Thursday, February 17, 2011

XP IPv6 Weirdness

This article is about a computer that has IPv6 installed on Windows XP SP3.

I was using Wireshark today checking on the operation of the NetScanTools Pro v11 port scanner when I noticed something weird. Every 10 seconds a set of regularly spaced AAAA record queries were going to my ISPs DNS (default DNS for this system). The AAAA queries were all for 'mycomputername.domain.actdsltmp' and each time the DNS would respond back with 'no such name'. So I started closing down the browser and all the open programs - no change, the queries continued. Since this amounts to DNS harassment and a waste of bandwidth, I decided to find the cause. The 'domain.actdsltmp' part of the request is there because we have an Actiontec GT701 that provides that to my computer as a default domain name.

I could not find a way to shut it off short of uninstalling IPv6, so I did a nice workaround that works well. I added these two records to my hosts file using NetScanTools Pro - you can use something else if you want, it's just a text file. The first record is for IPv4 and the second for IPv6: mycomputername.domain.actdsltmp
::1 mycomputername.domain.actdsltmp

The purpose of those records is to intercept outgoing DNS queries before they happen. This is because Windows DNS queries start with the hosts file, then failing to find the mapping in there, the actual outgoing DNS query is made to the default system DNSs.

Those two records tell whatever is asking for those hostnames that the loopback addresses (IPv4 and IPv6) are the addresses to use. This makes sense anyway because it's asking for a translation of your own computer name.

Tuesday, February 15, 2011

NetScanTools Pro v11 Beta

Just released NetscanTools Pro version 11 beta 3 to select customers. If you are a customer with an active NetScanTools Pro maintenance plan and you want to try the beta, contact support today.

Beta 3 represents many changes based on the input of beta testers. Thanks to all who are helping!


Thursday, February 3, 2011

NetScanTools Pro NetScanner/Ping Sweep Tips

These comments apply to NetScanTools Pro 10.98.1 and earlier. NetScanner/Ping Sweep uses ICMP ping packets to find active computers in the IP range or list of IPs.

1. If you are scanning a range of IPs that include Windows computers with active NetBIOS or SMB Windows computer name access - please - -please - please make sure that the checkbox labeled "Delete NetScanner Temporary Files on Exit" is checked. See NetScanner/Ping Sweep Setup.

2. If you see what you know is the wrong hostname for an IP, first press the Edit Hosts File button and see if the IP is in there. If it is, edit it out and make sure the Add Responding IPs to Hosts File box is unchecked. If the hosts file is not the problem, you need to review DNS. NetScanner uses the builtin resolver in Windows to resolve IPs to hostnames using DNS queries, if those fail a node status request is sent directly to the target to try to get the Windows hostname. Switch to the DNS Tools - Core tool and enter the IP that has the wrong hostname. Then press Test Default DNS. This tool does a direct PTR query to all the DNS's used by your computer. Look for two or more PTR records showing different hostnames. If you see it here, then the problem is in DNS. If the IP does not have PTR records in DNS, then go back to NetScanner and double click on the IP in question to view the NetBIOS/SMB information returned during the scan. You may see the incorrect hostname in the NetBIOS response. If so, then make sure #1 above is implemented - if not, exit the program, restart and rescan.

3. Keep Add responding IPs to hosts file unchecked. It is an artifact of an earlier version of NetScanTools and is no longer relevant in today's systems.

4. If you are looking for MAC addresses, please make sure Retry Send ARP is checked and Get NetBIOS Info is checked. The first one uses ARP to get MAC addresses if you are on the same subnet. The second one queries Windows computers throught the NetBIOS/SMB protocol to obtain MAC addresses. Remember MAC addresses in an IPv4 network are not routed.

5. If you want to ping a set of non-contiguous, random IPs, please create a list of IPv4 address, one per line and save it to a text file. There can be no other information in this file, only the IP addresses. On NetScanner/Ping Sweep, press Load Targets, then Load Text File. Navigate to the IP text file and open it. Now press Start NetScan and answer Yes to the question about scanning the list. You may want to go into Setup and uncheck the box labeled Enable Post-Sweep Delete of Nonresponding IPs - it's up to you.