Thursday, February 3, 2011

NetScanTools Pro NetScanner/Ping Sweep Tips

These comments apply to NetScanTools Pro 10.98.1 and earlier. NetScanner/Ping Sweep uses ICMP ping packets to find active computers in the IP range or list of IPs.

1. If you are scanning a range of IPs that include Windows computers with active NetBIOS or SMB Windows computer name access - please - -please - please make sure that the checkbox labeled "Delete NetScanner Temporary Files on Exit" is checked. See NetScanner/Ping Sweep Setup.

2. If you see what you know is the wrong hostname for an IP, first press the Edit Hosts File button and see if the IP is in there. If it is, edit it out and make sure the Add Responding IPs to Hosts File box is unchecked. If the hosts file is not the problem, you need to review DNS. NetScanner uses the builtin resolver in Windows to resolve IPs to hostnames using DNS queries, if those fail a node status request is sent directly to the target to try to get the Windows hostname. Switch to the DNS Tools - Core tool and enter the IP that has the wrong hostname. Then press Test Default DNS. This tool does a direct PTR query to all the DNS's used by your computer. Look for two or more PTR records showing different hostnames. If you see it here, then the problem is in DNS. If the IP does not have PTR records in DNS, then go back to NetScanner and double click on the IP in question to view the NetBIOS/SMB information returned during the scan. You may see the incorrect hostname in the NetBIOS response. If so, then make sure #1 above is implemented - if not, exit the program, restart and rescan.

3. Keep Add responding IPs to hosts file unchecked. It is an artifact of an earlier version of NetScanTools and is no longer relevant in today's systems.

4. If you are looking for MAC addresses, please make sure Retry Send ARP is checked and Get NetBIOS Info is checked. The first one uses ARP to get MAC addresses if you are on the same subnet. The second one queries Windows computers throught the NetBIOS/SMB protocol to obtain MAC addresses. Remember MAC addresses in an IPv4 network are not routed.

5. If you want to ping a set of non-contiguous, random IPs, please create a list of IPv4 address, one per line and save it to a text file. There can be no other information in this file, only the IP addresses. On NetScanner/Ping Sweep, press Load Targets, then Load Text File. Navigate to the IP text file and open it. Now press Start NetScan and answer Yes to the question about scanning the list. You may want to go into Setup and uncheck the box labeled Enable Post-Sweep Delete of Nonresponding IPs - it's up to you.

No comments: