Mark, can you view the guest OS in your VMware consoel and describe what you are seeing? It also would be helpful if you could send your capture.log, which is written to by the client into c:\program files\capture on the guest OS. Christian
On Sat, Oct 4, 2008 at 8:04 PM, Mark Jacobs <[EMAIL PROTECTED]> wrote: > Hi > > The installation of Capture-HPC was very straight forward and the > documentation was very helpful. I have however run into a small obstacle. > Internet Explorer will not start in the VM to visit any URLs. I have > provided settings, logs, and output information. Thank you for your help. > ##############cmd line output################################### > E:\capture-hpc\capture-server-2.5.1-384\capture-server-2.5.1-384>java > -Djava.net > .preferIPv4Stack=true -jar CaptureServer.jar -s 192.168.15.50:7070 -f > input_urls > _example.txt > > Option added: server-listen-port => 7070 > Option added: server-listen-address => 192.168.15.50 > Option added: input_urls => input_urls_example.txt > Validating config.xml ... > config.xml successfully validated > Option added: capture-network-packets-benign => true > Option added: capture-network-packets-malicious => true > Option added: client-default => InternetExplorer > Option added: client-default-visit-time => 20 > Option added: client_inactivity_timeout => 60 > Option added: collect-modified-files => false > Option added: different_vm_revert_delay => 24 > Option added: group_size => 1 > Option added: revert_timeout => 120 > Option added: same_vm_revert_delay => 6 > Option added: send-exclusion-lists => false > Option added: terminate => true > Option added: vm_stalled_after_revert_timeout => 120 > Option added: vm_stalled_during_operation_timeout => 300 > ExclusionList: file - FileMonitor.exl: File not found > ExclusionList: process - ProcessMonitor.exl: File not found > ExclusionList: registry - RegistryMonitor.exl: File not found > [192.168.15.50:7070] VM added > [Oct 4, 2008 10:38:30 PM-192.168.15.50:7070-23764290] VMSetState: > WAITING_TO_BE_ > REVERTED > PARSING PREPROCESSOR > n is null > Waiting for input URLs... > CaptureServer: Listening for connections > [Oct 4, 2008 10:38:33 PM-192.168.15.50:7070-23764290] VMSetState: REVERTING > [Oct 4, 2008 10:39:00 PM-192.168.15.50:7070-23764290] VMSetState: RUNNING > Reverting different VM...waiting considerably > Received msg from client: <connect vm-server-id="32004544" > vm-id="23764290"/> > [Oct 4, 2008 10:39:13 PM-192.168.15.50:7070-23764290] ClientSetState: > CONNECTED > [Oct 4, 2008 10:39:13 PM-192.168.15.50:7070-23764290] ClientSetState: > WAITING > [Oct 4, 2008 10:39:13 PM-192.168.15.50:7070-23764290] Sending to visit > group 194 > 5612958 > Sending <ping/> > [Oct 4, 2008 10:39:24 PM-192.168.15.50:7070-23764290] Finished processing > VM ite > m: revert > Received msg from client: <pong/> > [Oct 4, 2008 10:39:24 PM-192.168.15.50:7070-23764290] Got pong > Sending <ping/> > Received msg from client: <pong/> > [Oct 4, 2008 10:39:30 PM-192.168.15.50:7070-23764290] Got pong > Waiting for input URLs... > Sending <ping/> > Received msg from client: <pong/> > [Oct 4, 2008 10:39:40 PM-192.168.15.50:7070-23764290] Got pong > Sending <ping/> > Received msg from client: <pong/> > [Oct 4, 2008 10:39:50 PM-192.168.15.50:7070-23764290] Got pong > > #################config.xml################################## > <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xsi:noNamespaceSchemaLocation="config.xsd"> > <!-- version 2.5 --> > <global collect-modified-files="false" > client-default="InternetExplorer" > client-default-visit-time="20" > capture-network-packets-malicious="true" > capture-network-packets-benign="true" > send-exclusion-lists="false" > terminate="true" > group_size="1" > vm_stalled_after_revert_timeout="120" > revert_timeout="120" > client_inactivity_timeout="60" > vm_stalled_during_operation_timeout="300" > same_vm_revert_delay="6" > different_vm_revert_delay="24" > /> > > <exclusion-list monitor="file" file="FileMonitor.exl" /> > <exclusion-list monitor="process" file="ProcessMonitor.exl" /> > <exclusion-list monitor="registry" file="RegistryMonitor.exl" /> > <!--preprocessor classname="example"> > <![CDATA[ > <example-config attribute1="1.0" attribute2="40" > attribute2="log/output.log"/> > ]]> > </preprocessor--> > > > > <virtual-machine-server type="vmware-server" address="192.168.15.50" > port="7070" > username="ascap" password="password"> > <virtual-machine vm-path="G:\VMachines\Capture-HPC\Client\Windows XP > Professional.vmx" > client-path="C:\Progra~1\capture\CaptureClient.bat" > username="user" > password="password"/> > </virtual-machine-server> > </config> > > ################capture.log####################### > PROJECT: Capture-HPC > VERSION: 2.5 > DATE: August 6, 2008 > COPYRIGHT HOLDER: Victoria University of Wellington, NZ > AUTHORS: > Christian Seifert ([EMAIL PROTECTED]) > Ramon Steenson([EMAIL PROTECTED]) > Capture-HPC is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License, V2 as published by > the Free Software Foundation. > Capture-HPC is distributed in the hope that it will be useful, > but WITHOUT ANY WARRANTY; without even the implied warranty of > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > GNU General Public License for more details. > You should have received a copy of the GNU General Public License > along with Capture-HPC; if not, write to the Free Software > Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,USA > Option: Connect to server ip: 192.168.15.50 > Option: Connect to server port: 7070 > Starting Capture Client 2.5 > hereLoaded plugin: Application_ClientConfigManager.dll > inserted: added application: acrobatreader > inserted: added application: firefox > inserted: added application: opera > inserted: added application: word > inserted: added application: oowriter > Loaded plugin: Application_InternetExplorer.dll > inserted: added application: iexplore > Loaded plugin: Application_InternetExplorerBulk.dll > inserted: added application: iexplorebulk > Loaded plugin: Application_Safari.dll > inserted: added application: safari > Driver already loaded: CaptureProcessMonitor > Driver already loaded: CaptureRegistryMonitor > Loaded filter driver: CaptureFileMonitor > Connected to server at 192.168.15.50 > Got connect status changed > --------------------------------------------------------- > ServerReceive. Bytes received: 25 > Got: <connect server="2.5" /> > Got connect event > ServerReceive. Bytes received: 64 > Got: <option name="capture-network-packets-malicious" value="true"/> > Creating network dumper > Loading network packet dumper > network adapter found: 192.168.15.52 > ServerReceive. Bytes received: 245 > Got: <option name="capture-network-packets-benign" value="true"/> > Got: <option name="collect-modified-files" value="false"/> > Got: <visit-event identifier="1945612958" program="InternetExplorer" > time="20"><item url="http%3a%2f%2fwww.google.com"/></visit-event> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received: 9 > Got: <ping/> > ServerReceive. Bytes received2: -1 > ServerReceive. Recv failed: 10054 > Got connect status changed > Could not connect to server > Socket error: 10061 > Retrying... > Could not connect to server > Socket error: 10061 > Retrying... > Could not connect to server > Socket error: 10061 > Retrying... > Could not connect to server > Socket error: 10061 > Retrying... > Could not connect to server > Socket error: 10061 > Retrying... > Could not connect to server > Socket error: 10061 > Retrying... > Could not connect to server > Socket error: 10061 > Retrying... > Could not connect to server > Socket error: 10061 > Retrying... > Could not connect to server > Socket error: 10061 > Retrying... > Could not connect to server > Socket error: 10061 > Retrying... > Got connect status changed > ServerReceive. Bytes received2: -1 > ServerReceive. Recv failed: 10057 > Got connect status changed > Could not connect to server > Socket error: 10061 > Retrying... > Could not > ################applications.conf############## > #[Client Name] [Client Path] (Download URL to temp directory and open from > there?) > firefox C:\Program Files\Mozilla Firefox\firefox.exe > opera C:\Program Files\Opera\opera.exe > oowriter C:\Program Files\OpenOffice.org 2.2\program\swriter.exe > acrobatreader C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe yes > word C:\Program Files\Microsoft Office\OFFICE11\winword.exe > InternetExplorer C:\Program Files\Internet Explorer\iexplore.exe > > > > ------------------------------ > Get more out of the Web. Learn 10 hidden secrets of Windows Live. Learn > Now<http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns%21550F681DAD532637%215295.entry?ocid=TXT_TAGLM_WL_getmore_092008> > > _______________________________________________ > Capture-HPC mailing list > [email protected] > https://public.honeynet.org/mailman/listinfo/capture-hpc > > -- ---- Web: http://www.mcs.vuw.ac.nz/~cseifert PGP key http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list [email protected] https://public.honeynet.org/mailman/listinfo/capture-hpc
