Wednesday, January 22, 2014

Managed Switch Port Mapping Tool v2.23 (and v2.22) released Jan 20, 2014

These two releases are pretty important and the difference between v2.22 and v2.23 is literally one line of code thanks to an astute observation by a customer. That one line of code prevents a warning message that might appear if you were mapping a Cisco switch (like the customer's Catalyst 4506) where default VLAN 1 is not used but other VLANs are used.

The focus of v2.22 was in two areas:
1. managing the size of the history database. This database is filled with the results of every completed switch mapping. Over time it can get quite large - especially if you are using Switch List mode. So new tools were added in left panel/Review History to allow you to clean the database by date and compact it manually. The size in bytes (and MB or GB) of the history database is also now shown:

If you press Delete Results by Date, you can choose to remove data from the history database older than a certain time.

2. The second area was in the command line operation: we added options to do the same things as you see above from the command line.

You can download v2.23 from

Here are the complete list of changes in both versions.

2.23 January 20, 2014
-Fixed minor problem where a Warning message ("The switch did not respond with mapping from bridge ports to ifIndex...") might appear on Cisco switches. The switch was mapping correctly and the warning did not need to be shown - it only occurred if VLAN 1 was not used at all.

2.22 January 17, 2014
-Switch List Editor (important fix): corrected problem with the 'move up' control. Previously, it was copying the data from the device 2 field to both the device 2 and device 1 fields as it moved the selection up in the list. This made a switch list mapping not work correctly because the device 1 field may not be in the switch configuration list.
-Command Line: Added new option to compact all databases.
-Command Line: Added new option to delete data older than a user specified number of days from the history database.
-Review and Search Historical Switch Mapping Results: Added box showing current History Database size.
-Review and Search Historical Switch Mapping Results: Added Delete Results by Date button which gives a method of deleting old results from the History Database.
-Review and Search Historical Switch Mapping Results: Added Compact Database button.
-Review and Search Historical Switch Mapping Results: Fixed problem deleting selected results where an SQLite error would occur deleting from the dot1dBasePortIfIndex table.
-Database Maintenance: Compacting function has been extended to include history database.
-Database Maintenance: Warnings have been added if you try to erase the settings, SNMPdevices and switchConfig tables.
-Support mode event recording expanded.
-Corrected SQLite problem recording the switch list name to the support mode database after completing a switch list mapping.
-Web browser message about duplicate hostnames now suppressed using no error messages command line option.
-Improved speed of writing to history database by removing an unused index.
-SNMP Device Settings: Edit box prompts have been added.
-Updated MAC address/Manufacturer database.

Wednesday, January 15, 2014

How to send SNMP Traps from a Netgear GS724T switch

Getting your Netgear GS724T switch to send SNMP Traps requires several steps beyond the obvious enabling of traps and defining where the traps are being sent to. Here are the steps. This procedure works with Software Version or .10.

Use your web browser to connect to the switch. Enter the password to login. The default password is password

1. Make sure you turn off the Port Authentication settings you may have enabled.

1a. Security\Port Authentication\Advanced\802.1X Configuration: "Disable" all options, then click apply (lower right corner of window).

1b. Security\Port Authentication\Advanced\Port Authentication: Select all ports and set Port Control = "Auto", then click apply.

2. Security\Traffic Control\Port Security\Port Security Configuration: Click Enable, then click apply.

3. Security\Traffic Control\Port Security\Interface Configuration

a. Select all ports
b. Port Security = "Enabled"
c. Max Allowed Dynamically Learned MAC = "600"
d. Max Allowed Statically Locked MAC = "20"
e. Enable Violation Traps = "Yes"
f. Click Apply

4. Enable Trap Flags. System\SNMP\ SNMPv1/v2\Trap Flags: select the trap types you want to be sent, then click apply.

5. Select the trap destination IP addresses. System\SNMP\ SNMPv1/v2\Trap Configuration: Enter the receiver's IP address, version of SNMP, community string and enable, then click Add, then Apply in the lower right corner.

6. Your switch should now be sending traps. You do not have to reboot it.

You can test whether the traps are being sent or not by using Wireshark on the receiving machine and look for SNMP trap packets (use the filters). Disconnect and reconnect an active device on the switch to force it to send link up/down and mac address change traps. You can also review the trap log by going to Monitoring\Logs\Trap Logs:

This was not an intuitive procedure, I will not take credit for it - the procedure came from their Tech Support - but it does work - have fun with it!

Monday, January 6, 2014

Duplicate IP Address Scanning

Duplicate IP addresses sometimes occur on an IPv4 network subnet if a device is added that already has a static IP address assigned to it. Operating systems like Windows can detect this, but this detection normally happens when the OS is starting up. If a duplicate occurs, ARP reply packets return to a sender (who send ARP discovery) from two sources, both with the same IP but with different MAC addresses. We have a tool in NetScanTools Pro that can scan your whole subnet and look for duplicate IP responses. It will show the MAC address, Interface Manufacturer and Hostname of the duplicate devices.

Here is an example of what happens when a duplicate is found:

Demonstration Video:

This tool is quick and easy to use, you simply enter the IP address range, select the WinPcap compatible interface that is found in the IP address range and start it. If you have a large range like a 10.x.x.x, it may take a long time to complete and I would suggest breaking the range up into ranges where you know devices exist.

To learn more about the Duplicate IP Address Scanner tool and to download a demo with this tool fully active, please visit this page