Friday, November 20, 2009

Fix It option for Windows Update issues

As a follow-up to a previous posting concerning troubleshooting WSUS connectivity, Microsoft has made available a Fix It solution for Windows Update issues.

http://support.microsoft.com/Default.aspx?kbid=971058

Some manual steps would include:

a. Stop the Automatic Updates service
b. Rename the software distribution folder (i.e. C:\Windows\SoftwareDistribution).
c. Restart the Automatic Update service
d. Run wuauclt /resetauthorization /detectnow
e. Run wuauclt /reportnow

If a machine does not appear within the WSUS console, a client ID may be the same as another computer.

a. Stop the automatic service
b. Delete the SUSclientID reg key

HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate

c. Restart the automatic service 
d. Run wuauclt /resetauthorization /detectnow 
e. Run wuauclt /reportnow

VHD Attach

This is small tool that adds Attach and Detach option to contextual (aka right-click) menu of Virtual disk (vhd) files.

http://www.jmedved.com/default.aspx?page=vhdattach

Virtual CloneDrive

Virtual CloneDrive works and behaves just like a physical CD/DVD drive, however it exists only virtually. Image files generated with CloneDVD or CloneCD can be mounted onto a virtual drive from your hard-disk or from a network drive and used in the same manner as inserting them into a normal CD/DVD drive.

http://www.slysoft.com/en/virtual-clonedrive.html

Wednesday, November 11, 2009

SS64 Web Site

The SS64 web site is a reference for command line options for several different databases and operating systems.

http://ss64.com/

Webconverger

Webconverger is a Debian-based Linux distribution for web kiosks with the Firefox web browser as the only application.

http://webconverger.com/

Saturday, November 7, 2009

SkyDrive Explorer

Skydrive is a free storage area offered via skydrive.live.com (current space limit is 25 GB).  The normal access method is via a web browser.  But the software below allows access via the local Windows Explorer interface.

http://www.skydriveexplorer.com/

Svchost Process Analyzer

This utility offers details concerning the processes running under the generic svchost.exe process.

http://www.neuber.com/free/svchost-analyzer/

Prefetch folder within Windows

Windows has a feature called Prefetch.  Prefetch is designed to “cache” certain components over time so popular applications on a system will launch faster in the future.

A folder is present under the SystemRoot folder called Prefetch:

prefetch1

The .pf files are associated with the application in question.  A file should be present under this directory called Layout.ini.  This file includes the full path of the executables that have been processed:

prefetch2

To obtain more information, download and unzip the Windows File Analyzer tool found at:

http://www.mitec.cz/wfa.html

This utility will display data such as the date of creation and the last access time.

prefetch3

More information concerning the Prefetch folder can be found within the documentation file included with the Windows File Analyzer download.

Speed Test Links

Below are some sites that offer network speed tests.

http://www.speakeasy.net/speedtest/

http://www.speedtest.net/

http://www.dslreports.com/stest

Tuesday, November 3, 2009

Wallpaper Web Site

This site has wallpaper images with different resolutions.

http://interfacelift.com/

Nmap Information

Below is some general information concerning the Nmap application found at:

http://insecure.org

-sL –> list scan

-PS port number –> sends a TCP SYN packet to ports listed

-PA port number –> sends a TCP ACK packet to the ports listed

-PU port number –> sends a UDP packet to the ports listed

-n –> no DNS resolution

-R –> DNS resolution for all hosts

-sP –> ping scan

-PN –> disable ping; treat all hosts as online

-6 –> TCP/IP version 6

-T4 –> more aggressive timing policy to speed up the scan

-sS –> TCP SYN stealth

-sT –> TCP connect

-sU –> UDP

-sI –> TCP idle scan

-p –> port selection

-A –> aggressive tests, including OS and version detection

nmap1

-v –> verbose

--append output

--packet-trace

--reason

--randomize-hosts

--traceroute

--dns-servers

Reports

-oN –> normal report

-oG –> grepable report

-oX –> XML report

-oA –> all three report formats

nmap2

Sunday, November 1, 2009

Ninite

Ninite is a web page that allows you to select different applications and create a custom installer.  This allows multiple programs to be installed at one time.

http://ninite.com/

Detecting support for hardware virtualization

Microsoft’s Virtual PC and XP Mode within Windows 7 requires hardware-assisted virtualization.  Microsoft has released a tool found at the link below to test a computer for this component:

http://www.microsoft.com/downloads/details.aspx?FamilyID=0ee2a17f-8538-4619-8d1c-05d27e11adb2&displaylang=en

virtual_detect1

Another option to check for this requirement would be to use the Securable application from GRC:

http://www.grc.com/securable.htm

virtual_detect2

Instructions for downloading portable Firefox

In some situations such as software conflicts and/or  malware, Internet Explorer may not function properly.   As a short-term solution, a portable version of Firefox can be used.   The advantage of a “portable” application is it does not modify any system files or folders on your computer.   These types of programs are designed to run from an USB thumb drive.

The instructions below describe how to download and extract the portable version of Firefox.  If your Internet Explorer version is too unstable to complete these tasks, another computer will need to be used.   The web site to find the portable version of Firefox (and other portable applications) is http://portableapps.com/.

In the example below, Microsoft Vista was used, so the screen may appear somewhat different if you are using another operating system such as Windows XP.   But the concepts are the same.   In our example, we will save the .EXE file to our Desktop. But any location will work as long as you can remember the path to the .EXE.

The main download page may appear similar to the screen capture below.

clip_image002

clip_image004

Once the download process has completed, double-click on the .EXE file. Click on the Run button.

clip_image006

Click on the Next button.

clip_image008

Click on the Browse button and select your Desktop folder.  If you wish to use an USB thumb drive, select the path to the device.

clip_image010

clip_image012

You can select another folder path if you wish.   Click on the Install button.

Click on the Finish button once the extraction process has completed.

clip_image014

Once the extraction process has completed, a folder named FirefoxPortable should be present.   At this point, you can copy this folder to an USB thumb or flash drive if you are using another computer.   Under this folder should be an .EXE file named FirefoxPortable.exe.

clip_image016

When the application is first launched, use the default parameter.

clip_image018

To remove the application from your computer or USB thumb drive, simply delete the FirefoxPortable folder.   One disadvantage of Portable Firefox is some common plug-ins such as Adobe Flash is not present by default.   In the example below, simply click on the hyperlink to install Flash.

clip_image020

PacketShaper Information

Below are commands for a PacketShaper device available via the command-line interface.

hostdb info -> Tells you what hosts are active and how much bandwidth they are using

hostdb show -> Tells you the active host and if they are sending TCP/UDP packets

hostdb topusers -> Similar to top talkers/top listeners

links show -> Display the current programmed link speeds with link statistics

net nic -> View network statistics such as packets transmitted and discarded

setup shaping on|off|bypass|passthru|watch -> When shaping is turned on, traffic is classified and measured, and control policies are enforced.  When shaping is off, traffic is classified and measured but not managed

traffic active -> Display the current, maximum, and possible number of sessions for TCP, UDP, and Legacy traffic types

traffic bandwidth -> Display bandwidth utilization for a partition

traffic flow -to -uo -> Display summary information about some or all currently active TCP connections and/or UDP sessions

traffic flow -tup -> Displays the source and destination IP address, port numbers, Inbound and Outbound classes the traffic is hitting, and the PacketWise service name

traffic history find IP ADDRESS -> Is useful for determining the servers that a specified client IP address is transferring data with, or the clients that are retrieving data from a specific server.  It can also be used to determine exactly what type of network applications a specified PC is using

traffic tree -> Provides detailed information about how often classes and their associated policies are accessed by the PacketWise classification process, along with rate information for each class

version verbose -> Display the software version, model, serial number, and memory capacity.  Use the verbose option to list the part number, the inside and outside MAC addresses, installed keys, and installed classification plug-ins.

setup show -> Use the setup show command to see a list of sharable settings that are stored in the configuration file.
class test -> Test a traffic flow against the present classification tree.  class test [ ]

sys limits -> List the Packeteer unit's configuration limits.  For each object (such as classes, partitions, and policies), the sys limits output lists the maximum number of objects allowed, currently used, and remaining.  For example, you can use this command to determine how many more classes you can create on your unit.


host info -sf -n 20 -> This command will display the top 20 hosts with the most connections.

host info -sr -n 20 -> This command displays the top 20 bandwidth users sorted by their usage.

host show ip address -> This command will display data concerning a certain IP address.

traffic history find ip address -> This command displays past activity for a particular IP address.

traffic flow -tupIA ip address -> This command displays current activity for a particular IP address.

net pna -> Display network statistics

traffic flow -tupIxc class -> This command will display all the tcp and udp flows hitting the specified class.

traffic flow -tupIn 100 -> This command displays 100 current flows.

traffic history recent class -> This command displays which users are using an application.

traffic flow -tpc class -> This command will display the current users of a particular class.

host info -sp -n 20 -> This command will display the top 20 hosts that have the most failed flows the last 1 minute.

sys health -> This command will show if a unit is being overloaded.


packetcapture status -> List the current packet capture settings.

packetcapture add class: -> Specify a class for which you want to capture packets.

packetcapture remove class: -> Remove an existing filter for a class.

packetcapture on -> Enable packet capture.

packetcapture off -> Disable packet capture.