license-code.exe your-authorization-code AppDirectory: REG_SZ: C:\Your.Path.to.sniffer\ E) Start the Service Control Panel application, and START the service. Soon, you should see a *.Persistant.stat file in your sniffer folder. Once that appears, you are running in persistent mode. F) Change the Service from manual start to automatic start. Other list-members seem to have different ways to use SRVANY.exe - I followed the instructions from the Resource Kit Tool Help that I was able to find. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: Keith Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, November 01, 2004 08:54 AM To: Andy Schmidt Subject: Your Sniffer Setup Andy, I saw your posting on the Sniffer forum and wanted to contact you regarding your Sniffer Persistent setup. We push over 200K emails on 3 servers (Win2K SP4) and are still running Sniffer in the general sense. I noticed you were using SrvAny and the like, do you have any documentation you don't mind sharing on your steps to get sniffer in a persistent mode? Thanks for the aid and time. --- Keith Johnson Senior Network Engineer Network Advocates, Inc. 9001 Shelbyville Road Burhans Hall, Suite 260 Louisville, KY 40228 TEL: 502.992.5928 FAX: 502.412.1058 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Your Sniffer Setup
See http://support.microsoft.com/default.aspx?scid=kb;en-us;137890 for simplified instructions. Bill -Original Message- From: Andy Schmidt [mailto:[EMAIL PROTECTED] Sent: Monday, November 01, 2004 6:26 AM To: 'Keith Johnson' Subject: RE: [sniffer] Your Sniffer Setup Hi Keith, It's pretty straightforward: A) Download the Windows 2000 Server Resource Kit utilities. B) Locate the path to srvany.exe. C) run: instsrv Sniffer c:\path-to-resource-kit\srvany.exe Sniffer is just the name that will appear in the services applet later D) Start RegEedit and add the following entries to the new Sniffer service you just created: Add a new Parameters subkey in the following registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sniffer Add new subkeys to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sniffer\Parameters as follows: Application: REG_SZ: C:\Your.Path.to.your\sniffer-license-code.exe AppParameters: REG_SZ: sniffer-license-code.exe your-authorization-code AppDirectory: REG_SZ: C:\Your.Path.to.sniffer\ E) Start the Service Control Panel application, and START the service. Soon, you should see a *.Persistant.stat file in your sniffer folder. Once that appears, you are running in persistent mode. F) Change the Service from manual start to automatic start. Other list-members seem to have different ways to use SRVANY.exe - I followed the instructions from the Resource Kit Tool Help that I was able to find. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: Keith Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, November 01, 2004 08:54 AM To: Andy Schmidt Subject: Your Sniffer Setup Andy, I saw your posting on the Sniffer forum and wanted to contact you regarding your Sniffer Persistent setup. We push over 200K emails on 3 servers (Win2K SP4) and are still running Sniffer in the general sense. I noticed you were using SrvAny and the like, do you have any documentation you don't mind sharing on your steps to get sniffer in a persistent mode? Thanks for the aid and time. --- Keith Johnson Senior Network Engineer Network Advocates, Inc. 9001 Shelbyville Road Burhans Hall, Suite 260 Louisville, KY 40228 TEL: 502.992.5928 FAX: 502.412.1058 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Your Sniffer Setup
Hi Landry: These simplified instructions only apply if the application needs no parameters, as it only covers the application key: Value Name: Application Data Type : REG_SZ String : path\application.ext If there was a SnifferPersistent.exe that needed no further options, these simplified instructions would work For Sniffer however, you (supposedly) do need to pass along the authorizaton code and the persistent option, which are defined in the AppParameters value in the registry. That's how the previous version worked for me. Immediately upon upgrading to the latest version, Sniffer would no longer find its directory when executed as a service, so I had to add the AppDirectory key to set the working directory. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Landry William Sent: Monday, November 01, 2004 11:03 AM To: '[EMAIL PROTECTED]' Subject: RE: [sniffer] Your Sniffer Setup See http://support.microsoft.com/default.aspx?scid=kb;en-us;137890 for simplified instructions. Bill This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Your Sniffer Setup
Thanks Andy and Bill, will give this a go on our beta server. Thanks again for the time and expertise Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, November 01, 2004 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [sniffer] Your Sniffer Setup Hi Landry: These simplified instructions only apply if the application needs no parameters, as it only covers the application key: Value Name: Application Data Type : REG_SZ String : path\application.ext If there was a SnifferPersistent.exe that needed no further options, these simplified instructions would work For Sniffer however, you (supposedly) do need to pass along the authorizaton code and the persistent option, which are defined in the AppParameters value in the registry. That's how the previous version worked for me. Immediately upon upgrading to the latest version, Sniffer would no longer find its directory when executed as a service, so I had to add the AppDirectory key to set the working directory. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Landry William Sent: Monday, November 01, 2004 11:03 AM To: '[EMAIL PROTECTED]' Subject: RE: [sniffer] Your Sniffer Setup See http://support.microsoft.com/default.aspx?scid=kb;en-us;137890 for simplified instructions. Bill This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Your Sniffer Setup
Andy, these simplified instructions work just fine with Sniffer, as I can certainly attest. Bill -Original Message- From: Andy Schmidt [mailto:[EMAIL PROTECTED] Sent: Monday, November 01, 2004 9:11 AM To: [EMAIL PROTECTED] Subject: RE: [sniffer] Your Sniffer Setup Hi Landry: These simplified instructions only apply if the application needs no parameters, as it only covers the application key: Value Name: Application Data Type : REG_SZ String : path\application.ext If there was a SnifferPersistent.exe that needed no further options, these simplified instructions would work For Sniffer however, you (supposedly) do need to pass along the authorizaton code and the persistent option, which are defined in the AppParameters value in the registry. That's how the previous version worked for me. Immediately upon upgrading to the latest version, Sniffer would no longer find its directory when executed as a service, so I had to add the AppDirectory key to set the working directory. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Landry William Sent: Monday, November 01, 2004 11:03 AM To: '[EMAIL PROTECTED]' Subject: RE: [sniffer] Your Sniffer Setup See http://support.microsoft.com/default.aspx?scid=kb;en-us;137890 for simplified instructions. Bill This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] Your Sniffer Setup
Hi Bill, Thanks. That's curious. I'm not at all doubting your experiences - I'm just trying to reconcile the KB article (which says to ONLY define the path, program name and extension) with the Sniffer documentation (which says, you must define the persistent option and your authorization code). Somewhere documentation and your experience does not match - so (for my better understanding, and for providing proper instructions to others), I'm trying to figure out what is actually correct If based on that knowledge base article all you've defined is: Value Name: Application Data Type : REG_SZ String : path\application.ext e.g. c:\Imail\Sniffer\Win32\yoursnifferlicense.exe then where/how did you define your authorization code and the persistent option? Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Landry William Sent: Monday, November 01, 2004 01:23 PM To: '[EMAIL PROTECTED]' Subject: RE: [sniffer] Your Sniffer Setup Andy, these simplified instructions work just fine with Sniffer, as I can certainly attest. Bill This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Your Sniffer Setup
Andy, Bill, et al. When the persistent Sniffer was first offered, I typed up the attached directions that I cribbed from the KB when alerted to it by Bill. I am forwarding this as a message attachment since the archives are down currently. I haven't yet upgraded to the latest version, but at least on previous versions it has been running fine. I'm still waiting to figure out what the issues might be relating to this thread. An export of my registry relating to the Sniffer service is as follows: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sniffer] "Type"=dword:0010 "Start"=dword:0002 "ErrorControl"=dword:0001 "ImagePath"=(removed: hex encoded path to srvany.exe) "DisplayName"="Sniffer" "ObjectName"="LocalSystem" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sniffer\Parameters] "Application"="C:\\IMail\\Declude\\Sniffer\\MyExecutableName.exe MyIDNumber persistent" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sniffer\Security] "Security"=(removed: hex encoded value) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sniffer\Enum] "0"="Root\\LEGACY_SNIFFER\\" "Count"=dword:0001 "NextInstance"=dword:0001 Sorry to keep this going, but I would like to figure out what the best practices would be, and also help Andy and/or others figure out the same. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = ---BeginMessage--- Ok, I think I did it. Only took a minute (thanks Bill). Here are some more precise directions, but consider them to be "beta" directions (please correct them if you find a problem): 1) Install the Windows 2000 Resource Kit, or download and install the INSTSRV.exe and SRVANY.exe files in a permanent location, preferably within your path. The individual files can be found at the following location: http://www.pyeung.com/pages/win2k/userdefinedservice.html 2) Open a command prompt (Click on the Start Button, Select Run, and type CMD) 3) Enter the following command (customize for the paths of the executables) C:\Progra~1\Resour~1\INSTSRV Sniffer C:\Progra~1\Resour~1\SRVANY.exe 4) Open up the Registry Editor (Click on the Start Button, select Run, and type REGEDIT) 5) Locate the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sniffer 6) From the Edit menu, select New, select Key, and name the new key Parameters 7) Highlight the Parameters key 8) From the Edit menu, select New, select String Value, and name the new value Application 9) From the Edit menu, select Modify, and type in the full path name and application name, including the drive letter and file extension (don't use quotes, customize path, executable name and authentication code) Example: C:\IMail\Declude\Sniffer\[yourlicx].exe [authenticationxx] persistent [yourlicx] = your license ID [authenticationxx] = your authentication string 10) Open the Services MMC 11) Start the Sniffer service 12) Set the Sniffer service to Automatic Matt Matt wrote: I'm going to give this one a try right now since I have the Resource Kit installed already. Just one question...do I need to change the arguments in my Declude config, or will the service definition take care of the 'persistence'? Thanks, Matt Bill Boebel wrote: We've been using svrany for years with several custom applications and it works great. This utility has been around since the NT4 Resource Kit... http://www.pyeung.com/pages/win2k/userdefinedservice.html Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Pete McNeil Sent: Friday, March 19, 2004 12:25 AM To: [EMAIL PROTECTED] Subject: [sniffer] RunExeSvc for Persistent sniffer. Hello folks, We've been continuing to test the new persistence enabled sniffer engine and some utilities that will allow it to run as a service. We found a free utility that seems to be very solid, and very simple. http://www.judoscript.com/goodies/RunExeSvc/runexesvc.html One of the scripts we used is: debug=false cmdline=c:\Projects\sniffer2-3\TestBed\snfrv2r2.exe xnk05x5vmipeaof7 persistent home=c:\Projects\sniffer2-3\TestBed (Note: The mismatch between the sniffer2-3 directory and the snfrv2r2.exe is not a type-o. We re-branded the 2-3 to use the snfrv2r2 license in our example - it was easier that than creating a new license. Note also that the cmdline parameter includes the full path to the executable - you will need to do this also. We could not get the service to start on our NT test bed without including the full path to the .exe) We've tested this on our XP based Toshiba laptop, and on our NT4
Re: [sniffer] Your Sniffer Setup
This might be there in the event that you need to quote certain arguments or handle special characters??? I've found some different requirements for command line arguments and special characters such as which require either quoting them or using an octal encoded value (I'm no expert on this stuff). Maybe the alternate field helps in this instance. Anyway, it looks like it is unnecessary although functional in this instance. Considering that there are many places where you enter both path and arguments in the same registry value, I would assume that there is no problem with doing it that way for the service. Matt Andy Schmidt wrote: Yes, I too suspect that SRVANY actually allows the specifying of the entire command line in the Appliation string, even though both the Knowledgebase article and the full documentation implies otherwise. (The KB article and the documentation are very precise in what the Application string should be: just the path, name and extension of the executable.) The question is whether Microsoft ever intended it to work that way or if that possibly accidental capability may cease working at a later time. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark E. Smith Sent: Monday, November 01, 2004 02:27 PM To: [EMAIL PROTECTED] Subject: RE: [sniffer] Your Sniffer Setup Looks like both work. If you examine the difference you'll probably see why. One (just with the Application setting specifies all of the parameters in the SZ string. The other specifies the .exe in the App string and the Auth Code and persistent parameter in the parameters string. I'm also guessing that Sniffer really doesn't care about the app path so it's probably working in this case. The proper way is probably the way where multiple SZ values are specified although both will work with Sniffer. This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
