Sguil 0.7.0 on Ubuntu 9.10

Today I installed a Sguil client on a fresh installation of Ubuntu 9.10.

It was really easy with the exception of one issue I had to troubleshoot, explained below.

First notice that tcl8.4 and tk8.4 is already installed on Ubuntu 9.10.

richard@janney:~$ dpkg --list | grep -i tcl
ii  tcl8.4                               8.4.19-3                                   
Tcl (the Tool Command Language) v8.4 - run-t
ii  tk8.4                                8.4.19-3                                   
Tk toolkit for Tcl and X11, v8.4 - run-time 
richard@janney:~$ sudo apt-get install tclx8.4 tcllib 
 iwidgets4 tcl-tlsReading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  itcl3 itk3
Suggested packages:
  itcl3-doc itk3-doc iwidgets4-doc tclx8.4-doc
The following NEW packages will be installed:
  itcl3 itk3 iwidgets4 tcl-tls tcllib tclx8.4
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,127kB of archives.
After this operation, 18.1MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://us.archive.ubuntu.com karmic/universe itcl3 3.2.1-5 [99.4kB]
...truncated...

Next install wireshark via apt-get. I don't show that here.

The server I want to connect to is running Sguil 0.7.0, not the version currently in CVS. If you try connecting from a CVS client to a 0.7.0 server, the client will report an error like

error writing "sock6": connection reset by peer

On the server side you will see Sguil die on error:

pid(37598)  Client Connect: 192.168.2.194 39901 sock15
pid(37598)  Validating client access: 192.168.2.194
pid(37598)  Valid client access: 192.168.2.194
pid(37598)  Sending sock15: SGUIL-0.7.0 OPENSSL ENABLED
pid(37598)  Client Command Received: VersionInfo {SGUIL-0.7.0 OPENSSL ENABLED}
pid(37598)  ERROR: Client connect denied - mismatched versions
pid(37598)  CLIENT VERSION: {SGUIL-0.7.0 OPENSSL ENABLED}
pid(37598)  SERVER VERSION: SGUIL-0.7.0 OPENSSL ENABLED
Error: can not find channel named "sock15"
can not find channel named "sock15"
    while executing
"close $socketID"
    (procedure "ClientVersionCheck" line 11)
    invoked from within
"ClientVersionCheck $socketID $data1 "
    ("VersionInfo" arm line 1)
    invoked from within
"switch -exact $clientCmd {
      DeleteEventID { $clientCmd $socketID $index1 $index2 }
      DeleteEventIDList { $clientCmd $socketID $data1 }
      ..."
    (procedure "ClientCmdRcvd" line 38)
    invoked from within
"ClientCmdRcvd sock15"
SGUILD: killing child procs...
SGUILD: Exiting...

If you diff the sguil.tk from 0.7.0 against sguil.tk from CVS these differences explain what is happening:

richard@janney:~/sguil/client$ diff /home/richard/Downloads/sguil-0.7.0/client/sguil.tk sguil.tk
5c5
< # $Id: sguil.tk,v 1.249 2008/03/25 15:59:34 bamm Exp $ #
---
> # $Id: sguil.tk,v 1.254 2008/09/21 02:59:25 bamm Exp $ #
156,162d155
<     # store $data in $origData because ctoken changes the var it is working on.
<     #set origData $data
<     #set serverCmd [ctoken data " "]
<     #set data1 [string trimleft $data]
<     # data1 has indices 1 on etc etc
<     #set index1 [ctoken data " "]
<     #set data2 [string trimleft $data]
203a197
>       PassChange { $serverCmd [lindex $data 1] [lindex $data 2] }
235c229
<     puts $socketID "VersionInfo $tmpVERSION"
---
>     puts $socketID [list VersionInfo $tmpVERSION]
...truncated...

Finally I like to edit my sguil.conf as shown to account for Wireshark's location and to reduce the number of panes from the default of 3 down to 1.

richard@janney:~/Downloads/sguil-0.7.0/client$ diff sguil.conf.orig sguil.conf
49c49
< set WIRESHARK_PATH /usr/sbin/wireshark
---
> set WIRESHARK_PATH /usr/bin/wireshark
73c73
< set RTPANES 3
---
> set RTPANES 1
78,80c78,80
< set RTPANE_PRIORITY(0) "1"
< set RTPANE_PRIORITY(1) "2 3"
< set RTPANE_PRIORITY(2) "4 5"
---
> set RTPANE_PRIORITY(0) "1 2 3 4 5"
> #set RTPANE_PRIORITY(1) "2 3"
> #set RTPANE_PRIORITY(2) "4 5"

At this point I can use the Sguil client.

Unfortunately I continue to have a problem with DNS resolution. (I reported one a while back.)

can't read "state(reply)": no such element in array
can't read "state(reply)": no such element in array
    while executing
"binary scan $state(reply) SSSSSS mid hdr nQD nAN nNS nAR"
    (procedure "Flags" line 13)
    invoked from within
"Flags $token flags"
    (procedure "dns::name" line 3)
    invoked from within
"dns::name $tok"
    (procedure "GetHostbyAddr" line 47)
    invoked from within
"GetHostbyAddr $srcIP"
    (procedure "ResolveHosts" line 23)
    invoked from within
"ResolveHosts"
    invoked from within
".eventPane.pane1.childsite.detailPane.pane0.childsite.detailTabs.canvas.notebook.
 cs.page1.cs.ipDataFrame.dnsDataFrame.dnsActionFrame.dnsButton invoke"
    ("uplevel" body line 1)
    invoked from within
"uplevel #0 [list $w $cmd]"
    (procedure "tk::CheckRadioInvoke" line 3)
    invoked from within
"tk::CheckRadioInvoke .eventPane.pane1.childsite.detailPane.pane0.childsite.detailTabs.canvas.notebook.
 cs.page1.cs.ipDataFrame.dnsDataFrame.dnsActionFr..."
    (command bound to event) 

I noticed a similar error on the sguil-users mailing list and tried installing libudp-tcl, but I got the same error.

Read More

Burning CDs on Ubuntu

Sometimes this blog is just a place for me to take notes on tasks I want to repeat in the future, like burning CDs. In this case I'm running Ubuntu and using the new portable Sony DRX-S50U Multi-Format DVD Burner I bought to accompany my Thinkpad x60s on the road.

First I created an .iso of the files I wanted on the CD-R.

richard@neely:/var/tmp$ mkisofs -J -R -o /data/shmoocon2007hack.iso shmoocon2007/
INFO:   UTF-8 character encoding detected by locale settings.
        Assuming UTF-8 encoded filenames on source filesystem,
        use -input-charset to override.
Using shmoo000.pca;1 for  /shmoocon_hack_rd2_timeadj.pcap (shmoocon_hack_rd1_timeadj.pcap)
  1.68% done, estimate finish Wed Apr 11 21:23:45 2007
...truncated...

Second I asked cdrecord to find the burner.

richard@neely:/var/tmp$ sudo cdrecord -scanbus
Cdrecord-Clone 2.01.01a03 (i686-pc-linux-gnu) Copyright (C) 1995-2005 Joerg Schilling
NOTE: this version of cdrecord is an inofficial (modified) release of cdrecord
      and thus may have bugs that are not present in the original version.
      Please send bug reports and support requests to .
      The original author should not be bothered with problems of this version.

cdrecord: Warning: Running on Linux-2.6.17-11-generic
cdrecord: There are unsettled issues with Linux-2.5 and newer.
cdrecord: If you have unexpected problems, please try Linux-2.4 or Solaris.
Linux sg driver version: 3.5.33
Using libscg version 'debian-0.8debian2'.
cdrecord: Warning: using inofficial version of libscg (debian-0.8debian2 '@(#)scsitransp.c
      1.91 04/06/17 Copyright 1988,1995,2000-2004 J. Schilling').
scsibus0:
        0,0,0     0) 'ATA     ' 'TOSHIBA MK6032GS' 'AS31' Disk
        0,1,0     1) *
        0,2,0     2) *
        0,3,0     3) *
        0,4,0     4) *
        0,5,0     5) *
        0,6,0     6) *
        0,7,0     7) *
scsibus4:
        4,0,0   400) 'Optiarc ' 'DVD RW AD-7540A ' '1.D0' Removable CD-ROM
        4,1,0   401) *
        4,2,0   402) *
        4,3,0   403) *
        4,4,0   404) *
        4,5,0   405) *
        4,6,0   406) *
        4,7,0   407) *

Third I burned them to the CD-R.

richard@neely:/var/tmp$ sudo cdrecord -v dev=4,0,0 driveropts=burnfree -eject
 -data /data/shmoocon2007hack.iso 
cdrecord: No write mode specified.
cdrecord: Asuming -tao mode.
cdrecord: Future versions of cdrecord may have different drive dependent defaults.
cdrecord: Continuing in 5 seconds...
Cdrecord-Clone 2.01.01a03 (i686-pc-linux-gnu) Copyright (C) 1995-2005 Joerg Schilling
NOTE: this version of cdrecord is an inofficial (modified) release of cdrecord
      and thus may have bugs that are not present in the original version.
      Please send bug reports and support requests to .
      The original author should not be bothered with problems of this version.

cdrecord: Warning: Running on Linux-2.6.17-11-generic
cdrecord: There are unsettled issues with Linux-2.5 and newer.
cdrecord: If you have unexpected problems, please try Linux-2.4 or Solaris.
TOC Type: 1 = CD-ROM
scsidev: '4,0,0'
scsibus: 4 target: 0 lun: 0
Linux sg driver version: 3.5.33
Using libscg version 'debian-0.8debian2'.
cdrecord: Warning: using inofficial version of libscg (debian-0.8debian2 '@(#)scsitransp.c
      1.91 04/06/17 Copyright 1988,1995,2000-2004 J. Schilling').
Driveropts: 'burnfree'
SCSI buffer size: 64512
atapi: 1
Device type    : Removable CD-ROM
Version        : 0
Response Format: 2
Capabilities   : 
Vendor_info    : 'Optiarc '
Identifikation : 'DVD RW AD-7540A '
Revision       : '1.D0'
Device seems to be: Generic mmc2 DVD-R/DVD-RW.
Current: 0x0009
Profile: 0x002B 
Profile: 0x001B 
Profile: 0x001A 
Profile: 0x0016 
Profile: 0x0015 
Profile: 0x0014 
Profile: 0x0013 
Profile: 0x0012 
Profile: 0x0011 
Profile: 0x0010 
Profile: 0x000A 
Profile: 0x0009 (current)
Profile: 0x0008 (current)
Profile: 0x0002 
cdrecord: This version of cdrecord does not include DVD-R/DVD-RW support code.
cdrecord: See /usr/share/doc/cdrecord/README.DVD.Debian for details on DVD support.
Using generic SCSI-3/mmc   CD-R/CD-RW driver (mmc_cdr).
Driver flags   : MMC-3 SWABAUDIO BURNFREE 
Supported modes: TAO PACKET SAO SAO/R96R RAW/R96R
Drive buf size : 890880 = 870 KB
FIFO size      : 4194304 = 4096 KB
Track 01: data   583 MB        
Total size:      670 MB (66:23.13) = 298735 sectors
Lout start:      670 MB (66:25/10) = 298735 sectors
Current Secsize: 2048
ATIP info from disk:
  Indicated writing power: 5
  Is not unrestricted
  Is not erasable
  Disk sub type: Medium Type A, high Beta category (A+) (3)
  ATIP start of lead in:  -11634 (97:26/66)
  ATIP start of lead out: 359846 (79:59/71)
Disk type:    Short strategy type (Phthalocyanine or similar)
Manuf. index: 3
Manufacturer: CMC Magnetics Corporation
Blocks total: 359846 Blocks current: 359846 Blocks remaining: 61111
Starting to write CD/DVD at speed 24 in real TAO mode for single session.
Last chance to quit, starting real write    0 seconds. Operation starts.
Waiting for reader process to fill input buffer ... input buffer ready.
BURN-Free is ON.
Performing OPC...
Starting new track at sector: 0
Track 01:  583 of  583 MB written (fifo 100%) [buf 100%]   8.3x.
Track 01: Total bytes read/written: 611805184/611805184 (298733 sectors).
Writing  time:  523.078s
Average write speed   7.8x.
Min drive buffer fill was 100%
Fixating...
Fixating time:   42.065s
BURN-Free was never needed.
cdrecord: fifo had 9637 puts and 9637 gets.
cdrecord: fifo was 0 times empty and 9555 times full, min fill was 79%.

Last I checked the files on the CD.

richard@neely:/var/tmp$ ls -alh /media/cdrom0/
total 584M
drwxr-xr-x 2 richard richard 2.0K 2007-03-26 16:27 .
drwxr-xr-x 6 root    root    1.0K 2007-04-05 15:33 ..
-rw-r--r-- 1 richard richard 149M 2007-03-26 16:19 shmoocon_hack_rd1_timeadj.pcap
-rw-r--r-- 1 richard richard 435M 2007-03-26 16:27 shmoocon_hack_rd2_timeadj.pcap

Looks good!

Read More

VMware Server 1.0.2 on Ubuntu 6.10

Previously I documented installing VMware Workstation 6 Beta on my Thinkpad x60s. I decided to uninstall Workstation and install VMware Server 1.0.2. I should have used the vmware-uninstall.pl script but even without using it directly I managed to remove the old Workstation installation without real trouble.

Running Server on Ubuntu 6.10 (desktop) required me to add a few packages. I found Martti Kuparinen's installation guide very helpful. I had to add the following packages to ensure a smooth Server installation.

sudo apt-get install xinetd
sudo apt-get install libX11-dev
sudo apt-get install xlibs-dev

I did not have to install linux-kernel-headers.

I was really impressed that Martti provided a patch for two scripts that did not work correctly out of the box. When I applied the patch I was able to start VMware's Web server and access it via my browser.

richard@neely:/tmp$ wget http://users.piuha.net/martti/comp/ubuntu/httpd.vmware.diff
--13:52:24--  http://users.piuha.net/martti/comp/ubuntu/httpd.vmware.diff
           => `httpd.vmware.diff'
Resolving users.piuha.net... 193.234.218.130
Connecting to users.piuha.net|193.234.218.130|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2,973 (2.9K) [text/plain]

100%[====================================>] 2,973         --.--K/s             

13:52:25 (1.81 MB/s) - `httpd.vmware.diff' saved [2973/2973]

richard@neely:/tmp$ cd /
richard@neely:/$ sudo patch -b -p0 < /tmp/httpd.vmware.diff 
Password:
patching file /etc/init.d/httpd.vmware
patching file /usr/lib/vmware-mui/src/lib/httpd.vmware
richard@neely:/$ sudo netstat -natup | grep vm
tcp        0      0 0.0.0.0:8333            0.0.0.0:*
               LISTEN     5205/httpd.vmware   
tcp        0      0 0.0.0.0:8222            0.0.0.0:*
               LISTEN     5205/httpd.vmware  

Thanks to this guide I made this addition to /etc/xinetd.d/vmware-authd so the vmware console on port 902 TCP didn't listen on all interfaces:

    bind            = 127.0.0.1

To prevent the Web server from starting at boot and potentially listening on a hostile network, I removed the x bit from the script in /etc/init.d so it would not be started at boot. I can start it manually.

richard@neely:~$ sudo chmod -x /etc/init.d/httpd.vmware
richard@neely:~$ sudo sh /etc/init.d/httpd.vmware start
   Starting httpd.vmware:                                              done

I noticed while installing the packages the suggestion to run apt-get autoremove, so I did once everything was installed.

richard@neely:~$ sudo apt-get autoremove
Password:
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libnl1-pre6 network-manager libnm-util0 dhcdbd
The following packages will be REMOVED:
  dhcdbd libnl1-pre6 libnm-util0 network-manager
0 upgraded, 0 newly installed, 4 to remove and 0 not upgraded.
Need to get 0B of archives.
After unpacking 1217kB disk space will be freed.
Do you want to continue [Y/n]? y
(Reading database ... 115360 files and directories currently installed.)
Removing network-manager ...
 * Stopping NetworkManager daemon                                        [ ok ] 
 * Stopping NetworkManager dispatcher                                    [ ok ] 
Removing dhcdbd ...
Removing libnl1-pre6 ...
Removing libnm-util0 ...

I have VMware Server running well on Ubuntu now.

Read More

Wireless Ubuntu on Thinkpad x60s

I'm used to doing everything manually when running wireless FreeBSD on older laptops. Running Ubuntu has shielded me from some of the command-line configuration I used to perform on FreeBSD. Linux uses different commands for certain tasks. My new laptop also has a different chipset from my old laptop, so I wanted to see if I could get Kismet working on it.

If I want to find wireless networks via the command line I use this command.

richard@neely:~$ sudo iwlist eth1 scan
eth1      Scan completed :
          Cell 01 - Address: 00:13:10:65:2F:AD
                    ESSID:"shaolin"
                    Protocol:IEEE 802.11bg
                    Mode:Master
                    Channel:1
                    Encryption key:on
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s
                              11 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
                              48 Mb/s; 54 Mb/s
                    Quality=76/100  Signal level=-58 dBm  Noise level=-58 dBm
                    Extra: Last beacon: 68ms ago
...truncated...

If I want to associate with that WAP using WEP I use this command.

richard@neely:~$ sudo iwconfig eth1 essid shaolin channel 1 key KEYDIGITS

I am associated now.

richard@neely:~$ iwconfig eth1
eth1      IEEE 802.11g  ESSID:"shaolin"  
          Mode:Managed  Frequency:2.412 GHz  Access Point: 00:13:10:65:2F:AD   
          Bit Rate:54 Mb/s   Tx-Power:15 dBm   
          Retry limit:15   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=76/100  Signal level=-58 dBm  Noise level=-59 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:2909   Missed beacon:0

I can grab an IP via DHCP.

richard@neely:~$ sudo dhclient eth1
Internet Systems Consortium DHCP Client V3.0.4
Copyright 2004-2006 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/

Listening on LPF/eth1/00:13:02:4c:30:2d
Sending on   LPF/eth1/00:13:02:4c:30:2d
Sending on   Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8
DHCPOFFER from 192.168.2.1
DHCPREQUEST on eth1 to 255.255.255.255 port 67
DHCPACK from 192.168.2.1
bound to 192.168.2.103 -- renewal in 42728 seconds.

Here is ifconfig output.

richard@neely:~$ ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:13:02:4C:30:2D  
          inet addr:192.168.2.103  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::213:2ff:fe4c:302d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4984 errors:19 dropped:2928 overruns:0 frame:0
          TX packets:239 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5491350 (5.2 MiB)  TX bytes:188020 (183.6 KiB)
          Interrupt:74 Base address:0xc000 Memory:edf00000-edf00fff 

I can check my gateway.

richard@neely:~$ netstat -nr -4
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
172.16.250.0    0.0.0.0         255.255.255.0   U         0 0          0 vmnet8
172.16.207.0    0.0.0.0         255.255.255.0   U         0 0          0 vmnet1
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 eth1

I can change my IP from DHCP to static.

richard@neely:~$ sudo killall dhclient
richard@neely:~$ sudo ifconfig eth1 inet 192.168.2.8 netmask 255.255.255.0 up
richard@neely:~$ ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:13:02:4C:30:2D  
          inet addr:192.168.2.8  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::213:2ff:fe4c:302d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5625 errors:20 dropped:2929 overruns:0 frame:0
          TX packets:245 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5492954 (5.2 MiB)  TX bytes:192494 (187.9 KiB)
          Interrupt:74 Base address:0xc000 Memory:edf00000-edf00
ichard@neely:~$ sudo route add default gw 192.168.2.1
richard@neely:~$ netstat -nr -4
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
172.16.250.0    0.0.0.0         255.255.255.0   U         0 0          0 vmnet8
172.16.207.0    0.0.0.0         255.255.255.0   U         0 0          0 vmnet1
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 eth1

Here are the changes I made to enable Kismet after checking my wireless card.

richard@neely:~$ sudo lshw -businfo | grep eth1
pci@03:00.0     eth1       network     PRO/Wireless 3945ABG Network Connection

richard@neely:~$ diff -u /etc/kismet/kismet.conf.orig /etc/kismet/kismet.conf
--- /etc/kismet/kismet.conf.orig        2007-03-23 09:53:28.000000000 -0400
+++ /etc/kismet/kismet.conf     2007-03-23 09:56:00.000000000 -0400
@@ -7,10 +7,10 @@
 version=2005.06.R1
 
 # Name of server (Purely for organizational purposes)
-servername=Kismet
+servername=neely
 
 # User to setid to (should be your normal user)
-#suiduser=your_user_here
+suiduser=richard
 
 # Sources are defined as:
 # source=sourcetype,interface,name[,initialchannel]
@@ -19,7 +19,7 @@
 # The initial channel is optional, if hopping is not enabled it can be used
 # to set the channel the interface listens on.
 # YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
-source=none,none,addme
+source=ipw3945,eth1,addme

Kismet works fine. When operating eth1 is in monitor mode.

richard@neely:~$ iwconfig eth1
eth1      unassociated  ESSID:"shaolin"  
          Mode:Monitor  Frequency=2.412 GHz  Access Point: 00:13:10:65:2F:AD   
          Bit Rate:0 kb/s   Tx-Power:16 dBm   
          Retry limit:15   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0

When Kismet exits I'm able to cleanly use my original connection.

Read More

Wine on Ubuntu

I'm finding more reasons to like running Ubuntu on the desktop. Two of my favorite Windows applications are MWSnap (a simple screen capture tool) and Irfanview (a simple image viewer and editor). (Gimp fans, please spare me your comments. I can't stand that program. It's a bulldozer when all I need is a garden shovel.)

I poked around looking for native Linux programs that might suit my needs, but then I thought "What about using Wine to run the Windows binaries on Linux?" I'd never used Wine before, but it was only an 'apt-get install wine' away from appearing on my Ubuntu laptop.

I first tried Irfanview, but I ran into the same issues as described here. After creating /home/richard/wine and putting mfc42.dll there with installation binaries for Irfanview and MWSnap, I was able to run Wine in that directory and install both programs.

Wine ended up creating the following directory structure.

richard@neely:~/.wine/drive_c/Program Files$ ls -al
total 5
drwxr-xr-x 5 richard richard 1024 2007-03-21 11:46 .
drwxr-xr-x 4 richard richard 1024 2007-03-21 11:42 ..
drwxr-xr-x 2 richard richard 1024 2007-03-21 11:42 Common Files
drwxr-xr-x 5 richard richard 1024 2007-03-21 11:43 IrfanView
drwxr-xr-x 3 richard richard 1024 2007-03-21 11:46 MWSnap

Running each program requires something like this:

richard@neely:~$ wine .wine/drive_c/Program\ Files/IrfanView/i_view32.exe 
richard@neely:~$ wine .wine/drive_c/Program\ Files/MWSnap/MWSnap.exe 

Overall I am really pleased to see this working so well.

Read More