10.55 Released on January 22, 2008
--see Release Notes below
With this release everything runs in Windows Vista. The only remaining issues are moving all saved settings away from the registry and completing the conversion of the software from VC++6 to VC++8 (2005). Many parts and subprograms have already been converted already.

December 5, 2006 NetScanTools Pro USB Version announced. This is a portable application entirely contained on a USB Flash Drive. For more information, please see this page.

NetScanTools Pro 10.x users: see the left panel Online Group/Check for New Version to upgrade* the latest version and also download a trial copy of the Managed Switch Port Mapping Tool. *Upgrade is only available to those with active maintenance plans (renewal information is here).

Version 10.x is designed and tested on 32 bit Windows Vista/2003/XP/2000 and 64 bit Windows Vista. We do not support use of this product on Windows NT4/9x/ME.

10.55 January 22, 2008

-Database Tests - added new tool to lookup a service name or number and return the corresponding information based upon the services database.

-Name Server Lookup: "Who am I?" now shows all default system DNS in order and adds the domain name used by the system.

-Name Server Lookup: Added new feature called "Test Default Servers" which takes an IPv4 address or hostname, then does a query of each default system DNS in order.

-OS Fingerprinting: removed banner text stating that it was experimental.

-Packet Generator/Scripting: Fixed problem defining source and target IP address, it was not correctly overriding the display control IP from within a script.

-Packet Generator/Scripting: Added new script commands TCP_DATAFROMFILE and TCP_DATAFILEPATH to allow you to generate a TCP packet with a payload from a file.

-Packet Generator/Scripting: Added new script commands UDP_DATAFROMFILE and UDP_DATAFILEPATH to allow you to generate a UDP packet with a payload from a file.

-Packet Generator/Scripting: Added new script commands ICMP_DATAFROMFILE and ICMP_DATAFILEPATH to allow you to generate an ICMP packet with a payload from a file.

-Packet Generator/Scripting: updated script example.

-Updated all copyright notices to 2008.

-Updated SQLite to version 3.5.4.

-Updated database files.

10.54 November 28, 2007

-OS Fingerprinting: added identification of some models of D-Link, Linksys, Nortel and Netgear switches.

-Several improvements to NetScanner: Added option to automatically delete non-responding IPs at end of sweep. The Sweep Stats Report is now shown as an HTML web page in your browser. Detailed drilldown on an IP now presented in HTML web page. Netbios control options were simplified. Removed the old 'merge drilldown' option and replaced it with an enhanced web browser standard report.

-Added Check for New Version to toolbar Help menu.

-Promiscuous Mode Scanner - fixed problem that caused a crash if you stopped a scan in progress.

-RPCInfo - converted DLL to VC++8 (2005) from VC++6. Fixed error reporting bugs and corrected threading issues.

-Name Server Lookup - converted DLL to VC++8 (2005) from VC++6. Minor internal cleanup.

-Ping - added right click menu options for ftp, http, telnet and whois.

-Added checkbox to control display of splash screen in Set Preferences.

-Fixed Local Computer and LAN Info in Automated so that it properly shows adjacent Windows computer operating systems.

-Changed most DNS queries in Automated so they are faster and less queries are made to obtain the same information.

-Updated to WinPcap 4.0.2.

-Updated database files.

10.53 August 15, 2007 (includes changes for USB version)

-Urgent fix to SNMP tools. Several problems that were introduced in v10.50 were fixed.

-Raw Socket/MS ICMP DLL selection removed from Set Preferences.

10.52 August 3, 2007

-Lots of internal cleanup of old obsolete code mostly by removing conditional support for win9x/ME operating systems.

-Traceroute completely rewritten to function on Windows Vista. Much faster in all modes. New packet options including changes to payload.

-Traceroute in Automatic tools modified for Vista. Now ICMP DLL only.

-Net Topography modified for Vista. Now uses MS ICMP DLL only.

-Packet Generator: fixed port definition problem in UDP sending.

-Complete rewrite of OS Fingerprinting with vastly improved accuracy and now functions properly on Vista. Added new signatures designed to identify Windows Vista, Windows 2003, Windows XP, some types of Hewlett Packard, Cisco, 3Com and Dell Switches, and several other devices.

-Fixed Automated whois so it now uses the proper whois servers automatically.

-Fixed whois database problem with '.org' queries.

-Upgraded to SQLite v3.4.1. All programs using SQLite were recompiled.

-Port Scanner Ping is now MS ICMP DLL only.

-Login Access Credentials more visible in Check for New Version.

-Updated to WinPcap 4.0.1.

-Updated database files.

10.51 July 3, 2007

-Installed version no longer saves SNMP persistence files in c:\usr.

-Packet Generator now has improved target MAC address finding algorithm.

-All functions that use WinPcap for packet transmission now warn the user when an attempt is made to send packets through a WAN (PPP/SLIP) interface. WinPcap 4 cannot send packets through these types of interfaces.

-All ICMP custom packet functions moved from Ping Tool to Packet Generator Tool. The ICMP custom packet sending has been improved.

-Ping Tool redesigned. MS ICMP DLL Ping is a new option. WinPcap ICMP and UDP Ping are a new option and UDP Socket Ping Transmit with WinPcap receive are also new options. The three WinPcap receive options all show packet times down to the microsecond level. This tool now works properly on Windows Vista.

-RFCs 1393, 1475 and 1788 have been added to the RFC library.

-Packet Viewer now correctly decodes packets.

-Upgraded to SQLite v3.4.0. All programs using SQLite were recompiled.

10.50 June 7, 2007

-All temporary files are now placed in the directory preferred by the operating system rather than with the program. This conforms to Windows Vista requirements.

-All program data files such as persistent databases and other similar files are now saved to the user data directory preferred by the operating system rather than with the program. This conforms to Windows Vista requirements.

-Temporary files used to save persistence between tools are now deleted from the Set Preferences window without sending them to the recycle bin. This mostly affects the USB version.

-All Save to file options now point to My Documents. This conforms to Windows Vista requirements.

-All databases have been converted to SQLite.

-Converted most subprograms to VC++8 (2005) from VC++6;

-Packet Generator rewritten to support Windows Vista.

-Packet Generator min packet to send is now lower limited at 1.

-Network Info and Stats connection list now works under Windows Vista.

-Packet Capture tool now captures packets in a format compatible with Wireshark and Ethereal. Those tools can be launched (if installed) from a right click menu option for greater detailed viewing of captured packets.

-Protected Storage Viewer now exports to XML.

-Protected Storage Viewer now shows IE7 information.

-Promiscuous Mode Scanner now works correctly with Windows Vista when the ARP table contains many 'invalidated' entries.

-NetBIOS Info-Shares/System Basics now properly shows the Node Type.

-UDP Ping now works properly under Windows 2000/XP.

-Real Time Blacklist check server list has been updated.

-IRR server list has been updated.

-Updated Whois, IP to Country and other databases.

-SNMP Dictionary Attack now restores previous target list to display.

-Automated report section "The DNS name server(s) responsible for ..." has now been fixed.

-Fixed problems with Net Topography when the Resolve IPs to hostnames box was checked.

-Added RFC 3263 to reference library.

-Fixed problems with the registration parser.

-Digital Signatures added to all binaries we created.

-Issues with Ping, Traceroute, Netscanner continue to persist under Windows Vista. This will require a complete rewrite of those features as a permanent fix. Workaround is to select 'Use MS ICMP DLL' in Set Preferences. Your Vista system may operate correctly if an inbound ICMP rule allowing all ICMP to pass is created in Control Panel/Admin Tools/Windows Firewall. However, this seems to work intermittently for unknown reasons.

 10.43 January 16, 2007

-Fixed problem which prevented the TCP SYN/Other port scans from working correctly.

-Updated database files.

-Removed relays.ordb.org from Real Time Blacklist database.

-Now using WinPcap 4.0 beta 3.

10.42 November 20, 2006

-Packet Generator has changes to allow it to send bursts of packets at the highest rate your computer and WinPcap will allow. Tested speed can be as little as 50 microseconds between identical packets, your results may vary.

-Fixed window resizing problem in Check for New Version.

-Fixed rare output formatting problem getting country for IP address.

-Updated documentation in Custom ICMP Packet Generator (PING) section to detail steps necessary to send custom ICMP packets out when Windows Firewall is active.

-Many internal changes to support operation on Microsoft Vista. Arp Sweep on the Arp Tool, Arp Ping, Promiscuous Mode Detection and Packet Generator have all been fixed so that they now work properly on Vista. Other parts of the program such as Ping, Traceroute, Net Topo and NetScanner do not work on Vista unless you choose MS ICMP DLL in the Set Preferences window. Network Statistics lower window with the connection endpoint list does not work under Vista. Future versions of NetScanTools Pro will correct these issues.

-Now using WinPcap 4.0 beta 2.

10.41 October 16, 2006

-Changed the way databases are opened to ensure the database index is rebuilt every time the database is first accessed. This eliminates .mdx file corruption in the USB version.

-Certain databases are now only opened when needed speeding up program start.

-Changed the way Name Server Lookup tool activates and stores most recently used list of DNS record types. Addresses apparent hang of program in USB version.

-Changed the method of saving tool state for all grid results tools. This makes the switching between tools faster. This will be most noticeable in the USB version.

-Whois: fixed the initialization of the 'Step One' prefix to properly include
trailing space.

-Whois: fixed bulk whois so it now properly appends all bulk results. This problem was introduced in 10.4 when the autoclear checkbox was removed.

-Name Server Lookup: changed ENUM telephone number lookup to allow user defined root servers other than e164.arpa. Added Set Defaults button to Setup and there was a minor rearrangement of buttons on the tool window.

10.4 September 25, 2006

-Faster startup due to changes in the way the databases are loaded.

-SNMP: New engine. Better indication of tool status including during SNMP MIB starting and loading.

-SNMP Dictionary Attack tool is new and can be accessed through the SNMP Tool.

-Name Server Lookup: Added decoding support for DNS records RRSIG, NSEC and DNSKEY (RFC 4034).

-Name Server Lookup: replaced the confusing 'unknown_server_name' string with the IP address of the server.

-RFC Reference: Added several RFCs to the library.

-Launcher: Added ability to launch SSH and SFTP programs.

-Real Time Blacklist: server list has been expanded and the response code is now displayed.

-Protected Storage Viewer: Added ability to delete an entry from Protected
Storage using the right click menu.

-URL Capture: Added timestamp, URL and IPv4 address to the results area.

-NetBIOS Advanced: Improved functional feedback during Connect/Disconnect.

-Whois: Added more information to query results. We now show name servers used for queries, timestamps, and sources of information are now clearly marked.

-Whois: Added previous query results history (ie forward and back buttons much like in a web browser) and a method of removing annoying legal and advertising messages.

-Whois: Added the two step referral for .jobs and .tv.

-Added database cleanup to Packet viewer and Passive Discovery launchers.

-Passive Discovery: the display of 'found' systems now appears at one second
polled intervals rather than only when the Stop button is pressed.

-Passive Discovery: Fixed calculation of base Network Address when the recalculate button is pressed. It now accepts input from the Subnet Mask control as it should so that you can manually override any automatically calculated values.

-IP Packet Viewer has been renamed to Packet Viewer to reflect the new ability to see non-IP packets such as ARP.

-Packet viewer: Fixed problem filtering by TCP port number.

-Packet Viewer: Added capture of ARP packets. We now save the whole packet including ethernet headers. Unknown protocol packets are also saved.

-Ping: Left five columns now sort numerically.

-Traceroute tool now has improved mode selection in the setup window. It also now correctly shows the time it takes for a response from the final hop in TCP mode. TCP traceroute now correctly completes upon receipt of TCP packets from the target in response to our transmissions. Added delay between hop packet transmission.

-Traceroute: Time column now sorts numerically.

-Traceroute Setup defaults button now puts 1 for starting hop instead of zero.

-Automated Tools: Changed the traceroute default values to match defaults in
manual tools.

-Added icons on many buttons throughout the program.

10.31 March 21, 2006

This release concentrates on fixes and improvements in the area of registration, maintenance plan reminders, and checking for new versions. There are some user interface responsiveness fixes. The only added features are minor.

-Changed the maintenance plan reminder so that it gives options for reminder frequency.

-Fixed action in progress logic problem with launching SNMP functions.

-Check for Service Pack button on About NetScanTools Pro window renamed to Check for New Version. It now automatically opens the Online group, then opens the Check for New Version window presenting the correct login credentials.

-The automatic reminder to Check for New Version now automatically opens the Online group, then opens the Check for New Version window presenting the correct login credentials.

-Viewing the Check for New Version window now resets the automatic reminder clock correctly.

-Fixed registration logic problem that affected installations that upgraded from v9 (2004) to v10.21 through 10.3.

-Improved responsiveness of Whois tool to cancel button and fixed grayout issues with some buttons.

-Improved responsiveness of DHCP Server Discovery to cancel button and minimized chance of problems when switching to another tool. Reduced upper limit of listening timeout to 10 seconds, ie. all responding DHCP servers have to respond within the time limit shown. Tool now warns about limited results when using all zeroes MAC address.

-Tools/Help Wizard now resizes Questions and Answers windows to match main window. Questions are pre-expanded out and answers now expand out one more level. Questions are now alphabetized.

-Fixed these command line options (ping, autoping, trace, whois, netbios, timesync, and finger) and added 'simplelookup' command line option.

-Added new option in TimeSync Scheduler to allow a timesync every minute.

-Added Maintenance Plan Expiration notice to the Check for New Version window.

-Added Program Version to Registration Information notes on About NetScanTools Pro window.

10.3 January 6, 2006

-All SNMP related functions now can use SNMP v2c in addition to v1.

-Fixed IP AS/IRR information gathering problem in HyperTrans.

-Added IP to Country column for Translate function in HyperTrans.

-Added timing to HyperTrans.

-Added copying of the column header text to the clipboard when Copy All is selected in any of the grid results based tools like Ping or Traceroute.

-Fixed problem sorting Responding IP column in NetScanner.

-Added an edit menu option to copy the image of the graph to the clipboard for pasting into another graphics program. Affects the time graph viewer accessible from the right click menus of the Ping, Traceroute and NetScanner tools.

-Fixed domain section of whois query on an IP address. If it comes back with a hostname ending in in-addr.arpa, it does not try to do a whois on that extension.

-Fixed IP Drilldown button gray out in the Name Server Lookup tool.

-Fixed problem in Passive Discovery affecting selection of interface if WinPcap does not return an IP address to associate with the interface.

-Added referral query to .cc domain extension in whois.

-Added whois support for new .eu and .travel domains. Updated several IP allocation server names.

-Improved system uptime reporting on TimeSync.

-Fixed grayout of Set/Clear Test buttons in SMTP Relay Test.

-Fixed a potential for a buffer overflow exploit involving the Ident Server. Note that the IDENT Server is DISABLED by default and the IDENT server can only operate when NetScanTools Pro is running, IDENT server is NOT a service program. Thanks to (y0 [at] w00t-shell.net) for bringing this to our attention.
 

Support Topic, Aug 22, 2005. A user has informed us of a potential for a buffer overflow exploit involving the Ident Server. Note that the IDENT Server is DISABLED by default (v2000r3 or newer). The IDENT server can only operate when NetScanTools Pro is running, IDENT server is NOT a service program. Immediate corrective action: Please go to the Tools group menu and click on Ident Server (it is on the tree near the bottom, just above the Help Wizard) or locate the Ident Server tab on 2003 or earlier. Uncheck the Enable IDENT Server box and do not use the Ident server. For added safety please be sure that your computer's firewall software blocks incoming connections to TCP port 113. This problem was corrected in v10.3.

10.21 Release Notes, August 12, 2005

-10.2 was withdrawn on Aug 8 due to incompatibilities with some Windows 2000 systems. 10.21 corrects that problem.

-We now have compiled everything to support WinPcap 3.1 Final version from August 5, 2005. The full installer and upgrade installers now have the WinPcap 3.1 installer added.

-corrected problem with TOS bit settings in Packet Generator.

-Added new TOS higher bits and their script commands are below. These are not in the document:

These all default to 0 (zero) which means unchecked box on the window.

TOS_DELAY=0 or TOS_DELAY=1
TOS_THROUGHPUT=0 or TOS_THROUGHPUT=1
TOS_RELIABILITY=0 or TOS_RELIABILITY=1
TOS_BIT6=0 or TOS_BIT6=1
TOS_BIT7=0 or TOS_BIT7=1

10.2 Release Notes, August 5, 2005

-Whois now has reverse lookups for IP queries followed with whois lookups of the domain found with that reverse lookup, IP to Country mapping for IPs or domains that resolve to IPs. Abuse.net info and SPF records are now displayed for domains. Changes to support RIPE's new database access flags.

-Significant speed up to NetScanner. Removed whois from NetScanner because the bulk whois feature is now available in the whois tool. This simplified NetScanner and stopped some crashing that occasionally occurred upon program exit. Added export of IP address column and export of hostnames to batch whois list.

-IP Packet Viewer now has double click to view packet data. Added view results grid in web browser. Added right click options to search the stored packets for text strings which is a significant help searching for a specific set of data in a transmission. Also changed the way we talk to WinPcap in order to minimize the impact of some antispyware/antiadware programs which delete anything using WinPcap without the user's permission.

-Internal changes to Real Time Blacklist Check tool for increased speed.

-Passive Discovery. Changed the way we talk to WinPcap in order to minimize the impact of some antispyware/antiadware programs which delete anything using WinPcap without the user's permission.

-SMTP Relay test. We fixed login domain name problem and added buttons to set and clear the test checkboxes.

-Packet Generator now has basic scripting. See help file for full description of syntax and usage.

-NetScanTools Pro main executable. Changed the way we talk to WinPcap in order to minimize the impact of some antispyware/antiadware programs which delete anything using WinPcap without the user's permission. There are error messages for how to handle a WinPcap error.

-Added checkbox on Set Preferences to control fade-in for the 2003/XP/2000 splash screen.

-Traceroute now has Country column which is populated based upon IPv4 address country assignment or allocation. This also applies to the Traceroute feature in the Automated section. Column width formatting of the web results view has been improved. When in TCP mode, the thread count is automatically placed at one then restored to the original count for other modes.

-Traceroute Setup. Changed the functionality of the defaults button to restore default values for most items on the setup dialog.

-Ping column width formatting of the web results view has been improved.

-These tools now correctly remember column widths when you switch tools or exit the program: Ping, Traceroute, ARP, ARP Ping, DHCP Discovery, Hypertrans, IP to Country Mapping, IP Mac Address Management, NetBIOS Info Basic, NetScanner.

-Hypertrans and Whois (batch mode editor) now can check for duplicate entries during import from text files and manual mode entries.

-Subnet Calculator. Added Display Inv Mask checkbox for displaying the subnet mask results in inverse format.

-Protected Storage Viewer now correctly parses MSN account information.

-WinPcap version is now shown in About information.

10.1 Release Notes, April 2005

-Improved Registration Reminder window. Combined registration activation entry fields into one field that parses the email with the registration information.

-Program now checks to see if it is already running. Only one instance of the program may run at a time.

-Enhanced SMTP Relay test with better results parsing, individual test analysis
and control over individual tests to run. Cleaned up the gray out of controls
when tests are being run.

-Wake-on-LAN now allows the easy import of a text file with multiple hosts and MAC addresses.

-Corrected issue in TimeSync where getting the machine uptime might cause a crash under certain circumstances.

-Improved selection of interface if WinPcap does not return an IP address to
associate with the interface. Affects a number of tools.

-Added popup warning about using TCP Traceroute with more than 1 thread.

-Increased ping packet length default from 16 to 32 bytes in NetScanner. At least one flavor of UNIX was not responding to the shorter length, but did respond to the longer length.

-Save to text file right click option improved to autoappend .txt if it or any other extension is missing.

-Updated 'grouped' tools tree.

-Whois now allows repeat right-click queries of highlighted text that appears in
the Whois results window, not just from other results windows that switch to the Whois tool.

-Name Server Lookup now allows repeat right-click 'Simple' queries of highlighted text that appears in the Name Server Lookup results window, not just from other results windows that switch to the Name Server Lookup tool.

-Email Validate now has a 'Stop of first success' checkbox to avoid continuing on querying multiple servers after the first successful validate is complete.

-Updated whois support for new IP registry afrinic.net.

10.0 Release Notes, February 2005

-Registration now mandatory to activate your maintenance plan which allows you to obtain support and updates. Registration must be done within 15 uses after installation or the software stops working. Registration FAQs.

-ARP: Arp sweep is now significantly faster and now populates the Arp cache with IP/MAC associations. Arp tool display reworked.

-ARP Ping[new]: This tool can be used to send ARP packets to a specific LAN IP address to check response time and also check for duplicate IP addresses.

-Cache Forensics (2 tools)[new]: URL Cache Viewer allows you to view cookies, history and cached files used by Microsoft Internet Explorer. Protected Storage Viewer allows you to view protected storage and see autocomplete field information, saved site login information and Microsoft Outlook (Express) email login and passwords.

-Discovery-Passive: this tool listens to network traffic to determine active IP addresses on your subnet. It can also be used indirectly to see IP transmission activity levels (counts) as a method for finding computers that talk excessively due to trojans or other problems.

-Email Validate: now does a 'RCPT' test in addition to the 'VRFY' test. Other changes include support for authorized login to smtp server.

-IP Address/Country Mapping: updated database.

-Name Server Lookup: IP Drilldown added. This new feature takes an IPv4 address and then requests responsible name server information for each of four levels (class D through A) in in-addr.arpa namespace. The DNS server IP address input field has now been added to the main view in addition to being available on the setup window.

-Net Topography: new setup window that is unique to the tool instead of being shared with traceroute.

-NetScanner: Significant speed improvements by moving the NetBIOS query from a single thread to being parallel within each scan thread. ARP thread has also been removed and replaced with a different ARP test at the end of a scan. This test only contacts responding IPs that have no MAC addresses so that we can determine the MAC address. The ARP test is only done on computers within the same subnet.

-Network Statistics: process to port mapping has been rewritten to allow it to work on dual processor machines. The trojan ports database has been updated.

-Packet Generator [new]: this tool allows you to have control over most aspects of the IP header and the TCP/UDP headers when sending a test TCP or UDP packet. Use this tool with care.

-Ping: this tool now does either an ICMP only, UDP only or combination ping.

-Port Scanner: recommend that Ping before Scan be used when doing a Full Connect scan if you are operating on a Windows XP sp2 platform.

-Promiscuous Mode Scanner: this tool checks your LAN for network interfaces listening for packets in promiscuous mode. This mode usually indicates that the interface is listening for packets not intended for it.

-RFC Reference: more RFCs added.

-Subnet Calculator: CDIR notation added to hosts count input list.

-TimeSync: removed PDH.DLL dependency and went with swap file creation time. Changed lists of NTP servers to support new round-robin pool.ntp.org server selection.

-Traceroute: worked to improve TCP Traceroute performance.

-URL Capture: now has edit box for contolling the 'host:' field found in the HTTP header. This allows contacting websites where one IP address hosts several domain names.

-WHOIS: rwhois now automatically follows referrals to the rwhois or whois server that has the data. Updated whois server lists.

-Updated Accessibility Menus.

-New splash screen added.