Wednesday, September 20, 2017

NetScanTools Pro 11.83 Released September 15, 2017

This release improves the user experience in several areas and the UI is less cluttered.

Back when we started adding tools that depended on WinPcap, a computer typically had one interface that WinPcap could use for receiving or sending packets. That has all changed. VPNs, Virtual Machines and secondary network interfaces can all potentially add WinPcap compatible interfaces and those interfaces all show up in the WinPcap Interface dropdown list. The problem is that prior to v11.83 you had to select the right WinPcap compatible interface or the tool did not work right and you saw a message to select the correct interface. What v11.83 brings is automatic selection of the interface based on the input you give. This applies to a number of tools in NetScanTools Pro like ARP Scanner, Ping, Traceroute and others. You will still have to select the correct interface in many of the separately launched tools like Packet Capture or Passive Discovery because those tools are listening tools rather than 'packet sending/listening' tools.

Over the past few years typical monitor sizes (pixels HxW) has radically increased. We originally designed NetScanTools Pro to accommodate monitors as low as 800x600 but I personally use a pair of 1920x1080 monitors. I reviewed our web traffic on Google Analytics and found that nobody is using 800x600 or even 1024x768 so this new version of NetScanTools Pro expands the layout of the buttons and other controls on the right side and spreads them out as a first step towards reducing clutter.

Another annoyance was the 169.254.x.x popup message that appeared on startup, usually if you had Npcap installed instead of WinPcap. The message is gone and 169.254.x.x interfaces are not included in any tool (except those that show interfaces) since they are auto-assigned IP addresses from the operating system and actually not functional.

Many other changes and they are listed below. If you have an active maintenance plan you can download 11.83 through the Help menu/Check for New Version.

The list of changes.

-Usability improvement: Tools that depend on selecting the right WinPcap compatible interface now automatically select the interface based on the target entered. This includes ARP Ping, ARP Scanner, DHCP Server Discovery, Duplicate IP Detection, OS Fingerprinting, Ping - Enhanced, Port Scanner, Promiscuous Mode Scanner, and Traceroute. 'Launched' monitoring tools still require you to select the interface to monitor.

-Reports now have expanded information regarding the settings used for these tools (most are in the 'Notes' section of the report): Packet Flooder, Ping - Enhanced, Ping Scanner, Port Scanner, and Traceroute.

-DHCP Server Discovery now times out quicker if the local port 68 is in use and any network adapters with the IP starting with 169.254.x.x are not shown in the list because they are inactive.

-Maintenance Plan Expiration and other startup messages that appear before the main window is active are now force to appear as the topmost window. This stops the problem of starting NetScanTools Pro and not seeing anything because a startup message window was behind another window.

-Ping Scanner now includes a right click menu option to use your web browser to connect with the selected IP address.

-Fixed minor memory leak in Network Interfaces and Statistics.

-Removed startup message about 169.254.x.x interfaces which shows up more frequently if Npcap is installed instead of WinPcap.

-Began the first steps of a UI improvement by expanding the area used by the tools in the right hand panel. Our research shows that most displays are now wide enough for us to de-clutter the right hand side by making it wider and moving controls.

-Ping: changed the default header acknowledgment field value to 0.

-Traceroute: added header acknowledgment field as a user defined field in Settings.

-SSL Certificate Scanner: Added parsing of Subject Alternative Name (SAN) fields. Shown in the certificate chain. Previous retrievals of SSL certificates are noted in the grid when you edit or start the software. Right click to access the certificate chain. Added more parsing of signature algorithms so OIDs will be less likely to show up.

-Graphical Traceroute: Added Reset Statistics button.

-SNMP and SNMP Advanced: default bulk reps is now 8. Suggest lowering to 8 if you are using SNMPv2c or SNMPv3.

-USB Version Only: startup on a host running Npcap now works correctly.

-Updated SQLite to version 3.20.1

-Updated MAC address/Manufacturer database.

-Updated IP to Country database.

-Updated dates in all subprograms to 2017.

Tuesday, September 5, 2017

Managed Switch Port Mapping Tools v2.77.1 released August 30, 2017

Version 2.77.1 followed closely behind the release of 2.77. This minor release adds serial and model retrieval from Adtran switches. It also fixes some minor issues with importing devices from a text file in Switch List editor. SQLite was updated as well.

Version 2.77 was a huge release.

Managed Switch Port Mapping Tool v2.77 adds several features to enhance the user experience plus new features including one that has been requested a number of times for several years.

One of the most requested features (for years) is this: a way to compare two mappings of the same switch to see what has changed. It is now there under Review History (left control panel):




Select at mapping from the left list, then select one from the right list. Press ‘Show Added & Removed’ to see a list of what is present only in the first mapping (green) and the second mapping (blue) as shown below.



To see a list of devices moved from one port to another between mappings, press Show Moved. The final port that the device was moved to is shown in the list.



Another major addition is the ‘Test’ button. You can find it in the device settings. It give you a way to see if the device (switch or router or other) can be pinged and communicated with using the SNMP settings you have entered. See below:



Do you have Juniper, Ubiquiti and Force10 switches? We improved support for those switches and we even found that some models of Adtran switches can be mapped – but not all.

Full list of changes in this revision.

2.77 August 18, 2017

-Added button in Review History for comparing and displaying the differences between two mappings of the same switch at different times. One selection shows the difference between information present on the first switch mapping vs the second switch mapping. The other selection shows movement of a device from one port to a new port. The results of the comparisons may be saved/exported/printed.


-Added Test button to Device Settings. Use it to verify the device is reachable with Ping and verify your SNMP settings are correct. It also can tell you if it is a switch or a different kind of SNMP enabled device.

-The target switch is now tested near the start of the mapping to see if it really is a switch, if not a 'do you want to continue' question is asked.

-Additional sources of warning messages during SNMP single parameter retrievals were identified and the warning suppressed. The warnings were sometimes interpreted by users as errors and slowed the mapping process.

-New Command Line option (-txt) to save the results of a mapping to a hybrid tab/CSV delimited text file. Columns are represented by tabs and rows within a multi-row cell are represented by commas.

-Improved export to 10SCAPE. If required columns are missing, a warning is now shown at export.

-Column Order and Visibility Editor: the 10SCAPE defaults button now turns off the Ping Sweep warning (see Global Settings to reactivate it).

-Global Settings: the Display Ping Sweep Not Configured warning message is now disabled by default.

-Global Settings: when switch group specific settings (like MAC limit per port) are changed, the changes are now saved to the currently shown left panel switch group.

-Switch List Editor: show final report and show individual reports are now unchecked by default.

-Framework: menu and toolbar are now fixed in place and not dockable.

-Framework: top titlebar is now correctly updated to show the switch info when the mapping is complete.

-Juniper, Force10 and Ubiquiti switches are now processed correctly and manufacturer specific details are now retrieved.

-Some models of Adtran switches are now supported.

-Juniper switches now show the vlan name, internal vlan number and vlan tag as follows with the tag in curly braces: MYVLAN(5){100}. Other switch brands will continue to show MYLAN(5) or 5 where 5 is the vlan number.

-In order to speed up the switch list mapping process, the column widths are no longer automatically resized in list mode.

-VLAN identification for older 3COM switches was improved.

-Improvements to data shown in vlan columns.

-Fixed SQL syntax problem in lldpLocChassisId when subtypes 1-7 are present.

-Fixed usability problem with device settings editor where selections from existing community names would not appear to 'stick'.

-Fixed XML export where switch information is added in the left column.

-Added System Description to CDP data.

-New information added to SNMP Error Report.

-Changed Review History icon.

-Updated SQLite to version 3.20.0

-Updated MAC address/Manufacturer database.

Download the ‘installed’ version 2.77 from SwitchPortMapper.com and install it over the top of your current installed version.


USB version users need to use the Help Menu/Check for Update selection to obtain the upgrade patch.

Wednesday, January 25, 2017

NetScanTools.com website major revision under way

You may have noticed that NetScanTools.com is being revised. Slowly. One or more pages a day. It started in late December 2016.

It's being changed from an ancient Frontpage template with annoying flash into a modern Bootstrap based website. We are actually using the Unify template from wrapbootstrap. The nice part about Bootstrap is that it automatically sizes to meet the browser viewport. What this means is that there is only one set of webpages viewable equally well on mobile and the desktop.

Here are a few example pages:
http://www.netscantools.com/nstprodetails.html
http://www.netscantools.com/nstpro_packet_generator.html
http://www.netscantools.com/download.html
http://www.netscantools.com/support.html
http://www.netscantools.com/nstproonline.html
http://www.netscantools.com/nstbasicmain.html

I hope you like the new look!
Kirk

Thursday, August 11, 2016

GetBestRoute bug in Windows 10 Anniversary Release 1607

After upgrading to Windows 10 Anniversary Release 1607 on August 6, 2016, I noticed something strange happening with ARP Scanning Tool and I traced it to an intermittent problem in the IpHlpApi function GetBestRoute.

When the computer is first booted, GetBestRoute works normally as it has in NetScanTools Pro for years and as it has on other Windows operating systems. I am using it to determine if an IPv4 address can be reached LOCALLY without going through the Default Gateway. Operating System specifics:  64 bit OS build 14393.51, only one ethernet wired 1GB network interface connected to an IPv4 network. Compiled as a 32 bit application using VC++ 2012.

Code snippet:

MIB_IPFORWARDROW IPForwardRow;
memset(&IPForwardRow, 0, sizeof(IPForwardRow));

DWORD dwResult = GetBestRoute(targetIPAddress, outgoingIf, &IPForwardRow);

// note the fail on getting non-local route
if(dwResult == NO_ERROR && IPForwardRow.dwForwardType != MIB_IPROUTE_TYPE_DIRECT)
{
 // note the failure with a popup stating that the route is not local,
 // ie. not on the same subnet or local network segment
}

Problem statement: if you pass in ANY targetIPAddress between 192.168.0.1 and 192.168.0.254 and outgoing interface is 192.168.0.205 on your computer, it should come back with MIB_IPROUTE_TYPE_DIRECT. This is the normal way it works. Here is a view of the contents of the IPForwardRow structure as it should appear with 192.168.0.1 and 192.168.0.205 as the interface (192.168.0.1 is the default gateway).


You can see the dwForwardDest is populate correctly as is dwForwardMask and the ForwardType is direct as expected.

But for any other IPv4 address 192.168.0.2 through 192.168.0.254, you get this with empty dwForwardDest and dwForwardMask with the route type INCORRECTLY shown as MIB_IPROUTE_TYPE_INDIRECT.


Obviously something was broken in this new Windows 10 release. It is intermittent but once it goes into this failure mode, it stays in the failure mode until the computer is rebooted. I do not know what the trigger is.

I have fixed it by writing my own GetBestRoute equivalent - but I should not have to do that. Microsoft PLEASE FIX this ASAP!


NetScanTools Pro v11.80 released Aug 4, 2016

NetScanTools Pro 11.80 was released on Aug 4, 2016. This version was completely compiled on Windows 10 and is dual code-signed with both SHA256 and SHA1.

We added a new IPv6 Route Tool that displays the routes and many other properties.


There are many changes and the most obvious change is in the way WinPcap compatible interfaces are shown and selected. Tools that use WinPcap now have a much more verbose description of the interface, not just the IPv4 address shown before. Previously, users would occasionally run into problems where the IPv4 address shown in the dropdown list was not able to be opened even though WinPcap says it was compatible with it. The way the interfaces are opened based on the selection was significantly changed internally so there should be less chance of problems.


The Real Time Blacklist Check tool was changed from a text based single threaded (one after the other) output to a grid based output with multithreading. In other words, in v11.80 many RBL servers are queried simultaneously for the presence of the mail server IPv4 address in their databases.


SNMP tools now support SNMPv3 without the enduser having to go obtain libeay32.dll. We have an Encryption Registration Number and the software is ECCN 5D992.c.

The SNMP Scanner and SNMP Dictionary Attack Tools were worked on extensively to fix problems that happened if you sorted a column with scanning (no longer allowed) and also problems with the XML Excel Schema. Side note - if you are using Excel, don't 'import' the XML file, simply 'open' it just like any other Excel file.

Here are the specific changes:
-Compiled on Windows 10.
-New Tool: IPv6 Routing Table.
-Significant change to the way WinPcap compatible interfaces are listed and chosen. Layout of some tools had to change to support longer selection box.Opening and using a WinPcap network interface no longer depends on matching the IPv4 address.
-We now test to verify that the official WinPcap service or the alternative npcap or Win10Pcap services are running.
-Realtime Black List Check tool completely rewritten with new user interface and it is now multithreaded for increased speed.
-SNMP Core and Advanced tools now have simplified SNMPv3 options. SNMP DLL now has libeay32.dll added and SNMP Library Manager was removed. ECCN 5D992.c
-SNMP Scanner, SNMP Dictionary Attack and Protected Storage Viewer have updated grid controls and are now prevented from sorting by clicking on the column header while the tool is working. Exporting with Microsoft Excel schema has been updated - simply 'open' the XML file from Excel (do not import it). SNMP v1+v2c setting is now properly saved.
-ARP based tools now confirm that the target IPv4 addresses are within the same subnet as the chosen WinPcap interface.
-ARP Scan now automatically sorts by the IP address column when complete.
-Whois changed so that if whois server does not respond, it times out and automatically stops.
-Assigned IPv6 Teredo server is shown in IPv6 Compatible Interfaces.
-Corrected privilege problems with writing to certain parts of the registry during registration process.
-Updated SQLite to version 3.13.0
-Updated MAC address/Manufacturer database.
-Updated IP to Country database.
-Code signing now uses both SHA256 and SHA1 for maximum operating system portability.

Thursday, June 2, 2016

NetScanTools Pro 11.75 Released May 6, 2016

This is a minor release - kind of - it has numerous changes to the Packet Flooder to increase speed and give the user finer control over packet sending.

We also did something that was long overdue. We changed from the ancient Wise installer to the most recent Inno Setup installer for the 'installed' version.

SQLite was updated along with the databases and in order to be used on Windows 10, we codesigned everything with both an SHA256 certificate and an SHA1 certificate.

If your maintenance plan is active, please click on Help menu, then Check for New Version. The embedded window will appear with links for downloading. You will need your access credentials.

Full list of changes is here: http://www.netscantools.com/nstpronews.html

Wednesday, March 23, 2016

Managed Switch Port Mapping Tool v2.63 released on Friday, March 18, 2016

The v2.63 release has one major change dealing with IEEE 802.3ad LAG (Link Aggregation) ports. If your switch reports these ports in the type column as ieee8023adLag(161) AND you have assigned other ports to be members of the LAG, it will show something like ieee8023adLag(161): fa1, fa2 where fa1 and fa2 are the ifNames of the ports comprising the LAG. Click on the image below.










Another change in the message you see when the switch or other device does not respond to SNMP. We had a user accidentally change his SNMP port from 161 to 10. If SNMP times out and the port is not 161, you are told that the most likely cause is the port being wrong.

Like all versions released since Jan 1, 2016, we are code signing the executables and the installer with both SHA1 signed certificates and SHA256 signing. The ensures that the authorship of the software will be recognized across all current versions of Windows.

Download the installed trial of Managed Switch Port Mapping Tool v2.63 for Windows from http://www.SwitchPortMapper.com/