Thursday, November 5, 2015

New Switch Port Mapper Videos

We've added a bunch of new videos showing how to use various functions of the Managed Switch Port Mapping Tool.

Please visit:

Tuesday, September 8, 2015

Managed Switch Port Mapping Tool v2.55 released

On Friday, Sept 4 we released version 2.55 of the Managed Switch Port Mapping Tool. It improves the wording on new dialogs introduced in v2.54. It also adds a new Used Ports section to the webpage reports.

If you have the installed version, click on Help/Check for Update or visit to download v2.55. If you have the USB version, click Help/Check for Update to for a link to the upgrade patch.

Thursday, August 27, 2015

August Newsletter

Our August Newsletter is ready. It talks about the recent releases and we mention the upcoming Managed Switch Port Mapping Tool 2.54 and NetScanTools Pro 11.72. Those will be done very soon.

Please visit:

Have a great end of summer!

Thursday, August 13, 2015

How I installed Windows 10 on an old Dell Inspiron 1520 laptop

Windows 10 Pro retail release on a 9 year old laptop? yes. It can be done. But it wasn't easy.

Where I started from:
The Inspiron 1520 has 4GB ram, a 2Ghz Core2 Duo, a SanDisk Ultra II SSD and it had 32 bit Windows 7 which was an upgrade from the original Vista 32.  I cloned the SSD to another hard drive before getting started. I used a Windows 10 32 bit ISO burned to a DVD. For tries 1 and 2, I used WiFi to access the internet.

1st try - everything seemed to go well, I let it download updates to the install. But then it got to the first reboot. It hung on the light blue window logo with the spinning dots. After half an hour I manually rebooted it and it gave this message "0xC1900101 - 0x20017 The installation failed in the SAFE_OS phase with an error during BOOT operation". Windows 7 was back, so I tried again.

2nd try - similar to the first (I allowed updates). The reboot phase was different this time - no logo with spinning dots. There was a cursor. Window 7 did come back to life.

So I did some fruitless research and found that the error message might be related to a driver. So I did things differently on the third and final try.

3rd try - this time I flipped the switch that turned off WiFi, plugged in an Ethernet cable (for Windows activation) and Bluetooth and I told the installer not update before installing. It worked. After the first reboot I got the large circle showing upgrade progress. Then finally I got to "Hi there, welcome back!" and finished the upgrade. But I wasn't done - read on.

Windows 10 was showing the desktop in 1024x768 mode instead of the native 1440x900. Display settings would not allow me to go that high, so I unplugged the Ethernet cable and switched on WiFi. Then I downloaded the updates. After rebooting the NVidia driver was active and gave me the option to go to 1440x900.

Next, I started going through apps to check compatibility. NetScanTools Pro, the Managed Switch Port Mapping Tool and related products worked normally as did iTunes and Office 2007. But SanDisk SSD Dashboard 1.4.1 hung on startup and consumed 98% of CPU time no matter what I did. Obviously SanDisk has some work to do.

Later I went into the Startup tab of Task Manager to disable old unused drivers - that speeded up boot time and stopped a crash message on power down.

It wasn't easy, but I now have Windows 10 Pro 32 bit running. I would really like to get x64 running on it instead. Another time.

Here are screenshots of the System window and below it is the CPU-Z.


Friday, July 31, 2015

July Newsletter Ready

This newsletter covers the recent NetScanTools Basic 2.4 and Managed Switch Port Mapping Tool 2.53 releases along with Windows 10 compatibility. Have a good summer!


Wednesday, June 24, 2015

How to use Remote Desktop to access Windows Server 2012 from Windows 7 with TLS 1.0 Disabled

After securing a Windows Server 2012 box with TLS 1.0 disabled per PCI-DSS 3.1 requirements, I found that I could only connect to it through Remote Desktop (RDP) from a Windows 8.1 or Windows 10 client.

The problem was this: all attempts to connect through the LAN via Remote Desktop from Windows 7 were met with "This computer can't connect to the remote computer. Try connecting again...etc."

The Server 2012 Standard (not R2) computer is running the most simple Remote Desktop mode accessed through Computer/Remote Settings as shown below.

I went through rabbit trails with firewall settings, Remote Desktop Services (which I did not install) turning on and off the 'Allow connections only from computers running Remote Desktop with Network Level Authentication', using Select Users - none of them worked.

During extensive searching I ran across a some discussions of TLS and RDP on Windows 7. I found that we had RDP 7.1 on the Windows 7 sp1 computer and RDP 8.0 was an optional download through Windows update. RDP 8 apparently has support for later TLS versions beyond the disabled  TLS 1.0. RDP 8 for Windows 7 is discussed here:

Solution: After installing the KB2592687 update (an optional update in Windows update), rebooting and installing even more updates triggered by that update, RDP 8.0 client was installed and connected normally to the Windows 2012 server.

There is also an RDP 8.1 client only update KB2830477 that I may install later but for now I can Remote Desktop in to the Server 2012 box from Windows 7 without any apparent problems.

More info on RDP 8.1 for Windows 7 including prerequisites:

Monday, June 15, 2015

NetScanTools Pro v11.70 released on Friday, June 12, 2015

Version 11.70 was long overdue but we made many changes and added a new tool called the DNS Traffic Monitor. This new tool shows you the percentage of query allocations or loading experienced by each default DNS assigned to your system. It also shows you any outgoing DNS queries to DNS that are not in your default list.

This release completes the transition of moving all the code to VC2012. The next move will be to VC2015 when it is finally released. All development has now been transitioned to Windows 8.1. It may be one of the last releases to support Windows XP.

Additionally, each separately launched tool has been changed to conform to a new look and feel. The DNS Traffic Monitor is one example of the look - here are a couple others:

Passive Discovery

SNMP Scanner
The demo version will be updated to 11.70 soon. If you have an active maintenance plan you can get 11.70 by clicking on Help/Check for New Version.

Wednesday, June 10, 2015

Win10Pcap - a WinPcap fork

Today Gerald Combs graciously forwarded me an announcement about a new fork to WinPcap called Win10Pcap based on NDIS 6. I immediately tested it with Wireshark and NetScanTools Pro.

Since this fork uses a different kernel mode driver name - ie, NOT npf.sys, Wireshark shows the popup message "The NPF driver isn't running. You may have trouble capturing or listing interfaces.". However, even though this message shows Wireshark will run because Wireshark loads packet.dll and wpcap.dll - these two DLL interfaces are unchanged (the WinPcap SDK interface is supposedly unchanged) so no matter what the driver is called, it starts. So, yes, Wireshark 1.12.5 appears to run with this fork of WinPcap.

That brings me to NetScanTools Pro. Not only does NetScanTools Pro capture packets (like Wireshark), it also sends packets. I tested the ARP, Ping and Traceroute tools that depend on WinPcap for sending packets. They appeared to work OK.

I was just about to release NetScanTools Pro 11.70, so I was able to make my test for active running npf.sys also test for the new service name - so that means NetScanTools Pro will be able to detect either the official WinPcap 4.1.3 and successors or this new fork.

Note that old WinPcap 4.1.3 DOES WORK FINE on later releases of Windows 10 builds based on NDIS 5. So it's your choice as to whether you need to use this new fork.

You may download this new WinPcap fork from however, since they use GPLv2 instead of BSD license as WinPcap has historically done, we will not be including the installer with NetScanTools Pro.

Congrats to the author of Win10Pcap! (but what happens to the name when Win 11 is released?)

Wednesday, May 13, 2015

Managed Switch Port Mapping Tool v2.52 Released on May 11, 2015

We've had some occasional problems with strange (non-printable) characters appearing in the CDP and LLDP fields - it was thought to have been fixed in a previous release but apparently not, so we addressed that in this release. Those non-printable characters occasionally included apostrophes or double quotes which completely messed up (technical term) the SQL commands, so an SQLite database error popped up. In LLDP you will now always see hex characters in the MAC Address and Network Address fields and in CDP 'Port (ifName) and Device ID will either show a printable string or hex characters - both are valid.

We also changed LLDP and CDP retrieval phases to be more responsive to user input.

Speaking of strange, non-printable characters, the new SNMP Walk Tool used for support would also occasionally show strange characters. That has been fixed too.

More minor report changes and we updated also SQLite to the latest version along with the MAC address/manufacturer database.

Please visit to download this new release.

By the way, this version works on Windows 10 Preview 10074.


Friday, April 24, 2015

Updated: Wireshark and WinPcap 4.1.3 on Windows 10 Enterprise Build 10061

This release of Windows 10 Enterprise Technical Preview Build 10061 seems to run the 'old' WinPcap just fine. Whatever was broken in 10041 was fixed - I wonder: was NDIS backwards compatibility restored? I don't know, but it works. At least for now. With the rumored final Windows 10 release coming in July 2015, things had better start to get finalized soon. That means networking too.

So for now, Windows 10 build 10061, seems to capture packets fine with Wireshark 1.12.4 and old 4.1.3 WinPcap release. WinPcap also sends customized packets correctly from NetScanTools Pro v11. We'll see what the next build does.

Update June 5, 2015: WinPcap 4.1.3 also runs on build 10130.


Tuesday, March 24, 2015

Updated: WinPcap and Wireshark problems on Windows 10 Tech Preview 10041

Update June 5, 2015: WinPcap 4.1.3 works on build 10130.

Update May 13, 2015: WinPcap 4.1.3 began to work again in Windows 10 preview 10061 and continues to operate in 10074. Hopefully, this trend continues - but I wouldn't count on it. But we still need to encourage Riverbed to update WinPcap from NDIS5 to NDIS6. Work has been done on this at NMAP and has been shared, so it would be great if could expand on that work and release WinPcap fully compatible with NDIS6. Another issue is driver signing: in Windows 10 x64 that really will be changing, so it will be important for WinPcap to be updated before the RTM release - more about this here.

Update 3-27-15: Do you want to use Wireshark on Windows 10? Tweet about this problem! do a post about this issue. Bring it up at Sharkfest in June.

Update 3-26-15: This has been confirmed by others and a thread has been started here:
I will be posting about it on twitter:

Up until release 10041 all Windows 10 Tech Preview versions have appeared to run WinPcap 4.1.3 without a problem. Even the last version 9926 worked OK, but now we have a problem - a big problem.

About the test machine: Shuttle xpc, quad core cpu, 8GB RAM. Host OS is Windows 7 x64. Windows 10 x64 Enterprise 10041 is a guest OS running inside VirtualBox 4.3.26 r98988. Network Adapter in the VM is in Bridged mode. Physical network adapter in the Shuttle is Generic Marvell Yukon 88E8056 based Ethernet controller.

Here's what I did...and what happened...
On March 23 I upgraded 9926 to 10041 and then installed Wireshark x64 v1.12.4 from Everything installed fine and WinPcap installed normally. I fired up Wireshark and got the message "No interface can be used for capturing in this system with the current configuration.". Pressing the Refresh Interfaces button did not fix it.

I know that Wireshark checks the status of the NPF driver before getting that far, so I thought maybe I should verify it manually in a Command Prompt. You can see that the Service Control Manager says it is RUNNING.

NetScanTools Pro. Since I wrote it, I know what checks are done where. I know that it loads wpcap.dll and packet.dll and checks the status of the NPF driver. So far so good. I go to the ARP Scanner (it uses WinPcap to send and receive packets) and pressed Do ARP Scan. I got this message. The arrow is pointing to a message that comes directly from WinPcap itself: "No interfaces found! Make sure libpcap/WinPcap is properly installed on the local machine."

I know exactly which function call returned that message: pcap_findalldevs_ex

pcap_findalldevs_ex is what you call to find all the WinPcap compatible interfaces on the system. If it fails, you're done. I poked through the Wireshark code and they are calling it too most likely on start.

Where do we go from here?
Obviously Microsoft changed something. Did they change NDIS? Or something else?

I've tried all the obvious things - changing compatibility mode, running the programs as administrator - nothing works. A driver expert (which I am not) needs to dive into the WinPcap code and figure this out - and soon!

If nothing is done Wireshark, nmap, NetScanTools Pro and any other apps depending on WinPcap for capturing and sending packets will not operate on Windows 10 if the changes Microsoft made are permanent.

What is your experience? has anyone else tried Wireshark on Windows 10 Enterprise 10041? Win10 has always worked on VirtualBox - has anyone tried Wireshark on Win10 in VMware or native boot?

Wednesday, March 11, 2015

Ways programs are quietly started at Windows startup time.

Have you ever wondered where to find the places that start up a program when Windows starts?

Here are three places you may not be aware of:

Start Menu.

This is the Startup folder that was in the Start menu on older versions of Windows. It's still there on Windows 8.x.
c:\ProgramData\Microsoft\Windows\start menu\programs\startup


32 and 64 Bit Windows

64 Bit Windows only (32 bit apps are in here)

Windows Task Scheduler. (Control Panel/Administrative Tools/Task Scheduler)

Windows 8.x/7: Expand the left panel - Task Scheduler (Local)/Task Scheduler Library/Microsoft/Windows/TheAppOfInterest

I hope this helps next time you are trying to locate where a program is being started when you start Windows.

Tuesday, March 10, 2015

Solving Serious WinPcap Installation Problems

This post will address some serious WinPcap problems our customers have seen on Windows 8.1. While they are not necessarily unique to that version of Windows, these problems may also occur on other Windows versions as well.

Applicability: This discussion is limited to the current WinPcap 4.1.3 release and is intended for users of Windows 7, 8, 8.1.

Related Blog Post:
WinPcap Installation, Status and other Tips

Common Symptoms:
  • WinPcap 4.1.3 official installer hangs at 'extract: Packet.dll' or similar.
  • Wireshark gives this message on startup "The NPF driver isn't running. You may have trouble capturing or listing interfaces."
  • NetScanTools Pro gives a message that WinPcap is not found or if it is found NetScanTools Pro locks up when you run a tool that uses WinPcap.
  • Windows locks up when you run software that uses WinPcap forcing you to do a power cycle reboot.

Where to start:
The first thing to do is find out if any or all of the three major components are installed and their versions.

1. Using File Explorer, find out if this file exists: c:\Windows\system32\drivers\npf.sys. If so, right click on it and make note of the version number. Version 4.1.3 shows up as (don't ask me why).

2. Search your hard drives (especially drives where programs are installed) for both wpcap.dll and packet.dll.

Right click on EVERY DLL found, do Properties/Details and verify that you see (4.1.3).

These are the only acceptable locations for 'public' WinPcap DLLs on a 64 bit Windows system:
c:\windows\system32\wpcap.dll (64 bit version of DLL)
c:\windows\SysWOW64\wpcap.dll (32 bit version of DLL)
c:\windows\system32\packet.dll (64 bit version of DLL)
c:\windows\SysWOW64\packet.dll (32 bit version of DLL)

These are the only acceptable locations for 'public' WinPcap DLLs on a 32 bit Windows system:
c:\windows\system32\wpcap.dll (32 bit version of DLL)
c:\windows\system32\packet.dll (32 bit version of DLL)

Did you find any other instances of wpcap.dll and/or packet.dll on your system? if so, that's huge red flag. One of our end-users running Windows 8.1 64 bit experienced all of the Common Symptoms above and he found WinPcap version which is actually WinPcap Pro AKA WinPcap OEM in a Netgear ReadyNAS Remote program directory.

Here's why it could be a problem: is WinPcap Pro. When a program loads the WinPcap Pro wpcap.dll and packet.dll, it creates a version of the winpcap driver 'on-the-fly' in system32/drivers and runs it. WinPcap Pro was intended for use on systems where WinPcap is not installed, so at least on Windows 8.1 with ReadyNAS Remote, there is apparently interference between the two types of WinPcap. (other special WinPcap Pro/OEM versions you might find:,,,,,,, WinPcap Pro was discontinued by Riverbed before Windows 8 was released.

Our end-user tried to stop WinPcap with 'sc stop npf' and got 'stop-pending' status which meant it was in use. Then if he rebooted and did a 'sc queryex npf', it said npf was stopped, however, if he did 'sc start npf' it said an instance of npf is already running. Very confusing and definitely not what you would expect to see.

Solution that worked for the end-user:
The end-user stopped the ReadyNASRemote.exe process in Task Manager, then renamed ReadyNASRemote.exe to something else, then rebooted. That worked because the program could not start at boot time and therefore did not load it's special WinPcap Pro.

Next, we had to find out where ReadyNASRemote was being started from at boot time. It was not in the registry HKLM or Windows Task Scheduler. It was being launched using a shortcut under c:\ProgramData\Microsoft\Windows\start menu\programs\startup.

Once it was stopped the end-user could remove the official 'public' DLLs from the locations in Step 2 above and force a reinstall of WinPcap 4.1.3 public edition without a problem. We do not know which exact version of ReadyNASRemote this user had installed - he determined that he did not use it, so he uninstalled it before I found out.

Generalized Procedure assuming wpcap.dll and packet.dll are found elsewhere:
  1. Find any WinPcap DLLs that are not in their normal places and figure out which executable is using them (check Task Manager for those exes in the same directory as the WinPcap DLLs).
  2. Stop the offending executable process from Task Manager and rename the exe to something else (or find out where it is being started from and disable the starting process).
  3. Reboot.
  4. Remove the official WinPcap DLLs from system32 and SysWOW64 (carefully! do not remove the npf.sys) no matter what version they are.
  5. Reinstall the official WinPcap version from
  6. Verify WinPcap is running using administrative Command Prompt 'sc queryex npf'.
  7. Start Wireshark or NetScanTools Pro and confirm normal operation. (If Wireshark hangs at configuration 100%, review topic 5 here.)
  8. Now you have to decide if you really want to keep the offending program that was using it's own private WinPcap - that's up to you.

The next blog post will deal with the situation where you did NOT find any other out-of-place instances of wpcap.dll and packet.dll.

Monday, March 9, 2015

WinPcap Installation, Status and other Tips

WinPcap is an essential packet capturing driver for many programs, especially Wireshark and also our own NetScanTools Pro. I have been working with a few of our customers who have had problems getting it installed and properly running on Windows 8.1. What I've done here is gather together a few important tips that you can use to make sure it is running.

This post is current as of WinPcap 4.1.3 and is written from the perspective of Windows 7, 8.1 and 10.

1. How do you tell if WinPcap is installed?

Quick check: WinPcap will show up in Control Panel/Programs and Features. This is not a guarantee that it is properly installed or running.

Detailed check: WinPcap has three main components. Here is where to find them on a 64 bit Windows operating system:

  1. c:\windows\system32\drivers\npf.sys (this is the actual kernel mode driver)
  2. c:\windows\system32\packet.dll (64 bit version of DLL) and c:\windows\SysWOW64\packet.dll (32 bit version of DLL)
  3. c:\windows\system32\wpcap.dll (64 bit version of DLL) and c:\windows\SysWOW64\wpcap.dll (32 bit version of DLL)
All DLLs and the driver should be showing version which is really 4.1.3 (go figure).

2.  How do you tell if WinPcap is running?

The WinPcap driver does not show up in the list of services accessible through Control Panel/Administrative Tools/Services - but you can find out another way.

Start up a Command Prompt using Run as administrator and enter the following command that shows the driver configuration:

C:\WINDOWS\system32>sc qc npf
[SC] QueryServiceConfig SUCCESS
        TYPE               : 1  KERNEL_DRIVER
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : system32\drivers\npf.sys
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : NetGroup Packet Filter Driver
        DEPENDENCIES       :

Make a note of the START_TYPE, we will discuss that later.

This command shows the actual WinPcap driver state, whether running or stopped:

C:\WINDOWS\system32>sc query npf
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

3. How do you start WinPcap?

From an administrator Command Prompt, enter this and look at the STATE to make sure it is running:

C:\WINDOWS\system32>sc start npf
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :

4. How do you stop WinPcap?

From an administrator Command Prompt, enter this and look at the STATE to make sure it is stopped. If it does not stop, you need to exit any programs using it.

C:\WINDOWS\system32>sc stop npf
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

5. Some people have trouble starting Wireshark, it starts to load OK but stops at Configuration 100%. What can be done?

Remember the START_TYPE entry from number 2 above? It needs to change. From an administrator Command Prompt, enter this command then reboot your system, then try Wireshark again. The space after start= is required.

C:\WINDOWS\system32>sc config npf start= delayed-auto
[SC] ChangeServiceConfig SUCCESS

6. How can I tell which program is currently using WinPcap?

That can be a little difficult, but if a program is actively using WinPcap there is a way to find out by using Sysinternal's Process Explorer.

  1. Download Process Explorer and run it from here:
  2. Make sure npf is running.
  3. In Process Explorer, click on Find menu/Find Handle or DLL
  4. Enter wpcap or packet and press Search. If NetScanTools Pro is running, it shows nstpro.exe, PID, DLL and C:\Windows\SysWOW64\wpcap.dll - in other words, if a program is actively using WinPcap, it will show up there.
I hope these WinPcap tips help you, please let me know if you have any others to share.


NetScanTools LE v1.52 Released on March 6, 2015

The latest release of NetScanTools LE (designed for Law Enforcement) was ready on March 6, 2015.

Version 1.52 makes operational changes to Port Scanner/Scan Common Ports to scan only the current protocol type selected, ie. TCP, UDP or TCP+UDP. Previous versions scanned using the whole list, TCP+UDP regardless of the selection.

Whois has improved support for IPv6 and the ability to get whois information for the new top level domains was greatly expanded.

We tested it on Windows 10 Enterprise version. Everything operated normally as far as we could see.

WinPcap: only one part of NetScanTools LE uses WinPcap - the Packet Capture Tool. Due to recent issues customers have had with WinPcap on Windows 8.1, we decided to add in a test to make sure WinPcap is installed and running. If npf.sys is not running you will not be able to launch the Packet Capture Tool.

We updated SQLite to v3.8.8.3 and also updated the database files.

Please visit to get the latest version. You may install it over previous versions.

Thursday, January 29, 2015

Managed Switch Port Mapping Tool v2.42 released on January 22, 2014

A few days after releasing 2.41 I found out that if you start the Switch Port Mapper with an empty history database (as a new user would), you would see this error message "SQLITE_ERROR[1]: duplicate column name: voiceVlan". This was due to a problem in the creation of the new Voice VLAN column introduced in 2.41. It worked fine if you already had data in the history database.

Version 2.42 corrects this - new trial users take note! We also took the opportunity to update SQLite to version and update the MAC address to manufacturer database.

Please upgrade to v2.42 by clicking Help/Check for Update or by visiting


Thursday, January 15, 2015

Managed Switch Port Mapping Tool v2.41 Released

Managed Switch Port Mapping Tool Version 2.41 was released on January 14, 2015.

This is an important upgrade if you use this software with Cisco Switches. There are two changes you need to be aware of: First, we improved VLAN reporting for unused ports on Cisco switches. Secondly, we added a new optional Voice VLAN column that currently supports Cisco switches only - because this column is new you will have to go into Settings and Tools/Column Order and Visibility Editor to add the column and to put the columns back to your personal preference - we had to reset the order to add the new column. Changes were made to better support Enterasys switches.

Please use Help/Check for Update or download from and install over your current 2.x. The USB version patch will be ready very soon.

Friday, January 2, 2015

Hi-DPI Displays and NetScanTools Pro

The last couple of years have seen the release of Hi-DPI displays primarily on laptops. The displays we have run into are typically running 3200x1900. This is something new to Windows and it causes problems with the menus and results areas of many programs including NetScanTools Pro.

To address this issue we added a new NetScanTools Pro Help/Preferences item called Menu and Left Panel Font Scaling. It gives you 6 options for scaling the text of those items.

However, we recently found out about another way to change the menu and left panel fonts under Windows 8.1. If you right click on the icon or link and select Properties you can select the Compatibility tab. Next check the box labeled 'Disable display scaling on high DPI settings'. This will fix the menu text and icons, but the results text may be too small. Fortunately there is an easy fix for this - go to Help/Preferences and press Change Font in the lower right corner - make the font larger than the default and you should have no problems reading the results areas in NetScanTools Pro.

USB Flash Drives suitable for End User Install

As you may or may not know both NetScanTools Pro and the Managed Switch Port Mapping Tool can run from a USB flash drive. We can supply the software on a suitable drive or, as the title implies, you can install the software on your own USB flash drive.

In order to install on your own flash drive, we have two basic requirements.

Your USB Flash Drive must be a 'removable' flash drive.

We are talking here about the tradition of the drives showing up as ‘removable’ on a Windows computer. Windows 8 changed all that.

Windows 8 certified USB Flash Drives appear as type ‘Local Drive’ (fixed disk/hard disk) as opposed to the traditional type ‘Removable Disk’. The effect of this is that any software that expects to be running from a removable disk (USB Flash Drive) will not work properly if the USB drive appears as a fixed disk. That includes both NetScanTools Pro USB Version and the Managed Switch Port Mapping Tool.

The difference is apparently the state of a bit or bits in the USB flash drive controller. Some manufacturers have a utility to flip this bit and others just put out Windows 8 certified drives in addition to their standard design flash drives.

The USB’s we use are Windows 8 Compatible which means it appears as a removable flash drive – and they are also USB v3 in addition to USB v2 compatible. Look carefully at the packaging Windows 8 logo or the online description and check the wording when they talk about Windows 8. 
You can tell the state of your USB Flash Drive by opening File Explorer and right clicking on the flash drive and selecting Properties. Look for Type: Removable Disk on the General tab. That’s what you want if you are using our software on a USB flash drive.

Your USB Flash Drive must be serialized with a hardware serial number.

This is usually not an issue but we have run into one end user's drive that was not serialized. If you want to confirm that it is serialized, there is a utility from Microsoft called UVCViewx86.exe that will show all connected USB devices including the serial number. It is older and works on everything from Windows XP through 8.1 - there is a newer one called USBView that works only on newer operating systems. Your flash drive must be serialized.

Those are the only two requirements we have for putting the USB versions of our software on your flash drive.

NetScanTools Pro v11.63 released on December 9, 2014

This release had improvements in three areas:
1. Packet Generator. Mostly in the Packet Player (button is on lower right section of Packet Generator window) - it now saves the paths to recent packet captures you have played previously and there is now a status window. Be aware that once you start a playback you cannot stop it. TCP, UDP, ICMP, and RAW manual packet definition windows now show the length of the data portion of the payload and it now makes a definite check against the actual MTU of the sending interface.
2. SSL Certificate Scanner. The SSLv3 POODLE vulnerability issue is now addressed by showing you new columns with connection types SSLv2 through TLS 1.2. The server you are connecting to is tested to see if it accepts all types and the results are displayed in the new columns.
3. SNMP Core and Advanced have some changes including buttons to go between the two tools rapidly and improvements to the OID selector.

If you have an active maintenance plan you can click on Help/Check for New Version. The links to download the software are in the embedded IE window on the right side of the program. The installed version has a full installation and the USB version uses a patch.


Happy New Year!

Happy New Year!

My New Years Resolution is to post more often on this blog. I haven't posted since August, so I'm going to do a couple posts today.