tag:blogger.com,1999:blog-17405505641481202372024-02-19T17:06:34.851-08:00NetScanTools® Inside OutA look at all things to do with NetScanTools® Products. Inside you will find tips and comments about using our programs and even off topic comments.Unknownnoreply@blogger.comBlogger284125tag:blogger.com,1999:blog-1740550564148120237.post-26590112481771510142020-05-08T10:11:00.000-07:002020-05-08T10:11:28.940-07:00NetScanTools Pro 11.91<b>Release 11.91 was posted on May 6 (installed) and May 7 (USB patch).</b> It has fixes for Packet Flooder and Ping Scanner plus some improvements to Packet Player and PingTrend.<br />
<b></b><br />
<b>Packet Flooder.</b> Ok, so over the last few months I had reports of the gauge and graph not working and also the new automatic flood mode not working. All reports were from outside the US. Clue #1 - non English Windows OS. By working with one of these customers I figured out why: performance counters are localized to the user's language. Oops. I was accessing three of them to populate the gauge and graph. I was using the English language names of the counters which did not exist in non-English OS's. So I changed it to access the counters by numerical index, then convert that index to the localized name and access the counter I needed by interface name. These are the same counters used in Performance Monitor and Task Manager (pdh.lib for you programmers).<br />
<br />
Other fixes were minor but important and a new feature called 'Run Action' was added. This allows the normal run until stop is pressed and also allows a new timed mode where you specify how many seconds you want it to run.<br />
<b></b><br />
<b>Ping Scanner.</b> The problem here was two-fold. If you scanned a range of IPs outside your subnet and had Do Local ARP Scan checked, it took a long time. And it could be a very long time. The software appeared to hang even though it was not hanging up. The 'SendArp' API function tries to send the ARP packet even though the target is not local - I consider that a flaw. That was fixed by making sure the target is local. The other problem was the Do SMB/NBNS - it would be very slow if your own IP address was in the IP range. Again, easily fixed by skipping your own IP.<br />
<br />
<b>Packet Player</b> (found by going to Packet Generator and clicking the button in the lower right) has a new feature that repeats sending the packet stream indefinitely until Stop is pressed. However, note that the Stop button can only be polled after the current packet capture stream is sent. It also automatically loads the last selected packet capture stream into the display grid on startup.<br />
<br />
<b>PingTrend</b> has a new checkbox for setting the DF (don't fragment) flag in the IP header. If you do that, be careful because if your data section size exceeds the MTU less the headers, nothing will be sent. I also increased the accuracy of the reported time between packets.<br />
<b></b><br />
<b>How to get 11.91.</b> If you have an active maintenance plan you can download the 11.91 full installer or USB patch by clicking on Help menu/Check for New Version and following the instructions.<br />
<br />
The maintenance plan is currently discounted. Click on Help menu/Maintenance Plan Renewal to see the new pricing.<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-57578407262993214732018-12-31T10:07:00.000-08:002018-12-31T10:07:06.662-08:00Happy New Year!Happy New Year!<br />
<br />
<b>Current software versions</b><br />
<b></b><br />
NetScanTools Pro 11.86.1<br />
Managed Switch Port Mapping Tool 2.82<br />
NetScanTools LE 1.63<br />
NetScanTools Basic 2.52<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-24875322308294707562018-02-09T10:07:00.000-08:002018-02-09T10:08:02.160-08:00NetScanTools Pro 11.84 Released Jan 25, 2018<b>The big news about release 11.84 is SMB Scanning.</b> Back in May 2017 during Wannacry we had several people check out the Network Shares - SMB tool and ask if it scanned specific devices by IP address. It does not really do that since it uses only NetBIOS, so I set about to make a tool that does these things:<br />
<ol>
<li>connect to NetBIOS Name Service and grab the 'Windows computer name' and MAC address.</li>
<li>connect to SMB port and test the SMB service for supported versions. Every supported version is shown.</li>
<li>show latency.</li>
<li>do this for a list of IPv4 addresses or hostnames. IPv6 will be added in a later version.</li>
</ol>
<br />
Here is an animated GIF showing the new SMB Scanner in action:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQn6dEjsC2f7_M6gdQ5eeJjf631kxcmX6Iej5chwVWcvgsx-GO7AvSvMFDvKW20ZrOJqsHKi1AtDxjDQSDoZCR8_SOcvJvBsQ0KiA4i8xTEPl26s1gpeEMxjOsDwBaVmE5J7NaKjTB5LA/s1600/smb-scanner-v1.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="532" data-original-width="956" height="221" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQn6dEjsC2f7_M6gdQ5eeJjf631kxcmX6Iej5chwVWcvgsx-GO7AvSvMFDvKW20ZrOJqsHKi1AtDxjDQSDoZCR8_SOcvJvBsQ0KiA4i8xTEPl26s1gpeEMxjOsDwBaVmE5J7NaKjTB5LA/s400/smb-scanner-v1.gif" width="400" /></a></div>
<div>
<br /></div>
<div>
You can use the SMB Scanner Tool to see supported SMB versions and check for vulnerabilities based on those supported versions. It identifies SMB 1.0 support in red because we already know it is compromised. <a href="http://www.netscantools.com/nstpro_smb_scanner.html" target="_blank">More about the SMB Scanner.</a></div>
<div>
<br /></div>
<div>
<b>IPv6 improvements</b></div>
<div>
Another important addition is the new multicast Ping button that helps you discover IPv6 neighbors in the Network Neighbors tool. What this button does is ping the link local multicast address and this forces neighbor discovery to happen. The results are then updated after 10 seconds showing all responding link local IPv6 neighbors.</div>
<div>
<b><br /></b></div>
<div>
<b>How to get NetScanTools Pro 11.84</b></div>
<div>
If you already have an active maintenance plan for NetScanTools Pro, click on Help/Check for New Version to login and download the full installer.</div>
<div>
<br /></div>
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-30358416281607210782017-11-10T14:16:00.001-08:002017-11-10T14:16:24.206-08:00Managed Switch Port Mapping Tool v2.78 Released November 8, 2017This release has one new function that has been requested by our users many times: the ability to export the results of a Switch List mapping to XML for easy opening in Microsoft Excel. Here is what it looks like when opened with Excel.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqnAGBmnxKWcpUp4-fSDEX3fbhle7a5aDOuF_4yPOQ-6iPW6YjsXiq0D606yb2e_DRdzrnGyNu3D_usrcQ4yUhbV5Sw8pIv8NiXgrPI_MWqvEq4GTyiMBMFCq7RAL00BVNuT9gomHybaw/s1600/xml-into-excel.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="461" data-original-width="1475" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqnAGBmnxKWcpUp4-fSDEX3fbhle7a5aDOuF_4yPOQ-6iPW6YjsXiq0D606yb2e_DRdzrnGyNu3D_usrcQ4yUhbV5Sw8pIv8NiXgrPI_MWqvEq4GTyiMBMFCq7RAL00BVNuT9gomHybaw/s640/xml-into-excel.PNG" width="640" /></a></div>
<br />
After mapping a Switch List, go to Review History, then select the Switch List and press Export Selected Switch List to XML.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg06X0VCtaYxSUvBLdGfMiRbuKyZv_t7Gx4nobJ7mVs32H6AtIG3mbDVvmJJrvZzgIHR1Ej6qJuhtFuqtL8ZKXn02RUJQp6KMYBB-0FCS5wu64tarjynqABtIXXlBsyZuZ9OXzdka3FORU/s1600/how-to-export-to-xml.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="595" data-original-width="905" height="262" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg06X0VCtaYxSUvBLdGfMiRbuKyZv_t7Gx4nobJ7mVs32H6AtIG3mbDVvmJJrvZzgIHR1Ej6qJuhtFuqtL8ZKXn02RUJQp6KMYBB-0FCS5wu64tarjynqABtIXXlBsyZuZ9OXzdka3FORU/s400/how-to-export-to-xml.PNG" width="400" /></a></div>
<br />
While we are looking at Review History, another thing added in this release was searching of LLDP and CDP fields. See it below.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjneQPZEoruldqoASwprEKYPN6OZUHbHjr94Lf25xjk9fqn2rmmq3Rewp_t1aczUQQxE5LZTlCJCzSwSEqjfHKAyCe2UkGA0h8VpcjOh3-w-_EXh44-eQou8Cfcq6mYX1Neyp5ZRo01EUY/s1600/search-lldp.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="534" data-original-width="900" height="236" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjneQPZEoruldqoASwprEKYPN6OZUHbHjr94Lf25xjk9fqn2rmmq3Rewp_t1aczUQQxE5LZTlCJCzSwSEqjfHKAyCe2UkGA0h8VpcjOh3-w-_EXh44-eQou8Cfcq6mYX1Neyp5ZRo01EUY/s400/search-lldp.PNG" width="400" /></a></div>
<br />
Those are two of the more important changes in v2.78. Here are all the changes. Download v2.78 from h<a href="ttp://www.switchportmapper.com/download.htm" target="_blank">ttp://www.switchportmapper.com/download.htm</a><br />
<br />
<div class="p_Normal">
-New XML export option for Switch Lists from Review History.
When the XML export is opened in Microsoft Excel, each switch results appear as
a separate sheet. Each row in a multi-row port (ports with more than one mac
address) are shown as separate rows in the XML output. Export progress is now
shown on the bottom status bar.</div>
<div class="p_Normal">
-Review History/Searching now has selections for searching
LLDP and CDP for text strings. Searching now defaults to 'Contains' if no
options are selected and the search results shown in the right hand list are a
bit wider. Search results are now shown in descending order - newest at the top.
'RecNo' in the two lists have been changed to 'No.".</div>
<div class="p_Normal">
-Corrected reporting of Switch Operational State for Extreme
Networks switches.</div>
<div class="p_Normal">
-Corrected and removed '00 00' showing in Interface Alias
column for Force10 switches.</div>
<div class="p_Normal">
-Warning is now shown if 10SCAPE export does find LLDP data
for the switches. Switches with no reported LLDP data are shown. Export progress
is now shown on the bottom status bar.</div>
<div class="p_Normal">
-Added new right click menu option to clear both the results
grid and the Switch Info left control panel window.</div>
<div class="p_Normal">
-Improved parsing of MAC and IP addresses from LLDP data.</div>
<div class="p_Normal">
-Added Interface Manufacturer derived from remote MAC address
in LLDP.</div>
<div class="p_Normal">
-Moved four tables from spmap database to working
database.</div>
<div class="p_Normal">
-Updated SQLite to version 3.21.0</div>
<br />
<div class="p_Normal">
-Updated MAC address/Manufacturer database.</div>
<div class="p_Normal">
<br /></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-6004928049773454222017-09-20T09:32:00.000-07:002017-09-20T09:32:31.671-07:00NetScanTools Pro 11.83 Released September 15, 2017<b>This release improves the user experience in several areas and the UI is less cluttered.</b><br />
<b><br /></b>
Back when we started adding tools that depended on WinPcap, a computer typically had one interface that WinPcap could use for receiving or sending packets. That has all changed. VPNs, Virtual Machines and secondary network interfaces can all potentially add WinPcap compatible interfaces and those interfaces all show up in the WinPcap Interface dropdown list. The problem is that prior to v11.83 you had to select the right WinPcap compatible interface or the tool did not work right and you saw a message to select the correct interface. What v11.83 brings is automatic selection of the interface based on the input you give. This applies to a number of tools in NetScanTools Pro like ARP Scanner, Ping, Traceroute and others. You will still have to select the correct interface in many of the separately launched tools like Packet Capture or Passive Discovery because those tools are listening tools rather than 'packet sending/listening' tools.<br />
<br />
Over the past few years typical monitor sizes (pixels HxW) has radically increased. We originally designed NetScanTools Pro to accommodate monitors as low as 800x600 but I personally use a pair of 1920x1080 monitors. I reviewed our web traffic on Google Analytics and found that nobody is using 800x600 or even 1024x768 so this new version of NetScanTools Pro expands the layout of the buttons and other controls on the right side and spreads them out as a first step towards reducing clutter.<br />
<br />
Another annoyance was the 169.254.x.x popup message that appeared on startup, usually if you had Npcap installed instead of WinPcap. The message is gone and 169.254.x.x interfaces are not included in any tool (except those that show interfaces) since they are auto-assigned IP addresses from the operating system and actually not functional.<br />
<br />
Many other changes and they are listed below. If you have an active maintenance plan you can download 11.83 through the Help menu/Check for New Version.<br />
<b><br /></b>
<b>The list of changes.</b><br />
<b><br /></b>
<div class="p_Normal">
-Usability improvement: Tools that depend on selecting the
right WinPcap compatible interface now automatically select the interface based
on the target entered. This includes ARP Ping, ARP Scanner, DHCP Server
Discovery, Duplicate IP Detection, OS Fingerprinting, Ping - Enhanced, Port
Scanner, Promiscuous Mode Scanner, and Traceroute. 'Launched' monitoring tools
still require you to select the interface to monitor.</div>
<br />
<div class="p_Normal">
-Reports now have expanded information regarding the settings
used for these tools (most are in the 'Notes' section of the report): Packet
Flooder, Ping - Enhanced, Ping Scanner, Port Scanner, and Traceroute.</div>
<br />
<div class="p_Normal">
-DHCP Server Discovery now times out quicker if the local port
68 is in use and any network adapters with the IP starting with 169.254.x.x are
not shown in the list because they are inactive.</div>
<br />
<div class="p_Normal">
-Maintenance Plan Expiration and other startup messages that
appear before the main window is active are now force to appear as the topmost
window. This stops the problem of starting NetScanTools Pro and not seeing
anything because a startup message window was behind another window.</div>
<br />
<div class="p_Normal">
-Ping Scanner now includes a right click menu option to use
your web browser to connect with the selected IP address.</div>
<br />
<div class="p_Normal">
-Fixed minor memory leak in Network Interfaces and
Statistics.</div>
<br />
<div class="p_Normal">
-Removed startup message about 169.254.x.x interfaces which
shows up more frequently if Npcap is installed instead of WinPcap.</div>
<br />
<div class="p_Normal">
-Began the first steps of a UI improvement by expanding the
area used by the tools in the right hand panel. Our research shows that most
displays are now wide enough for us to de-clutter the right hand side by making
it wider and moving controls.</div>
<br />
<div class="p_Normal">
-Ping: changed the default header acknowledgment field value
to 0.</div>
<br />
<div class="p_Normal">
-Traceroute: added header acknowledgment field as a user
defined field in Settings.</div>
<br />
<div class="p_Normal">
-SSL Certificate Scanner: Added parsing of Subject Alternative
Name (SAN) fields. Shown in the certificate chain. Previous retrievals of SSL
certificates are noted in the grid when you edit or start the software. Right
click to access the certificate chain. Added more parsing of signature
algorithms so OIDs will be less likely to show up.</div>
<br />
<div class="p_Normal">
-Graphical Traceroute: Added Reset Statistics button.</div>
<br />
<div class="p_Normal">
-SNMP and SNMP Advanced: default bulk reps is now 8. Suggest
lowering to 8 if you are using SNMPv2c or SNMPv3.</div>
<br />
<div class="p_Normal">
-USB Version Only: startup on a host running Npcap now works
correctly.</div>
<br />
<div class="p_Normal">
-Updated SQLite to version 3.20.1</div>
<br />
<div class="p_Normal">
-Updated MAC address/Manufacturer database.</div>
<br />
<div class="p_Normal">
-Updated IP to Country database.</div>
<br />
<div class="p_Normal">
-Updated dates in all subprograms to 2017.<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-21864084493716124672017-09-05T11:03:00.001-07:002017-09-05T11:03:24.595-07:00Managed Switch Port Mapping Tools v2.77.1 released August 30, 2017Version 2.77.1 followed closely behind the release of 2.77. This minor release adds serial and model retrieval from Adtran switches. It also fixes some minor issues with importing devices from a text file in Switch List editor. SQLite was updated as well.<br />
<br />
Version 2.77 was a huge release.<br />
<br />
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">Managed Switch Port Mapping Tool v2.77 adds several features to enhance
the user experience plus new features including one that has been requested a
number of times for several years.</span></b><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"> </span><br />
<br />
<div style="margin: 0px;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">One of the most requested features (for years) is this:</span></b><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"> a way to compare two mappings of the same switch to see what has
changed. It is now there under Review History (left control panel):</span></div>
<div style="margin: 0px;">
<span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixWGDxmpVal4iBxtvcAvRf1Lcw088jQMbjFYO41JhxieXo9cLamQRXwykQwJscf7SIZRhe3qVVlYjckxs_R0nb9UN6uKpumYdCCGeM30NnxhJcwXSjQTh6RCPNKukQES3ActohsPpHj7c/s1600/show-mapping-differences.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="168" data-original-width="336" height="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixWGDxmpVal4iBxtvcAvRf1Lcw088jQMbjFYO41JhxieXo9cLamQRXwykQwJscf7SIZRhe3qVVlYjckxs_R0nb9UN6uKpumYdCCGeM30NnxhJcwXSjQTh6RCPNKukQES3ActohsPpHj7c/s320/show-mapping-differences.PNG" width="320" /></a></div>
<div style="margin: 0px;">
<span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"><br /></span></div>
<br />
<span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">Select at mapping from the left list, then select
one from the right list. Press ‘Show Added & Removed’ to see a list of what
is present only in the first mapping (green) and the second mapping (blue) as
shown below.</span><br />
<span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWvC05UQvKHqUl3ss-Qxjv1o-VSsaTTNkwBLIRpho791cG4ub1Wl9GorhUWGvo60pKXmzXvb6FZ3oHdYXn0g-MLOr1iDtWPmFKhPj_7sU_xJ8sVs7WnQ3kxEWGq51eJ5MnenoNLaABSmI/s1600/compare-added-removed.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="606" data-original-width="839" height="231" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWvC05UQvKHqUl3ss-Qxjv1o-VSsaTTNkwBLIRpho791cG4ub1Wl9GorhUWGvo60pKXmzXvb6FZ3oHdYXn0g-MLOr1iDtWPmFKhPj_7sU_xJ8sVs7WnQ3kxEWGq51eJ5MnenoNLaABSmI/s320/compare-added-removed.PNG" width="320" /></a></div>
<span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"><br /></span>
<br />
<div style="margin: 0px;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">To see a list of devices moved from one port to another between
mappings,</span></b><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"> press Show Moved. The final port that the device
was moved to is shown in the list.</span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOGF0WJN0spkT8XOfBr4IKkToRTn-R0Lgz118vxCHlUXJo79c7p8LaT1LDNAsRjpHQmBYre09gpmhfHrz67ukS7iOH7tEt3T3HEcgygMOygZjrdT0JvILV4xptbpQdZQGLv11qJuF4zc4/s1600/compare-show-moved.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="606" data-original-width="839" height="231" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOGF0WJN0spkT8XOfBr4IKkToRTn-R0Lgz118vxCHlUXJo79c7p8LaT1LDNAsRjpHQmBYre09gpmhfHrz67ukS7iOH7tEt3T3HEcgygMOygZjrdT0JvILV4xptbpQdZQGLv11qJuF4zc4/s320/compare-show-moved.PNG" width="320" /></a></div>
<br />
<br />
<div style="margin: 0px;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">Another major addition is the ‘Test’ button.</span></b><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"> You can find it in the device settings. It give you a way to see if
the device (switch or router or other) can be pinged and communicated with
using the SNMP settings you have entered. See below:</span></div>
<div style="margin: 0px;">
<span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBf58QPyanLn9QC9FD8S4X-pv4Vlj0s7wCoKiM7yqS_WjaG8sNM82sEDqgpU4wxtMET92q-TR2jVuFPaUo47gU3cyuZRHZa6vL_q2P4XI87DmWAk64v5IA5qO8oazjqEqypH8-G9bxVoI/s1600/switch-settings-test.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="575" data-original-width="617" height="298" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBf58QPyanLn9QC9FD8S4X-pv4Vlj0s7wCoKiM7yqS_WjaG8sNM82sEDqgpU4wxtMET92q-TR2jVuFPaUo47gU3cyuZRHZa6vL_q2P4XI87DmWAk64v5IA5qO8oazjqEqypH8-G9bxVoI/s320/switch-settings-test.PNG" width="320" /></a></div>
<div style="margin: 0px;">
<span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"><br /></span></div>
<br />
<div style="margin: 0px;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">Do you have Juniper, Ubiquiti and Force10 switches?</span></b><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"> We improved support for those switches and we even found that some
models of Adtran switches can be mapped – but not all.</span></div>
<br />
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">Full list of changes in this revision.</span></b><br />
<br />
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">2.77 August 18, 2017</span><br />
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"><br />-Added button in Review History
for comparing and displaying the differences between two mappings of the same
switch at different times. One selection shows the difference between
information present on the first switch mapping vs the second switch mapping.
The other selection shows movement of a device from one port to a new port. The
results of the comparisons may be saved/exported/printed.</span><br />
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Added Test button to Device
Settings. Use it to verify the device is reachable with Ping and verify your
SNMP settings are correct. It also can tell you if it is a switch or a
different kind of SNMP enabled device.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-The target switch is now
tested near the start of the mapping to see if it really is a switch, if not a
'do you want to continue' question is asked.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Additional sources of warning
messages during SNMP single parameter retrievals were identified and the
warning suppressed. The warnings were sometimes interpreted by users as errors
and slowed the mapping process.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-New Command Line option (-txt)
to save the results of a mapping to a hybrid tab/CSV delimited text file.
Columns are represented by tabs and rows within a multi-row cell are
represented by commas.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Improved export to 10SCAPE. If
required columns are missing, a warning is now shown at export.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Column Order and Visibility
Editor: the 10SCAPE defaults button now turns off the Ping Sweep warning (see
Global Settings to reactivate it).</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Global Settings: the Display
Ping Sweep Not Configured warning message is now disabled by default.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Global Settings: when switch
group specific settings (like MAC limit per port) are changed, the changes are
now saved to the currently shown left panel switch group.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Switch List Editor: show final
report and show individual reports are now unchecked by default.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Framework: menu and toolbar
are now fixed in place and not dockable.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Framework: top titlebar is now
correctly updated to show the switch info when the mapping is complete.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Juniper, Force10 and Ubiquiti
switches are now processed correctly and manufacturer specific details are now
retrieved.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Some models of Adtran switches
are now supported.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Juniper switches now show the
vlan name, internal vlan number and vlan tag as follows with the tag in curly
braces: MYVLAN(5){100}. Other switch brands will continue to show MYLAN(5) or 5
where 5 is the vlan number.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-In order to speed up the
switch list mapping process, the column widths are no longer automatically
resized in list mode.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-VLAN identification for older
3COM switches was improved.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Improvements to data shown in
vlan columns.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Fixed SQL syntax problem in
lldpLocChassisId when subtypes 1-7 are present.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Fixed usability problem with
device settings editor where selections from existing community names would not
appear to 'stick'.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Fixed XML export where switch
information is added in the left column.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Added System Description to
CDP data.</span></div>
<br />
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-New information added to SNMP
Error Report.</span><br />
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Changed Review History icon.</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Updated SQLite to version
3.20.0</span></div>
<br />
<div style="margin: 0px;">
<span style="color: #666699; font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">-Updated MAC
address/Manufacturer database.</span></div>
<br />
<div style="margin: 0px;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">Download the ‘installed’ version 2.77 from SwitchPortMapper.com and
install it over the top of your current installed version.</span></b></div>
<br />
<div style="margin: 0px;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"><a href="http://www.switchportmapper.com/"><span style="font-weight: normal; margin: 0px;"><span style="color: blue;">http://www.switchportmapper.com/</span></span></a></span></b><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"></span></div>
<br />
<div style="margin: 0px;">
<st1:stockticker w:st="on"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;">USB</span></b></st1:stockticker><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Verdana",sans-serif; font-size: 10pt; margin: 0px;"> version users need to use
the Help Menu/Check for Update selection to obtain the upgrade patch.</span></b></div>
<b></b><i></i><u></u><sub></sub><sup></sup><strike></strike>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-63081968563275237732017-01-25T09:08:00.002-08:002017-01-25T09:08:36.591-08:00NetScanTools.com website major revision under wayYou may have noticed that NetScanTools.com is being revised. Slowly. One or more pages a day. It started in late December 2016.<br />
<br />
It's being changed from an ancient Frontpage template with annoying flash into a modern Bootstrap based website. We are actually using the Unify template from wrapbootstrap. The nice part about Bootstrap is that it automatically sizes to meet the browser viewport. What this means is that there is only one set of webpages viewable equally well on mobile and the desktop.<br />
<br />
Here are a few example pages:<br />
http://www.netscantools.com/nstprodetails.html<br />
http://www.netscantools.com/nstpro_packet_generator.html<br />
http://www.netscantools.com/download.html<br />
http://www.netscantools.com/support.html<br />
http://www.netscantools.com/nstproonline.html<br />
http://www.netscantools.com/nstbasicmain.html<br />
<br />
I hope you like the new look!<br />
Kirk<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-72878300123917908892016-08-11T15:47:00.001-07:002016-08-11T15:47:43.478-07:00GetBestRoute bug in Windows 10 Anniversary Release 1607After upgrading to Windows 10 Anniversary Release 1607 on August 6, 2016, I noticed something strange happening with ARP Scanning Tool and I traced it to an intermittent problem in the IpHlpApi function GetBestRoute.<br />
<br />
When the computer is first booted, GetBestRoute works normally as it has in NetScanTools Pro for years and as it has on other Windows operating systems. I am using it to determine if an IPv4 address can be reached LOCALLY without going through the Default Gateway. Operating System specifics: 64 bit OS build 14393.51, only one ethernet wired 1GB network interface connected to an IPv4 network. Compiled as a 32 bit application using VC++ 2012.<br />
<br />
<b>Code snippet:</b><br />
<br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">MIB_IPFORWARDROW IPForwardRow;</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">memset(&IPForwardRow, 0, sizeof(IPForwardRow));</span><br />
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">DWORD dwResult = GetBestRoute(targetIPAddress, outgoingIf, &IPForwardRow);</span></div>
<div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">// note the fail on getting non-local route</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">if(dwResult == NO_ERROR && IPForwardRow.dwForwardType != MIB_IPROUTE_TYPE_DIRECT)</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">{</span></div>
</div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> // note the failure with a popup stating that the route is not local,</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> // ie. not on the same subnet or local network segment</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">}</span></div>
<div>
<br /></div>
<div>
<span style="font-family: inherit;">Problem statement: if you pass in ANY targetIPAddress between 192.168.0.1 and 192.168.0.254 and outgoing interface is 192.168.0.205 on your computer, it should come back with MIB_IPROUTE_TYPE_DIRECT. This is the normal way it works. Here is a view of the contents of the IPForwardRow structure as it should appear with 192.168.0.1 and 192.168.0.205 as the interface (192.168.0.1 is the default gateway).</span></div>
<div>
<span style="font-family: inherit;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3svP1dBa_co8m3rAkofGJiARc8AZOrvd4G5WCNYRNqoMAGcgnM2Ch6wu_oGx-BsQ7PeKrCePmEHXeNofIonlL78RmRBEIJ4fpXetr21VMAuNbRrB4G1lqJiJcJfhb5x4HUv8A8PEdzzc/s1600/ipforwardrow-normal.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="167" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3svP1dBa_co8m3rAkofGJiARc8AZOrvd4G5WCNYRNqoMAGcgnM2Ch6wu_oGx-BsQ7PeKrCePmEHXeNofIonlL78RmRBEIJ4fpXetr21VMAuNbRrB4G1lqJiJcJfhb5x4HUv8A8PEdzzc/s320/ipforwardrow-normal.JPG" width="320" /></a></div>
<div>
<span style="font-family: inherit;"><br /></span></div>
<div>
<span style="font-family: inherit;">You can see the dwForwardDest is populate correctly as is dwForwardMask and the ForwardType is direct as expected.</span></div>
<div>
<span style="font-family: inherit;"><br /></span></div>
<div>
<span style="font-family: inherit;">But for any other IPv4 address 192.168.0.2 through 192.168.0.254, you get this with empty </span>dwForwardDest and dwForwardMask with the route type INCORRECTLY shown as MIB_IPROUTE_TYPE_INDIRECT.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEide6y3j-xfIfCdr8dykgCkwWNaRKEWbaUs5xqK9uCUI5SJHEdgO3LkYaMZR2aIzIUSfeVCLrBVC56leh7wbiPTSbiGf8dk-ijcEH1rcF2pJatUSM0zHDjiZTAA7-0u-tqTFsNbYPtSfvE/s1600/ipforwardrow-bad.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEide6y3j-xfIfCdr8dykgCkwWNaRKEWbaUs5xqK9uCUI5SJHEdgO3LkYaMZR2aIzIUSfeVCLrBVC56leh7wbiPTSbiGf8dk-ijcEH1rcF2pJatUSM0zHDjiZTAA7-0u-tqTFsNbYPtSfvE/s320/ipforwardrow-bad.JPG" width="320" /></a></div>
<div>
<br /></div>
<div>
<span style="font-family: inherit;">Obviously something was broken in this new Windows 10 release. It is intermittent but once it goes into this failure mode, it stays in the failure mode until the computer is rebooted. I do not know what the trigger is.</span></div>
<div>
<span style="font-family: inherit;"><br /></span></div>
<div>
<span style="font-family: inherit;">I have fixed it by writing my own GetBestRoute equivalent - but I should not have to do that. Microsoft PLEASE FIX this ASAP!</span></div>
<div>
<span style="font-family: inherit;"><br /></span></div>
<div>
<span style="font-family: inherit;"><br /></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-36201239994666047102016-08-11T15:13:00.001-07:002016-08-11T15:13:11.238-07:00NetScanTools Pro v11.80 released Aug 4, 2016<b>NetScanTools Pro 11.80 was released on Aug 4, 2016.</b> This version was completely compiled on Windows 10 and is dual code-signed with both SHA256 and SHA1.<br />
<br />
We added a new IPv6 Route Tool that displays the routes and many other properties.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8y3srHkiPYmlYcgmg5o35Uog8pcUzygDQbFjRTuBxiGBahLvz1RaSKmYvYPRyHzq-f627tRAfrrmAGRfD-yWpsvYAp6maXSQVIxOIcLAN5YR-m4pwIfcVbsOTVFtbB_9hsXnwuut3fE4/s1600/new-ipv6-route.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="106" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8y3srHkiPYmlYcgmg5o35Uog8pcUzygDQbFjRTuBxiGBahLvz1RaSKmYvYPRyHzq-f627tRAfrrmAGRfD-yWpsvYAp6maXSQVIxOIcLAN5YR-m4pwIfcVbsOTVFtbB_9hsXnwuut3fE4/s320/new-ipv6-route.JPG" width="320" /></a></div>
<br />
There are many changes and the most obvious change is in the way WinPcap compatible interfaces are shown and selected. Tools that use WinPcap now have a much more verbose description of the interface, not just the IPv4 address shown before. Previously, users would occasionally run into problems where the IPv4 address shown in the dropdown list was not able to be opened even though WinPcap says it was compatible with it. The way the interfaces are opened based on the selection was significantly changed internally so there should be less chance of problems.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZr3-V59Rn7o0WruZFhRvZxUBXcL5X7vBd0YgEr-m24RCyJ5yEG2qUs2i2Rmr-xfAYxGv7abtIWZyff5tEyUQAnNXwcG8uiGSqg_AVgLIBYlFcySNIKGm3BqAVb1CoJm9r32ZFoSmaeN0/s1600/new-dns-monitor.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZr3-V59Rn7o0WruZFhRvZxUBXcL5X7vBd0YgEr-m24RCyJ5yEG2qUs2i2Rmr-xfAYxGv7abtIWZyff5tEyUQAnNXwcG8uiGSqg_AVgLIBYlFcySNIKGm3BqAVb1CoJm9r32ZFoSmaeN0/s320/new-dns-monitor.JPG" width="313" /></a></div>
<br />
The Real Time Blacklist Check tool was changed from a text based single threaded (one after the other) output to a grid based output with multithreading. In other words, in v11.80 many RBL servers are queried simultaneously for the presence of the mail server IPv4 address in their databases.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnWoIPOLTdFea4zwwQytzAhKt0byHmK6Mi4wzJdPAqeHMRjYtWFvwGCBq0RTafcT0bOYWtg03icozWtpwSL5b0LHBpZ2EW3bEuJ-9U1eRrBtdf_rtTsDS4r6ssX5HYDT1LqHky-ut8TNg/s1600/new-rbl-checker.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="159" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnWoIPOLTdFea4zwwQytzAhKt0byHmK6Mi4wzJdPAqeHMRjYtWFvwGCBq0RTafcT0bOYWtg03icozWtpwSL5b0LHBpZ2EW3bEuJ-9U1eRrBtdf_rtTsDS4r6ssX5HYDT1LqHky-ut8TNg/s320/new-rbl-checker.JPG" width="320" /></a></div>
<br />
SNMP tools now support SNMPv3 without the enduser having to go obtain libeay32.dll. We have an Encryption Registration Number and the software is ECCN 5D992.c.<br />
<br />
The SNMP Scanner and SNMP Dictionary Attack Tools were worked on extensively to fix problems that happened if you sorted a column with scanning (no longer allowed) and also problems with the XML Excel Schema. Side note - if you are using Excel, don't 'import' the XML file, simply 'open' it just like any other Excel file.<br />
<br />
<b>Here are the specific changes:</b><br />
-Compiled on Windows 10.<br />
-New Tool: IPv6 Routing Table.<br />
-Significant change to the way WinPcap compatible interfaces are listed and
chosen. Layout of some tools had to change to support longer selection
box.Opening and using a WinPcap network interface no longer depends on matching
the IPv4 address.<br />
-We now test to verify that the official WinPcap service or the alternative
npcap or Win10Pcap services are running.<br />
-Realtime Black List Check tool completely rewritten with new user interface
and it is now multithreaded for increased speed.<br />
-SNMP Core and Advanced tools now have simplified SNMPv3 options. SNMP DLL
now has libeay32.dll added and SNMP Library Manager was removed. ECCN
5D992.c<br />
-SNMP Scanner, SNMP Dictionary Attack and Protected Storage Viewer have
updated grid controls and are now prevented from sorting by clicking on the
column header while the tool is working. Exporting with Microsoft Excel schema
has been updated - simply 'open' the XML file from Excel (do not import it).
SNMP v1+v2c setting is now properly saved.<br />
-ARP based tools now confirm that the target IPv4 addresses are within the
same subnet as the chosen WinPcap interface.<br />
-ARP Scan now automatically sorts by the IP address column when complete.<br />
-Whois changed so that if whois server does not respond, it times out and
automatically stops.<br />
-Assigned IPv6 Teredo server is shown in IPv6 Compatible Interfaces.<br />
-Corrected privilege problems with writing to certain parts of the registry
during registration process.<br />
-Updated SQLite to version 3.13.0<br />
-Updated MAC address/Manufacturer database.<br />
-Updated IP to Country database.<br />
-Code signing now uses both SHA256 and SHA1 for maximum operating system
portability.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-69855919566612970552016-06-02T10:09:00.000-07:002016-06-02T10:09:00.135-07:00NetScanTools Pro 11.75 Released May 6, 2016This is a minor release - kind of - it has numerous changes to the Packet Flooder to increase speed and give the user finer control over packet sending.<br />
<br />
We also did something that was long overdue. We changed from the ancient Wise installer to the most recent Inno Setup installer for the 'installed' version.<br />
<br />
SQLite was updated along with the databases and in order to be used on Windows 10, we codesigned everything with both an SHA256 certificate and an SHA1 certificate.<br />
<br />
If your maintenance plan is active, please click on Help menu, then Check for New Version. The embedded window will appear with links for downloading. You will need your access credentials.<br />
<br />
Full list of changes is here: <a href="http://www.netscantools.com/nstpronews.html">http://www.netscantools.com/nstpronews.html</a><br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-12716778672797207622016-03-23T12:49:00.000-07:002016-04-07T12:06:38.546-07:00Managed Switch Port Mapping Tool v2.63 released on Friday, March 18, 2016The v2.63 release has one major change dealing with IEEE 802.3ad LAG (Link Aggregation) ports. If your switch reports these ports in the type column as ieee8023adLag(161) AND you have assigned other ports to be members of the LAG, it will show something like ieee8023adLag(161): fa1, fa2 where fa1 and fa2 are the ifNames of the ports comprising the LAG. Click on the image below.<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzySTS0LzxoVYS_0yH7v2m4HWBqiKo5-8KFMHi4l3BIFuJudE1TGiXAVD397I75-Z9DSC3I7qEqTdMJT4R8ehAVsY0SkFyJ3_VeLYF3VaBaLpo9ia09pwGRW2T9DxRY7J8uNC9qvy-zyE/s1600/spm-lag.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzySTS0LzxoVYS_0yH7v2m4HWBqiKo5-8KFMHi4l3BIFuJudE1TGiXAVD397I75-Z9DSC3I7qEqTdMJT4R8ehAVsY0SkFyJ3_VeLYF3VaBaLpo9ia09pwGRW2T9DxRY7J8uNC9qvy-zyE/s1600/spm-lag.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="155" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzySTS0LzxoVYS_0yH7v2m4HWBqiKo5-8KFMHi4l3BIFuJudE1TGiXAVD397I75-Z9DSC3I7qEqTdMJT4R8ehAVsY0SkFyJ3_VeLYF3VaBaLpo9ia09pwGRW2T9DxRY7J8uNC9qvy-zyE/s400/spm-lag.png" width="400" /></a><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Another change in the message you see when the switch or other device does not respond to SNMP. We had a user accidentally change his SNMP port from 161 to 10. If SNMP times out and the port is not 161, you are told that the most likely cause is the port being wrong.<br />
<br />
Like all versions released since Jan 1, 2016, we are code signing the executables and the installer with both SHA1 signed certificates and SHA256 signing. The ensures that the authorship of the software will be recognized across all current versions of Windows.<br />
<br />
Download the installed trial of Managed Switch Port Mapping Tool v2.63 for Windows from <a href="http://www.switchportmapper.com/">http://www.SwitchPortMapper.com/</a><br />
<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-76313733553852897282015-11-05T09:18:00.000-08:002015-11-05T09:18:41.222-08:00New Switch Port Mapper VideosWe've added a bunch of new videos showing how to use various functions of the Managed Switch Port Mapping Tool.<br />
<br />
Please visit:<br />
<a href="http://www.switchportmapper.com/videos.htm">http://www.switchportmapper.com/videos.htm</a><br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-41404206791325936612015-09-08T20:03:00.000-07:002015-09-08T20:03:05.434-07:00Managed Switch Port Mapping Tool v2.55 releasedOn Friday, Sept 4 we released version 2.55 of the Managed Switch Port Mapping Tool. It improves the wording on new dialogs introduced in v2.54. It also adds a new Used Ports section to the webpage reports.<br />
<br />
If you have the installed version, click on Help/Check for Update or visit <a href="http://www.switchportmapper.com/">http://www.switchportmapper.com/</a> to download v2.55. If you have the USB version, click Help/Check for Update to for a link to the upgrade patch.<br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-1064750767486121952015-08-27T09:37:00.000-07:002015-08-27T09:37:04.679-07:00August NewsletterOur August Newsletter is ready. It talks about the recent releases and we mention the upcoming Managed Switch Port Mapping Tool 2.54 and NetScanTools Pro 11.72. Those will be done very soon.<br />
<br />
Please visit:<br />
<a href="http://www.netscantools.com/pressandnewsletters.html">http://www.netscantools.com/pressandnewsletters.html</a><br />
<br />
Have a great end of summer!<br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-18228449770470251952015-08-13T10:18:00.001-07:002015-08-27T07:40:55.233-07:00How I installed Windows 10 on an old Dell Inspiron 1520 laptop<strong>Windows 10 Pro retail release on a 9 year old laptop?</strong> yes. It can be done. But it wasn't easy.<br />
<br />
<strong>Where I started from:</strong><br />
The Inspiron 1520 has 4GB ram, a 2Ghz Core2 Duo, a SanDisk Ultra II SSD and it had 32 bit Windows 7 which was an upgrade from the original Vista 32. I cloned the SSD to another hard drive before getting started. I used a Windows 10 32 bit ISO burned to a DVD. For tries 1 and 2, I used WiFi to access the internet.<br />
<br />
<strong>1st try</strong> - everything seemed to go well, I let it download updates to the install. But then it got to the first reboot. It hung on the light blue window logo with the spinning dots. After half an hour I manually rebooted it and it gave this message "0xC1900101 - 0x20017 The installation failed in the SAFE_OS phase with an error during BOOT operation". Windows 7 was back, so I tried again.<br />
<br />
<strong>2nd try</strong> - similar to the first (I allowed updates). The reboot phase was different this time - no logo with spinning dots. There was a cursor. Window 7 did come back to life.<br />
<br />
So I did some fruitless research and found that the error message might be related to a driver. So I did things differently on the third and final try.<br />
<br />
<strong>3rd try</strong> - this time I flipped the switch that turned off WiFi, plugged in an Ethernet cable (for Windows activation) and Bluetooth and I told the installer not update before installing. It worked. After the first reboot I got the large circle showing upgrade progress. Then finally I got to "Hi there, welcome back!" and finished the upgrade. But I wasn't done - read on.<br />
<br />
Windows 10 was showing the desktop in 1024x768 mode instead of the native 1440x900. Display settings would not allow me to go that high, so I unplugged the Ethernet cable and switched on WiFi. Then I downloaded the updates. After rebooting the NVidia driver was active and gave me the option to go to 1440x900.<br />
<br />
Next, I started going through apps to check compatibility. NetScanTools Pro, the Managed Switch Port Mapping Tool and related products worked normally as did iTunes and Office 2007. But SanDisk SSD Dashboard 1.4.1 hung on startup and consumed 98% of CPU time no matter what I did. Obviously SanDisk has some work to do.<br />
<br />
Later I went into the Startup tab of Task Manager to disable old unused drivers - that speeded up boot time and stopped a crash message on power down.<br />
<br />
It wasn't easy, but I now have Windows 10 Pro 32 bit running. I would really like to get x64 running on it instead. Another time.<br />
<br />
Here are screenshots of the System window and below it is the CPU-Z.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2PA8BSYZqNjpuE1B9Yamr1oP5mVnQFUoA8bQSfbtLxPRnvV82zEEOhXZ6TycaSy4n3KJ78MJz4QDvMcaYBcmhpIm49SMsV4Jq2ZB2ygRN9OKumD5GtFXDd6Du_6VWlZWm4IEK2ulXS4o/s1600/system.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="257" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2PA8BSYZqNjpuE1B9Yamr1oP5mVnQFUoA8bQSfbtLxPRnvV82zEEOhXZ6TycaSy4n3KJ78MJz4QDvMcaYBcmhpIm49SMsV4Jq2ZB2ygRN9OKumD5GtFXDd6Du_6VWlZWm4IEK2ulXS4o/s320/system.PNG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIJpdBcgrqqCHvqalXp9B2aKyLLLUZXkaWORE_UP5-jxl9yzTxApvRo2u40Dswj7TUYJuUuC49GBDabaHCSuoY0rHoaveLi-8-rOIodaXmurAAupm0NQMkWK0anPpHQyw-7dA47MXAo_A/s1600/cpu-z.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="319" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIJpdBcgrqqCHvqalXp9B2aKyLLLUZXkaWORE_UP5-jxl9yzTxApvRo2u40Dswj7TUYJuUuC49GBDabaHCSuoY0rHoaveLi-8-rOIodaXmurAAupm0NQMkWK0anPpHQyw-7dA47MXAo_A/s320/cpu-z.PNG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJFHjFwrxS9OTXl849c042TOAYlCaRoiZGOGVlSltupbkJaPfSMSUW9BAETFBbPUeMEC2vVJteQdo7-QOnrsTBcdTyw907Chm53uleqkHyWCnOphaiaa-50CV68wsmrOi9y2S941xxetg/s1600/coreinfo.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJFHjFwrxS9OTXl849c042TOAYlCaRoiZGOGVlSltupbkJaPfSMSUW9BAETFBbPUeMEC2vVJteQdo7-QOnrsTBcdTyw907Chm53uleqkHyWCnOphaiaa-50CV68wsmrOi9y2S941xxetg/s320/coreinfo.PNG" width="193" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
Unknownnoreply@blogger.com22tag:blogger.com,1999:blog-1740550564148120237.post-12863604567381333712015-07-31T16:25:00.001-07:002015-07-31T16:25:20.635-07:00July Newsletter Ready<div align="LEFT">
This newsletter covers the recent NetScanTools Basic 2.4 and Managed Switch Port Mapping Tool 2.53 releases along with Windows 10 compatibility. Have a good summer!</div>
<br />
<div align="LEFT">
<a href="http://www.netscantools.com/pressandnewsletters/nst_news_july_2015.pdf">http://www.netscantools.com/pressandnewsletters/nst_news_july_2015.pdf</a></div>
<div align="LEFT">
</div>
<div align="LEFT">
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-67284171491726332642015-06-24T14:04:00.000-07:002015-06-25T10:17:29.625-07:00How to use Remote Desktop to access Windows Server 2012 from Windows 7 with TLS 1.0 DisabledAfter securing a Windows Server 2012 box with TLS 1.0 disabled per PCI-DSS 3.1 requirements, I found that I could only connect to it through Remote Desktop (RDP) from a Windows 8.1 or Windows 10 client.<br />
<br />
<strong>The problem was this:</strong> all attempts to connect through the LAN via Remote Desktop from Windows 7 were met with <em>"This computer can't connect to the remote computer. Try connecting again...etc."</em><br />
<br />
The Server 2012 Standard (not R2) computer is running the most simple Remote Desktop mode accessed through Computer/Remote Settings as shown below.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirsJwGz5gXFR5fim7Fvb37xS1LO0YtgPndXztsNE_b_5-1ZwmhATc5y2ELxH-9x0GtLzt8rPXOS7jBnbWr2wxqH6pHf3cpo-O4sQSqlhH6FFlg6osU4YLzd1ogZRCFwY2DqAeRWLvKhWI/s1600/serverRDP.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirsJwGz5gXFR5fim7Fvb37xS1LO0YtgPndXztsNE_b_5-1ZwmhATc5y2ELxH-9x0GtLzt8rPXOS7jBnbWr2wxqH6pHf3cpo-O4sQSqlhH6FFlg6osU4YLzd1ogZRCFwY2DqAeRWLvKhWI/s320/serverRDP.PNG" width="320" /></a></div>
<br />
I went through rabbit trails with firewall settings, Remote Desktop Services (which I did not install) turning on and off the 'Allow connections only from computers running Remote Desktop with Network Level Authentication', using Select Users - <em>none of them worked.</em><br />
<br />
During extensive searching I ran across a some discussions of TLS and RDP on Windows 7. I found that we had RDP 7.1 on the Windows 7 sp1 computer and RDP 8.0 was an optional download through Windows update. RDP 8 apparently has support for later TLS versions beyond the disabled TLS 1.0. RDP 8 for Windows 7 is discussed here: <a href="https://support.microsoft.com/en-us/kb/2592687">https://support.microsoft.com/en-us/kb/2592687</a>.<br />
<br />
<strong>Solution:</strong> After installing the KB2592687 update (an optional update in Windows update), rebooting and installing even more updates triggered by that update, RDP 8.0 client was installed and connected normally to the Windows 2012 server.<br />
<br />
There is also an RDP 8.1 client only update KB2830477 that I may install later but for now I can Remote Desktop in to the Server 2012 box from Windows 7 without any apparent problems.<br />
<br />
More info on RDP 8.1 for Windows 7 including prerequisites: <a href="http://blogs.msdn.com/b/rds/archive/2013/11/12/remote-desktop-protocol-8-1-update-for-windows-7-sp1-released-to-web.aspx">http://blogs.msdn.com/b/rds/archive/2013/11/12/remote-desktop-protocol-8-1-update-for-windows-7-sp1-released-to-web.aspx</a><br />
<br />Unknownnoreply@blogger.com11tag:blogger.com,1999:blog-1740550564148120237.post-12474194867853422132015-06-15T11:32:00.000-07:002015-06-15T11:32:22.798-07:00NetScanTools Pro v11.70 released on Friday, June 12, 2015Version 11.70 was long overdue but we made many changes and added a new tool called the DNS Traffic Monitor. This new tool shows you the percentage of query allocations or loading experienced by each default DNS assigned to your system. It also shows you any outgoing DNS queries to DNS that are not in your default list.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_JKFeOzQ9ee0ghf6IULs6KZnvUr4UF9NpWrLIGfVV_7PAqAx3IJzx5Hz0frkxve1XjUN_loLYy3aqbM13JIb-r4SxWkXRfOdfTE0pbdfblhlYYVEUcBG2G6nRkuJbnL8SQVFOh4UOt3E/s1600/dnstraffictool.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_JKFeOzQ9ee0ghf6IULs6KZnvUr4UF9NpWrLIGfVV_7PAqAx3IJzx5Hz0frkxve1XjUN_loLYy3aqbM13JIb-r4SxWkXRfOdfTE0pbdfblhlYYVEUcBG2G6nRkuJbnL8SQVFOh4UOt3E/s320/dnstraffictool.PNG" width="311" /></a></div>
<span id="goog_336619242"></span><span id="goog_336619243"></span><br />
<br />
This release completes the transition of moving all the code to VC2012. The next move will be to VC2015 when it is finally released. All development has now been transitioned to Windows 8.1. It may be one of the last releases to support Windows XP.<br />
<br />
Additionally, each separately launched tool has been changed to conform to a new look and feel. The DNS Traffic Monitor is one example of the look - here are a couple others:<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTuuCqEYB8vzvalzT2SsFpseDvB20voKCPn_VFP4kN96rDKPXzv3gWC6Oz1_jSI_KFeJ0Jvy6d97KD1dP3EYHtscQ4SzQJlgvXmgx33iX6qjQjE-SV-Ans2hVoaUxhcyZdc2t_fRRfGgc/s1600/passive-discovery.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="292" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTuuCqEYB8vzvalzT2SsFpseDvB20voKCPn_VFP4kN96rDKPXzv3gWC6Oz1_jSI_KFeJ0Jvy6d97KD1dP3EYHtscQ4SzQJlgvXmgx33iX6qjQjE-SV-Ans2hVoaUxhcyZdc2t_fRRfGgc/s400/passive-discovery.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Passive Discovery</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz60DMUFV49v4T2XEXbEGZ7Be3APH2R1aYbSoOiJqmUa3vTjoh_UcBOmEljhugJt_A19ByPHIVAzfQHC1f4LOuz1S-j9SETZZUe3fDCn8FyIH9UI0dRoxpi8ZUzTio63dXFIemLWh8nnA/s1600/snmp-scanner.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz60DMUFV49v4T2XEXbEGZ7Be3APH2R1aYbSoOiJqmUa3vTjoh_UcBOmEljhugJt_A19ByPHIVAzfQHC1f4LOuz1S-j9SETZZUe3fDCn8FyIH9UI0dRoxpi8ZUzTio63dXFIemLWh8nnA/s400/snmp-scanner.PNG" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">SNMP Scanner</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
</div>
The demo version will be updated to 11.70 soon. If you have an active maintenance plan you can get 11.70 by clicking on Help/Check for New Version.<br />
<br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-3604077587081545972015-06-10T12:45:00.000-07:002015-06-10T12:45:38.271-07:00Win10Pcap - a WinPcap forkToday Gerald Combs graciously forwarded me an announcement about a new fork to WinPcap called Win10Pcap based on NDIS 6. I immediately tested it with Wireshark and NetScanTools Pro.<br />
<br />
Since this fork uses a different kernel mode driver name - ie, NOT npf.sys, Wireshark shows the popup message <em>"The NPF driver isn't running. You may have trouble capturing or listing interfaces."</em>. However, even though this message shows Wireshark will run because Wireshark loads packet.dll and wpcap.dll - these two DLL interfaces are unchanged (the WinPcap SDK interface is supposedly unchanged) so no matter what the driver is called, it starts. So, yes, Wireshark 1.12.5 appears to run with this fork of WinPcap.<br />
<br />
That brings me to NetScanTools Pro. Not only does NetScanTools Pro capture packets (like Wireshark), it also sends packets. I tested the ARP, Ping and Traceroute tools that depend on WinPcap for sending packets. They appeared to work OK.<br />
<br />
I was just about to release NetScanTools Pro 11.70, so I was able to make my test for active running npf.sys also test for the new service name - so that means NetScanTools Pro will be able to detect either the official WinPcap 4.1.3 and successors or this new fork.<br />
<br />
Note that old WinPcap 4.1.3 DOES WORK FINE on later releases of Windows 10 builds based on NDIS 5. So it's your choice as to whether you need to use this new fork.<br />
<br />
You may download this new WinPcap fork from <a href="http://www.win10pcap.org/">http://www.Win10Pcap.org/</a> however, since they use GPLv2 instead of BSD license as WinPcap has historically done, we will not be including the installer with NetScanTools Pro.<br />
<br />
Congrats to the author of Win10Pcap! (but what happens to the name when Win 11 is released?)<br />
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-1740550564148120237.post-14991642807951858782015-05-13T09:20:00.001-07:002015-05-13T09:42:35.586-07:00Managed Switch Port Mapping Tool v2.52 Released on May 11, 2015We've had some occasional problems with strange (non-printable) characters appearing in the CDP and LLDP fields - it was thought to have been fixed in a previous release but apparently not, so we addressed that in this release. Those non-printable characters occasionally included apostrophes or double quotes which completely messed up (technical term) the SQL commands, so an SQLite database error popped up. In LLDP you will now always see hex characters in the MAC Address and Network Address fields and in CDP 'Port (ifName) and Device ID will either show a printable string or hex characters - both are valid.<br />
<br />
We also changed LLDP and CDP retrieval phases to be more responsive to user input.<br />
<br />
Speaking of strange, non-printable characters, the new SNMP Walk Tool used for support would also occasionally show strange characters. That has been fixed too.<br />
<br />
More minor report changes and we updated also SQLite to the latest version along with the MAC address/manufacturer database.<br />
<br />
Please visit <a href="http://www.switchportmapper.com/">www.SwitchPortMapper.com</a> to download this new release.<br />
<br />
By the way, this version works on Windows 10 Preview 10074.<br />
<br />
KirkUnknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-70601144876665908372015-04-24T09:43:00.002-07:002015-06-05T14:46:35.399-07:00Updated: Wireshark and WinPcap 4.1.3 on Windows 10 Enterprise Build 10061This release of Windows 10 Enterprise Technical Preview Build 10061 seems to run the 'old' WinPcap just fine. Whatever was broken in 10041 was fixed - I wonder: was NDIS backwards compatibility restored? I don't know, but it works. At least for now. With the rumored final Windows 10 release coming in July 2015, things had better start to get finalized soon. That means networking too.<br />
<br />
So for now, Windows 10 build 10061, seems to capture packets fine with Wireshark 1.12.4 and old 4.1.3 WinPcap release. WinPcap also sends customized packets correctly from NetScanTools Pro v11. We'll see what the next build does.<br />
<br />
<em>Update June 5, 2015: WinPcap 4.1.3 also runs on build 10130.</em><br />
<br />
KirkUnknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-18276531535396968722015-03-24T12:42:00.001-07:002015-06-05T14:46:20.081-07:00Updated: WinPcap and Wireshark problems on Windows 10 Tech Preview 10041<em>Update June 5, 2015: WinPcap 4.1.3 works on build 10130.</em><br />
<em></em><br />
<em>Update May 13, 2015: WinPcap 4.1.3 began to work again in Windows 10 preview 10061 and continues to operate in 10074. Hopefully, this trend continues - but I wouldn't count on it. But we still need to encourage Riverbed to update WinPcap from NDIS5 to NDIS6. Work has been done on this at NMAP and has been shared, so it would be great if WinPcap.org could expand on that work and release WinPcap fully compatible with NDIS6. Another issue is driver signing: in Windows 10 x64 that really will be changing, so it will be important for WinPcap to be updated before the RTM release - <a href="https://www.osr.com/blog/2015/03/18/microsoft-signatures-required-km-drivers-windows-10/" target="_blank">more about this here</a>.</em><br />
<br />
<em>Update 3-27-15: Do you want to use Wireshark on Windows 10? Tweet about this problem! do a post about this issue. Bring it up at Sharkfest in June.</em><br />
<em></em><br />
<em>Update 3-26-15: This has been confirmed by others and a thread has been started here:</em><br />
<a href="http://www.winpcap.org/pipermail/winpcap-users/2015-March/004935.html"><em>http://www.winpcap.org/pipermail/winpcap-users/2015-March/004935.html</em></a><br />
<em>I will be posting about it on twitter: </em><a href="https://twitter.com/NetScanTools"><em>https://twitter.com/NetScanTools</em></a><br />
<br />
Up until release 10041 all Windows 10 Tech Preview versions have appeared to run WinPcap 4.1.3 without a problem. Even the last version 9926 worked OK, but now we have a problem - a big problem.<br />
<br />
<em><strong>About the test machine:</strong> Shuttle xpc, quad core cpu, 8GB RAM. Host OS is Windows 7 x64. Windows 10 x64 Enterprise 10041 is a guest OS running inside VirtualBox 4.3.26 r98988. Network Adapter in the VM is in Bridged mode. Physical network adapter in the Shuttle is Generic Marvell Yukon 88E8056 based Ethernet controller.</em><br />
<br />
<strong>Here's what I did...and what happened...</strong><br />
On March 23 I upgraded 9926 to 10041 and then installed Wireshark x64 v1.12.4 from wireshark.org. Everything installed fine and WinPcap installed normally. I fired up Wireshark and got the message <em>"No interface can be used for capturing in this system with the current configuration."</em>. Pressing the Refresh Interfaces button <u>did not fix it</u>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6G1fD2JJnRXx9r75aMDOmt7llkb2wPqgZCXn1UWhkW6lV19dXTTF6VdcF3Myv5tPQSu8kJlsU6NToE3TybrqUTR5ZXV-wK1SSNZZHU9yYs0gVVuOQVplpqGNHWpu_NL0lJ9Q8iQcsK7E/s1600/wiresharkCapture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="146" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6G1fD2JJnRXx9r75aMDOmt7llkb2wPqgZCXn1UWhkW6lV19dXTTF6VdcF3Myv5tPQSu8kJlsU6NToE3TybrqUTR5ZXV-wK1SSNZZHU9yYs0gVVuOQVplpqGNHWpu_NL0lJ9Q8iQcsK7E/s1600/wiresharkCapture.PNG" width="320" /></a></div>
<br />
I know that Wireshark checks the status of the NPF driver before getting that far, so I thought maybe I should verify it manually in a Command Prompt. You can see that the Service Control Manager says it is RUNNING.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDYnsvzJxUQHmGbGcKtYG1WqJ73dR1GKkqA2Z_nYhH65OQ-eNEj8sx-gO4Tk3mkm9mKXtQM9b50Cl9physa0K07xe1y9UGs1ElbXkIh2crVfr0VlB0N8dxlyqWgtP9owTef1bHzDgFW5g/s1600/npfstatusCapture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="96" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDYnsvzJxUQHmGbGcKtYG1WqJ73dR1GKkqA2Z_nYhH65OQ-eNEj8sx-gO4Tk3mkm9mKXtQM9b50Cl9physa0K07xe1y9UGs1ElbXkIh2crVfr0VlB0N8dxlyqWgtP9owTef1bHzDgFW5g/s1600/npfstatusCapture.PNG" width="320" /></a></div>
<br />
<strong>NetScanTools Pro.</strong> Since I wrote it, I know what checks are done where. I know that it loads wpcap.dll and packet.dll and checks the status of the NPF driver. So far so good. I go to the ARP Scanner (it uses WinPcap to send and receive packets) and pressed Do ARP Scan. I got this message. The arrow is pointing to a message that comes directly from WinPcap itself: <em>"No interfaces found! Make sure libpcap/WinPcap is properly installed on the local machine."</em><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhA-P4sLJxET-lOCnz8EsWZTS9OTCgzgIBf164k_ZhC6O7rmgzZJpuZytEKJLqNWJuS8VdZob0u-YQQNixlm73dQF9CT7WS5w7o9UUulFfVU7fZBFFM8NWGAgF-kgBKlWEbYsGmDWTmvEo/s1600/nstproCapture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="105" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhA-P4sLJxET-lOCnz8EsWZTS9OTCgzgIBf164k_ZhC6O7rmgzZJpuZytEKJLqNWJuS8VdZob0u-YQQNixlm73dQF9CT7WS5w7o9UUulFfVU7fZBFFM8NWGAgF-kgBKlWEbYsGmDWTmvEo/s1600/nstproCapture.PNG" width="320" /></a></div>
<br />
<em>I know exactly which function call returned that message: <strong>pcap_findalldevs_ex</strong></em><br />
<br />
pcap_findalldevs_ex is what you call to find all the WinPcap compatible interfaces on the system. <strong>If it fails, you're done.</strong> I poked through the Wireshark code and they are calling it too most likely on start.<br />
<br />
<strong>Where do we go from here?</strong><br />
Obviously Microsoft changed something. Did they change NDIS? Or something else?<br />
<br />
I've tried all the obvious things - changing compatibility mode, running the programs as administrator - nothing works. A driver expert (which I am not) needs to dive into the WinPcap code and figure this out - and soon!<br />
<br />
If nothing is done Wireshark, nmap, NetScanTools Pro and any other apps depending on WinPcap for capturing and sending packets will not operate on Windows 10 if the changes Microsoft made are permanent.<br />
<br />
<strong>What is your experience?</strong> has anyone else tried Wireshark on Windows 10 Enterprise 10041? Win10 has always worked on VirtualBox - has anyone tried Wireshark on Win10 in VMware or native boot?Unknownnoreply@blogger.com10tag:blogger.com,1999:blog-1740550564148120237.post-23900649814853377502015-03-11T13:41:00.001-07:002015-03-11T13:41:43.304-07:00Ways programs are quietly started at Windows startup time.Have you ever wondered where to find the places that start up a program when Windows starts?<br />
<br />
<strong>Here are three places you may not be aware of:</strong><br />
<br />
<strong>Start Menu.</strong><br />
<br />
This is the Startup folder that was in the Start menu on older versions of Windows. It's still there on Windows 8.x.<br />
c:\ProgramData\Microsoft\Windows\start menu\programs\startup<br />
<br />
<strong>Registry.</strong><br />
<br />
32 and 64 Bit Windows<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run<br />
<br />
64 Bit Windows only (32 bit apps are in here)<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run<br />
<br />
<br />
<strong>Windows Task Scheduler. </strong>(Control Panel/Administrative Tools/Task Scheduler)<br />
<br />
Windows 8.x/7: Expand the left panel - Task Scheduler (Local)/Task Scheduler Library/Microsoft/Windows/TheAppOfInterest<br />
<br />
I hope this helps next time you are trying to locate where a program is being started when you start Windows.<br />
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1740550564148120237.post-66812862778542874652015-03-10T15:20:00.000-07:002015-03-11T10:31:26.193-07:00Solving Serious WinPcap Installation Problems<strong>This post will address some serious WinPcap problems our customers have seen on Windows 8.1.</strong> <em>While they are not necessarily unique to that version of Windows, these problems may also occur on other Windows versions as well.</em><br />
<br />
<strong>Applicability:</strong> This discussion is limited to the current WinPcap 4.1.3 release and is intended for users of Windows 7, 8, 8.1.<br />
<br />
<strong>Related Blog Post:</strong><br />
<a href="http://netscantools.blogspot.com/2015/03/winpcap-tips.html" target="_blank">WinPcap Installation, Status and other Tips</a><br />
<br />
<strong>Common Symptoms:</strong><br />
<ul>
<li>WinPcap 4.1.3 official installer hangs at 'extract: Packet.dll' or similar.</li>
<li>Wireshark gives this message on startup <em>"The NPF driver isn't running. You may have trouble capturing or listing interfaces."</em></li>
<li>NetScanTools Pro gives a message that WinPcap is not found or if it is found NetScanTools Pro locks up when you run a tool that uses WinPcap.</li>
<li>Windows locks up when you run software that uses WinPcap forcing you to do a power cycle reboot.</li>
</ul>
<br />
<strong>Where to start:</strong><br />
The first thing to do is find out if any or all of the three major components are installed and their versions.<br />
<br />
<strong>1. Using File Explorer, find out if this file exists: c:\Windows\system32\drivers\npf.sys.</strong> If so, right click on it and make note of the version number. Version 4.1.3 shows up as 4.1.0.2980 (don't ask me why).<br />
<br />
<strong>2. Search your hard drives (especially drives where programs are installed) for both wpcap.dll and packet.dll.</strong><br />
<br />
Right click on EVERY DLL found, do Properties/Details and verify that you see 4.1.0.2980 (4.1.3).<br />
<br />
<em>These are the only acceptable locations for 'public' WinPcap DLLs on a 64 bit Windows system:</em><br />
c:\windows\system32\wpcap.dll (64 bit version of DLL)<br />
c:\windows\SysWOW64\wpcap.dll (32 bit version of DLL)<br />
c:\windows\system32\packet.dll (64 bit version of DLL)<br />
c:\windows\SysWOW64\packet.dll (32 bit version of DLL)<br />
<br />
<em>These are the only acceptable locations for 'public' WinPcap DLLs on a 32 bit Windows system:</em><br />
c:\windows\system32\wpcap.dll (32 bit version of DLL)<br />
c:\windows\system32\packet.dll (32 bit version of DLL)<br />
<br />
<strong>Did you find any other instances of wpcap.dll and/or packet.dll on your system?</strong> <span style="color: red;">if so, that's huge red flag.</span> One of our end-users running Windows 8.1 64 bit experienced all of the Common Symptoms above and he found WinPcap version 4.1.2.1742 which is actually WinPcap Pro AKA WinPcap OEM in a Netgear ReadyNAS Remote program directory.<br />
<br />
<strong>Here's why it could be a problem:</strong> 4.1.2.1742 is WinPcap Pro. When a program loads the WinPcap Pro wpcap.dll and packet.dll, it creates a version of the winpcap driver 'on-the-fly' in system32/drivers and runs it. WinPcap Pro was intended for use on systems where WinPcap is not installed, so at least on Windows 8.1 with ReadyNAS Remote, there is apparently interference between the two types of WinPcap. (other special WinPcap Pro/OEM versions you might find: 4.1.2.2001, 4.1.2.1879, 4.0.2.1340, 4.0.2.1252, 4.0.2.1123, 4.0.2.1040, 4.0.2.901, 4.0.2.755) WinPcap Pro was discontinued by Riverbed before Windows 8 was released.<br />
<br />
<em>Our end-user tried to stop WinPcap with 'sc stop npf' and got 'stop-pending' status which meant it was in use. Then if he rebooted and did a 'sc queryex npf', it said npf was stopped, however, if he did 'sc start npf' it said an instance of npf is already running. Very confusing and definitely not what you would expect to see.</em><br />
<br />
<strong>Solution that worked for the end-user:</strong><br />
The end-user stopped the ReadyNASRemote.exe process in Task Manager, then renamed ReadyNASRemote.exe to something else, then rebooted. That worked because the program could not start at boot time and therefore did not load it's special WinPcap Pro.<br />
<br />
Next, we had to find out where ReadyNASRemote was being started from at boot time. It was not in the registry HKLM or Windows Task Scheduler. It was being launched using a shortcut under c:\ProgramData\Microsoft\Windows\start menu\programs\startup.<br />
<br />
Once it was stopped the end-user could remove the official 'public' DLLs from the locations in Step 2 above and force a reinstall of WinPcap 4.1.3 public edition without a problem. We do not know which exact version of ReadyNASRemote this user had installed - he determined that he did not use it, so he uninstalled it before I found out.<br />
<br />
<strong>Generalized Procedure assuming wpcap.dll and packet.dll are found elsewhere:</strong><br />
<ol>
<li>Find any WinPcap DLLs that are not in their normal places and figure out which executable is using them (check Task Manager for those exes in the same directory as the WinPcap DLLs).</li>
<li>Stop the offending executable process from Task Manager and rename the exe to something else (or find out where it is being started from and disable the starting process).</li>
<li>Reboot.</li>
<li>Remove the official WinPcap DLLs from system32 and SysWOW64 (carefully! do not remove the npf.sys) no matter what version they are.</li>
<li>Reinstall the official WinPcap version from winpcap.org</li>
<li>Verify WinPcap is running using administrative Command Prompt 'sc queryex npf'.</li>
<li>Start Wireshark or NetScanTools Pro and confirm normal operation. (If Wireshark hangs at configuration 100%, <a href="http://netscantools.blogspot.com/2015/03/winpcap-tips.html" target="_blank">review topic 5 here.</a>)</li>
<li>Now you have to decide if you really want to keep the offending program that was using it's own private WinPcap - that's up to you.</li>
</ol>
<br />
The next blog post will deal with the situation where you did NOT find any other out-of-place instances of wpcap.dll and packet.dll.<br />
<br />Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-1740550564148120237.post-23121334311318479212015-03-09T16:22:00.000-07:002015-03-09T16:30:49.706-07:00WinPcap Installation, Status and other Tips<strong>WinPcap is an essential packet capturing driver for many programs, especially Wireshark and also our own NetScanTools Pro</strong>. I have been working with a few of our customers who have had problems getting it installed and properly running on Windows 8.1. What I've done here is gather together a few important tips that you can use to make sure it is running.<br />
<br />
This post is current as of WinPcap 4.1.3 and is written from the perspective of Windows 7, 8.1 and 10.<br />
<br />
<strong>1. How do you tell if WinPcap is installed?</strong><br />
<br />
<em>Quick check:</em> WinPcap will show up in Control Panel/Programs and Features. This is not a guarantee that it is properly installed or running.<br />
<br />
<em>Detailed check:</em> WinPcap has three main components. Here is where to find them on a 64 bit Windows operating system:<br />
<br />
<ol>
<li>c:\windows\system32\drivers\npf.sys (this is the actual kernel mode driver)</li>
<li>c:\windows\system32\packet.dll (64 bit version of DLL) and c:\windows\SysWOW64\packet.dll (32 bit version of DLL)</li>
<li>c:\windows\system32\wpcap.dll (64 bit version of DLL) and c:\windows\SysWOW64\wpcap.dll (32 bit version of DLL)</li>
</ol>
<em>All DLLs and the driver should be showing version 4.1.0.2980 which is really 4.1.3 (go figure).</em><br />
<br />
<strong>2. How do you tell if WinPcap is running?</strong><br />
<br />
The WinPcap driver <em>does not show up</em> in the list of services accessible through Control Panel/Administrative Tools/Services - but you can find out another way.<br />
<br />
Start up a Command Prompt using <em>Run as administrator</em> and enter the following command that shows the driver configuration:<br />
<br />
<span style="font-family: "Courier New", Courier, monospace;">C:\WINDOWS\system32>sc qc npf</span><br />
<div>
<span style="font-family: "Courier New", Courier, monospace;">[SC] QueryServiceConfig SUCCESS</span></div>
<span style="font-family: "Courier New", Courier, monospace;">SERVICE_NAME: npf</span><br />
<div>
<span style="font-family: "Courier New", Courier, monospace;"> TYPE : 1 KERNEL_DRIVER</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> START_TYPE : 2 AUTO_START</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> ERROR_CONTROL : 1 NORMAL</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> BINARY_PATH_NAME : system32\drivers\npf.sys</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> LOAD_ORDER_GROUP :</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> TAG : 0</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> DISPLAY_NAME : NetGroup Packet Filter Driver</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> DEPENDENCIES :</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> SERVICE_START_NAME :</span></div>
<br />
Make a note of the START_TYPE, we will discuss that later.<br />
<br />
This command shows the actual WinPcap driver state, whether running or stopped:<br />
<br />
<span style="font-family: "Courier New", Courier, monospace;">C:\WINDOWS\system32>sc query npf</span><br />
<span style="font-family: "Courier New", Courier, monospace;">SERVICE_NAME: npf</span><br />
<div>
<span style="font-family: "Courier New", Courier, monospace;"> TYPE : 1 KERNEL_DRIVER</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> STATE : 4 RUNNING</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> WIN32_EXIT_CODE : 0 (0x0)</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> SERVICE_EXIT_CODE : 0 (0x0)</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> CHECKPOINT : 0x0</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> WAIT_HINT : 0x0</span></div>
<br />
<strong>3. How do you start WinPcap?</strong><br />
<br />
From an administrator Command Prompt, enter this and look at the STATE to make sure it is running:<br />
<br />
<span style="font-family: "Courier New", Courier, monospace;">C:\WINDOWS\system32>sc start npf</span><br />
<span style="font-family: "Courier New", Courier, monospace;">SERVICE_NAME: npf</span><br />
<div>
<span style="font-family: "Courier New", Courier, monospace;"> TYPE : 1 KERNEL_DRIVER</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> STATE : 4 RUNNING</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> WIN32_EXIT_CODE : 0 (0x0)</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> SERVICE_EXIT_CODE : 0 (0x0)</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> CHECKPOINT : 0x0</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> WAIT_HINT : 0x0</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> PID : 0</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> FLAGS :</span></div>
<br />
<strong>4. How do you stop WinPcap?</strong><br />
<br />
From an administrator Command Prompt, enter this and look at the STATE to make sure it is stopped. If it does not stop, you need to exit any programs using it.<br />
<br />
<span style="font-family: "Courier New", Courier, monospace;">C:\WINDOWS\system32>sc stop npf</span><br />
<span style="font-family: "Courier New", Courier, monospace;">SERVICE_NAME: npf</span><br />
<div>
<span style="font-family: "Courier New", Courier, monospace;"> TYPE : 1 KERNEL_DRIVER</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> STATE : 1 STOPPED</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> WIN32_EXIT_CODE : 0 (0x0)</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> SERVICE_EXIT_CODE : 0 (0x0)</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> CHECKPOINT : 0x0</span></div>
<div>
<span style="font-family: "Courier New", Courier, monospace;"> WAIT_HINT : 0x0</span></div>
<br />
<strong>5. Some people have trouble starting Wireshark, it starts to load OK but stops at <em>Configuration 100%.</em> What can be done?</strong><br />
<br />
Remember the START_TYPE entry from number 2 above? It needs to change. From an administrator Command Prompt, enter this command then reboot your system, then try Wireshark again. The space after start= is required.<br />
<br />
<span style="font-family: "Courier New", Courier, monospace;">C:\WINDOWS\system32>sc config npf start= delayed-auto</span><br />
<div>
<span style="font-family: "Courier New", Courier, monospace;">[SC] ChangeServiceConfig SUCCESS</span></div>
<br />
<strong>6. How can I tell which program is currently using WinPcap?</strong><br />
<br />
That can be a little difficult, but if a program is actively using WinPcap there is a way to find out by using Sysinternal's Process Explorer.<br />
<br />
<ol>
<li>Download Process Explorer and run it from here: <u><span style="color: green;"><span style="color: green;"></span></span></u><span style="color: green;"><span style="color: green;"></span></span><span style="color: green;"><span style="color: green;"><u></u></span></span><a href="https://technet.microsoft.com/en-us/sysinternals/bb896653"><u><span style="color: green;"><span style="color: green;">https://technet.microsoft.com/en-us/sysinternals/bb896653</span></span></u></a></li>
<li>Make sure npf is running.</li>
<li>In Process Explorer, click on Find menu/Find Handle or DLL</li>
<li>Enter wpcap or packet and press Search. If NetScanTools Pro is running, it shows nstpro.exe, PID, DLL and C:\Windows\SysWOW64\wpcap.dll - in other words, if a program is actively using WinPcap, it will show up there.</li>
</ol>
<em>I hope these WinPcap tips help you, please let me know if you have any others to share.</em><br />
<br />
KirkUnknownnoreply@blogger.com0