Re: 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside a virtual machine?

[Jon Andersen <janderse () umich edu>]

Frank,

For now I'm going to call it a VMware Workstation 5.5.1 "known issue", 
and move on.

I got Sebek working on VMware GSX server 3.2.1 (host Fedora Core 4, 
guest Windows XP).  It didn't work in NAT mode, but it did work in 
bridged mode.  I guess since Sebek is sending its packets at a low 
level, it needs direct access to send (raw?) packets.  So NAT mode 
silently fails, but bridged mode works.

Thanks everyone for your responses.  Its working now (-;

-Jon Andersen
Graduate Student
734-763-4521 (work)
734-763-8428 (home)
Computer Science & Engineering - Rm 4917
University of Michigan

On Jun 1, 2006, at 10:44 AM, Frank S Posluszny, III wrote:

> Hi Jon,
>
> I wasn't able to duplicate the 100% CPU utilization with either version
> of Sebek you mentioned.  According to your stats, the only difference
> seems to be that I'm using Fedora Core 3 instead of 4.
> Have you been able to narrow down the problem any further?
>
> -Frank P
>
> Jon Andersen said the following on 5/31/2006 10:03 PM:
> > Hi,
> >
> > I have been experimenting with Sebek for the eventual purpose of
> > research on current Internet worm threats.  There is a technical 
> > problem
> > that I haven't figured out yet.  I have tried Sebek 3.0.4 and 2.1.5
> > under VMware Workstation 5.5.1 (guest OS Windows XP SP2, host OS 
> > Fedora
> > Core 4),
> >
> > Both Sebek 3.0.4 and 2.1.5, after installation, configuration, and 
> > first
> > reboot, are causing 100% CPU utilization in both the guest and host 
> > OS.
> > Sebek is functioning enough that event packets do eventually show up 
> > on
> > the Sebek server; however, the guest and host run so slowly that its 
> > not
> > useful.  Has anyone seen this pegged-CPU bug before?  Any workarounds?
> > If not, any recommendations of other Sebek-like tools that can be
> > installed inside a virtual machine?
> >
> > Thanks,