Wednesday, August 17, 2011

Installing Wireshark on a USB flash drive with NetScanTools Pro

You may or may not know it, but Wireshark (www.wireshark.org) also comes as a portable version that you can install on a USB flash drive. I did a tutorial video on how to install it on a USB flash drive. I also show how to link NetScanTools Pro 11 to Wireshark so that you can launch Wireshark from within NetScanTools Pro. Pretty cool. They can both live on the USB and be fully portable, no installation required.

It's on youtube and will be on the videos section of netscantools.com soon.

http://www.youtube.com/watch?v=ZAhnuZiOSR0

Kirk

Friday, August 12, 2011

NetScanTools (r) Basic Edition 2.2 Released August 11, 2011

This new release of NetScanTools Basic has some user interface cleanup and adds a link to signup to be notified when a new release is ready.

The tools are still the same in this release.

We have some facinating plans for v3 - but I can't talk about them yet.

Tuesday, August 9, 2011

Windows XP suddenly got real slow

Last Friday I was trying out GMER, a rootkit detector and remover on our oldest XP machine using IDE ATA/ATAPI disks. It seemed to work fine, but since there were lots of files, I stopped it after a couple hours. Then I noticed something: the cursor was 'jumpy' and the computer seemed a bit slow. GMER (http://www.gmer.net/) didn't find anything bad, but that was the only thing that I had used on the machine that was out of the ordinary. So I shut the computer down until Saturday evening. I started it up to do backups. The Acronis backup software claimed it was going to take 6 hours to do an incremental backup - it usually takes less than half an hour. What was going on?

I noticed that the cursor was still jumpy. Strange. I started Task Manager and saw that most CPU activity was in 'System Idle Process' so there wasn't any specific program hogging CPU time. So I ran a chkdsk from the command line. It was so slow I had to terminate it. More strangeness. I checked the event log and saw no errors - I was looking specifically for disk errors. Just to be safe I did a chkdsk /f and rebooted. Went away for an hour and XP was finally back up when I came back. But still the cursor was jumpy.

Next I used SysInternals (MS) Process Explorer and saw the real problem: Hardware Interrupts. Normally interrupts account for less than 5% of CPU time, but they were going up into the 90%+ range whenever any program touched the hard drive. This meant something was wrong with the hard drive itself or the interface. After a long search on Google I found the answer.

Apparently XP will change the disk controller transfer mode from the DMA transfer modes (Ultra DMA in our case) stepwise all the way down to slow PIO (parallel IO) mode in steps if six or more timeout or CRC errors are seen. By going to Computer Management/Device Manager I could see that the boot drive C: was in PIO mode. Apparently GMER hit the disk hard enough (combined with the age of the machine) that it had enough drive errors to lower it to PIO mode.

How get it back to Ultra DMA mode: from Device Manager right click on the offending IDE channel (drive 0) in my case, then select Uninstall. Now restart. Sounds scary, but it's not because it does actually reboot OK. After it starts, it will ask you to confirm changes and it will restart again. Problem solved.

This process and a full explanation of what is happening can be found at:
http://support.microsoft.com/kb/817472 - don't bother with the hotfixes, they apply to earlier SP's, I had SP3. The section marked 'workaround' is the one I used.

I don't think I'll be using GMER on that particular machine again, but I've used it on other machines - no rootkits.

Monday, August 8, 2011

New Installer for NetScanTools Pro v10 Demo

Yes, I know your question - where is the v11 demo? not done yet.

For years we've been using the old Wise 9 Standard Edition Installer. As of today there is one less thing using it: the NetScanTools Pro v10 Demo now uses Inno Setup. This is a great installer and it produces an install file that's 7MB smaller than Wise while accomplishing the exact same thing.

I'll be converting the Pro v11 installer to Inno Setup soon. A little more involved than the demo, but not impossible. Once that's done, the only thing using Wise will be the patch for the USB. I don't have a good replacement for that yet. Suggestions?

Thursday, August 4, 2011

Changes coming in Packet Generator

Changes are coming to NetScanTools Pro v11 Packet Generator that will help you do QoS testing. Lots of work has gone into changing the interpacket timing algorithms so that the leading edge (beginning) of a packet is as close as possible to the timing you have entered. For instance, if you have entered a 10ms packet interval (interpacket timing), Packet Generator now puts the packets out at the desired interval with microsecond resolution.

This new algorithm will be applied to all packet types, TCP, UDP, ICMP, CDP and RAW. It is best used for sending UDP packets because if you are thinking VOIP or video that's where things like jitter and packet delay variation are important.

Other changes to Packet Generator include the removal of that floating status window - it caused timing delays due to updating the window. The new packet burst mode is now operational where if you put the packet delay at zero (0), it sends a burst of packets defined by the number of duplicated packets to send out to the target. This burst mode sends the packets as fast as the interface can send them.

Both accurate interpacket timing and burst mode can be helpful in termining the location of bottlenecks and poorly performing devices.

A couple other things are being added to Packet Generator before release - and there was one bug that was fixed which affected users that have more than one outgoing interface.

Tuesday, August 2, 2011

New NetScanTools LE Video

I posted a fairly detailed overview of NetScanTools LE (Law Enforcement edition). Please have a look:

http://www.youtube.com/watch?v=7npesBKfMoc