MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
February
Sun Mon Tue Wed Thu Fri Sat
         
 
2008
Months
Feb


Sun, Feb 24, 2008 11:22 pm

Memory Upgrade for Gateway PC Model Number MFATXPN1 ESX 500S P04

I upgraded the memory in a Gateway PC model number MFATXPN1 ESX 500S P04 (that is the model number listed on the back of the computer). The system, which was running Windows XP Professional, had only 256 MB of memory installed.

The following memory module was already in the system:

MT8VDDT3264AG-265C4, PC2100U-25330-A1
US        BZABW72029   200303
256MB, DDR, 266MHz, CL2.5V

The BIOS memory information was as follows:

BIOS Settings
BIOS VersionRG84510A.15A.0021.P11
 
Processor TypeIntel (R) Pentium (R) 4
Processor Speed2 GHz
System Bus Speed400 MHz
System Memory Speed266 MHz
 
Cache RAM512 KB
 
Total Memory255 MB
Memory Bank 0256 MB (DDR 266)
Memory Bank 1Not Installed

I installed the following PNY memory module in the second of the two memory slots in the system.

PNY 512MB
DDR
PC2700
333MHz / 266 MHz
OPTIMA&trade Memory

The following information was on a sticker on the module:

512MB,DDR DIMM,Q
  ASSY. IN TAIWAN
64WQD-T PO135492

The package had "MD0512SD1-333-BB" on it above the UPC. The UPC was 7 51492 34983 1.

When I booted into Windows and ran winver, it showed "Physical memory available to Windows: 784,176KB".

I ran a 30 minute test of the memory with Windows Memory Diagnostic Beta. No errors were found in the 3 passes of the diagnostic program that were run.

[/hardware/pc/memory] permanent link

Sun, Feb 24, 2008 10:44 pm

Memory Upgrade and Sound Card installation in Gateway E2300 PC

I upgraded the memory in a Gateway PC model number MATXHDS MDW E 2300 (that is the model number listed on the back of the computer; a sticker on the side of the computer lists the model number as E2300). The system, which was running Windows XP Professional, had only 256 MB of memory installed.

BIOS Utility - Main
 
BIOS VersionBF86510A.15A.0080.P18
 
Processor TypeIntel(R) Celeron(R) CPU
Processor Spped2.8 GHz
Systm Bus Speed533 MHz
System Memory Speed333 MHz
 
L2 Cache RAM256 KB
Total Memory256 MB
Memory ModeSingle Channel
  Memory Channel A Slot 0256 MB (DDR333)
  Memory Channel A Slot 1Not Installed
  Memory Channel B Slot 0Not Installed
  Memory Channel B Slot 1Not Installed

I also needed to install a sound card, since the on-board audio stopped working. I changed the BIOS settings for the on-board audio support from "enabled" to "disabled". The option is listed under Advanced then Peripheral Configuration in the BIOS Setup Utility.

I checked the Crucial Memory site for information on the memory that the system will support.

ManufacturerGateway
Product LineE Series
ModelE2300 (4 DIMM slots)

The Crucial Memory site providded the following information at Computer memory upgrades for Gateway E-2300 Series (4 DIMM Slots)

Maximum Memory:4096MB
Standard Memory256 or 512 removable
Slots: 4 (2 banks of 2)

Although the memory can be installed one module at a time, the best performance comes from using matched pairs of modules.

Each memory slot can hold DDR PC3200, DDR PC2700 with a maximum of 1 GB per slot.*

*Not to exceed manufacturer supported memory.

The Crucial Memory site also had the following series of questions and answers regarding memory for the system:

Q: Will my system recognize the maximum upgrade?

A: Possibly

How much memory your Windows OS will recognize depends on which version of Windows you are running. 32-bit versions of Windows will see (and utilize) only 3GB or 3.5GB. To utilize more memory, install a 64-bit version of your OS. More information about OS memory maximums can be found at http://www.crucial.com/kb/answer.aspx?qid=4251.

Q: What memory goes into my computer, and will a faster speed be backward-compatible?

A: DDR memory with support for DDR PC3200,DDR PC2700 speeds.

Because DDR memory is backward-compatible, you can safely upgrade your system with any of the guaranteed-compatible DDR speeds listed below, even if your manual calls for PC1600 or PC2100 speeds. [DDR PC3200 and DDR PC2700 modules were listed below the statement]

Q: How much memory can my computer handle?

A: 4096MB

Adding the maximum amount of memory will improve performance and help extend the useful life of your system as you run increasingly demanding software applications in the future.

Q: Do I have to install matching pairs?

A: Yes

Your system requires that you install memory in pairs.

The system had a 256 MB memory module in Channel A DIMM0. That module had the following information on a sticker on it.:

Hynix KOREA 03
PC2700U0430
256MB DDR 333MHz CL2.5
HYMD232646B8J-J AA-A

I put the following memory in the system:

Kingston Technology
Value RAM
KVR333/1GR

The module had a sticker on it with the following information:

Kingston
Technology
KVR
KVR333/1GR
7406170726622.5V
Warranty Void if Removed

The Crucial Memory site indicated that memory must be installed in matching pairs, but I wasn't sure if that applied just to modules inserted in the same channel, i.e., I wasn't sure if I could install the 1 GB module in Channel B, since the 256 MB module was in channel A. I put the new module in Channel B DIMM0. When I powered on the system, I saw "1264MB System RAM" but then received the error message "Dual-channel operation requires identical paired DIMMs installed across both memory channels." I then tried the new 1 GB module in Channel A DIMM1. Again I saw "1264MB System RAM" and the same error message, so I removed the 256 MB module and moved the 1 GB module to Channel A DIMM0. This time when I powered on the system I saw "1008 System RAM" followed by "Keyboard Error" and then "Memory Size Decrease". I powered the system off and on and didn't see the keyboard or "memory size decrease" messages again, though the system did display "1008 System RAM" again.

When I checked the BIOS configuration, I saw the following:

BIOS Utility - Main
 
BIOS VersionBF86510A.15A.0080.P18
 
Processor TypeIntel(R) Celeron(R) CPU
Processor Spped2.8 GHz
Systm Bus Speed533 MHz
System Memory Speed333 MHz
 
L2 Cache RAM256 KB
Total Memory1024 MB
Memory ModeSingle Channel
  Memory Channel A Slot 01024 MB (DDR333)
  Memory Channel A Slot 1Not Installed
  Memory Channel B Slot 0Not Installed
  Memory Channel B Slot 1Not Installed

When I selected the Advancecd tab in the BIOS Setup Utility and then chose Video Configuration, I saw the following:

Video Configuration
Primary Video Adapter [AGP]
Frame Buffer Size [ 16MB]

Presumably, the remaining 16 MB of the 1024 MB module is being allocated to the frame buffer, which is why the system is reporting 1,008 MB during the Power-on Self-test (POST) process.

When I booted into Windows and ran winver, I saw "Physical memory available to Windows: 1,030,896 KB".

I had also installed a Dynex model DX-SC51 sound card in PCI slot 1 at the same time I installed the memory. When I checked on the sound card, Windows Media Player reported "Windows Media Player cannot play the file because there is a problem with your sound device. There might not be a sound device installed on your computer, it might be in use by another program, or it might not be functioning properly."

Under the Device Manager, I saw "Unknown device" listed under display adapters, but no new audio device listed. When I tried to install the Dynex driver, I saw the warning message "Undetermine Card! Please do not click cancel on device manager!" Clicking on OK there produced another warning message "OS not support!"

I opened the case and checked the sound card. I found it wasn't seated fully in its slot. I reseated the card. When I rebooted and logged in as the adminsitrator, the Found New Hardware Wizard appeared. I inserted the CD that came with the sound card. The wizard indicated it found a Multimedia Audio Controller, an Envy24 Family Audio Controller WDM. After the sotware was installed, I was able to play music files on the system and hear sound from the speakers.

I ran a memory test on the new memory module with Windows Memory Diagnostic Beta. I let the test run for an hour and 30 minutes. The diagnostic program completed 22 passes with no errors found.

[/hardware/pc/memory] permanent link

Sun, Feb 24, 2008 11:51 am

Switching Rdesktop from Full-Screen to Windowed Mode

Rdesktop is free, open-source, software that provides the capability for remotely controlling a Microsoft Windows system from a Linux or Unix system.

I sometimes encounter a problem where I can't see the taskbar at the bottom of the Windows display or the bottom of windows displayed on the remote Windows system due to differences in the resolution for the screen on the Linux/Unix system and the resolution of the Windows system. The problem can be resolved by specifying the -f option when starting rdesktop, so that you get a full screen display., e.g. rdesktop -0 -f -u jsmith 192.168.0.44. But what do you do when you wish to put the remote session in a window rather than have it occupy the full screen without disconnecting? You can hit the Ctrl-Alt-Enter keys simultaneously to switch to a windowed view. You can also use Ctrl-Alt-Enter to switch to a full-screen view, if you didn't start redesktop with the -f option.

References:

  1. Rdesktop
    Rdesktop.Org
  2. Controlling a Windows System from a Linux System
    January 12, 2006
    MoonPoint Support

[/os/windows/software/remote-control/rdp] permanent link

Sat, Feb 23, 2008 11:34 pm

Ghost Console Waiting for Console Services

On a system with Symantec Ghost 7.5, I tried starting the Ghost Console, but it hung with the following message:

Wait...

Waiting for console services to start


Cancel
 

When I checked the Ghost services (click on Start, select Run, type services.msc and hit Enter), I found the Symantec Ghost COnfiguration Server was started, but not the Symantec Ghost Database Service, which had a manual startup type. I double-clicked on Symantec Ghost Database Service and clicked on the Start button to start it. I received the error message below:

Services
Warning symbol Could not start the Symantec Ghost Database Service service on Local Computer.

Error 2: The system cannot find the file specified.

OK
 

The "path to executable" value was C:\Program Files\Symantec\Ghost\bin\dbserv.exe. When I checked, I found there was no C:\Program Files\Symantec\Ghost directory. I believe it wasn't recovered when a disk drive problem occurred previously. To correct the problem, I reinstalled Symantec Ghost. I chose the Repair option during the installation. At the end of the repair operation, I saw the error message below:

Symantec Ghost Configuration Server
Warning symbol 08001 [Sybase][ODBC Driver][Adaptive Server Anywhere]Unable to connect to
database server: Database server not running

Error 2: The system cannot find the file specified.

OK
 

So I tried the Remove option to "Remove Symantec Ghost Corporate Edition from your computer". After deinstalling the software, I reinstalled it. The Symantec Ghost Console then started without a problem. And when I checked the running services, I saw that both Symantec Ghost Configuration Server and Symantec Ghost Database Service were started.

I didn't see the client systems in the default machine group, so thought I had to add the client systems back into the console. When I tried to reinstall the client software on a system, the installation failed. When I checked the RemoteInstall.log, I saw the reason listed as "Remotely Installed Client is installed on this machine."

To resolve the problem I restored the privkey.crt, pubkey.crt, and C:\Program Files\Symantec\Ghost directory from a Ghost backup I had from some time ago.

To backup those files and that directory or restore over them, you should close the Ghost Console, if you have it open, and stop the running Ghost services. You can stop the Ghost services by clicking on Start, then selecting Run and typing the following command and hitting Enter. You need to include the double quotes where shown below.

"c:\program files\symantec\ghost\ngserver.exe" -stop

If you check the running services, you should then see both Symantec Ghost Configuration Server and Symantec Ghost Database Service are stopped.

I then restored the privkey.crt, pubkey.crt, and C:\Program Files\Symantec\Ghost directory from the backup. Afterwards, I ran the command "c:\program files\symantec\ghost\ngserver.exe" -start to restart the Symantec Ghost services. I then saw the systems in the default machine group I had been using previously for the Ghost backups.

References:

  1. How to move the Symantec Ghost Solution Suite 1.x Console to a different computer or retain Console settings during a reinstall
    Document ID: 2001050812540225
    Last Modified: 11/08/2007
    Date Created: 05/08/2001
    Operating System(s): DOS, Windows 95, Windows 98, Windows NT, Windows 2000, Windows ME
    Product(s): Symantec Ghost 7.0, Symantec Ghost 7.5, Symantec Ghost 8.0, Symantec Ghost 8.2, Symantec Ghost Solution Suite 1.0, Symantec Ghost Solution Suite 1.1
    Release(s): Ghost 7.0 [All Releases], Ghost 7.5 [All Releases], Ghost 8.0 [All Releases], Symantec Ghost 8.2 [All Releases], Symantec Ghost Solution Suite 1.0 [All Releases], Symantec Ghost Solution Suite 1.1
    Symantec Corporation

[/os/windows/utilities/backup/ghost] permanent link

Sat, Feb 23, 2008 2:21 pm

Bopup Scanner

Bopup Scanner is a freeware network scanner that displays active computers with user names logged into the computers (NetBIOS), MAC and IP addresses. Bopup Scanner also recognizes and shows HTTP (Web) servers running on remote computers (TCP ports 80, 8080), if you select the option to have it scan for webservers, quickly detects online computers, and allows you to browse shared resources of a remote computer. You can save the results of a scan to a text file.

Bopup Scanner will perform a NetBIOS scan of a network, which will show Windows systems on the network. The program first tries to ping an address it is scanning. So, if you were watching its scan with a sniffer, you would see an ARP request for the IP address. If there is a reply to the ARP request, an ICMP echo request is sent to the IP address. If an echo reply is received, Bopup Scanner will then check for a response from the scanned IP address on UDP port 137. Port 137 is associated with the NetBIOS Name Service commonly used on systems running the Microsoft Windows operating system. The NetBIOS Name Service is typically how Windows computers find out information concerning the networking features offered by a computer, such as system name, file shares, etc.

Because it is only scanning for responses to NetBIOS Name Service requests, Bopup Scanner will show a red circle for IP addresses where it received no response to a NetBIOS Name Service query, even though there may be a system at that address. E.g. there may be a Linux system, networked copier, router, etc. at the address.

Regarding installation of the software, there is no installation procedure for the program. You simply run scanner.exe. When you first run it, it will create the following registry entries:

Keys added: 5
-------------
	HKEY_CURRENT_USER\Software\B Labs
	HKEY_CURRENT_USER\Software\B Labs\Bopup Scanner
	HKEY_CURRENT_USER\Software\Bopup Scanner
	HKEY_CURRENT_USER\Software\Bopup Scanner\Scanner
	HKEY_CURRENT_USER\Software\Bopup Scanner\Scanner\Settings

After starting the program, click on the Refresh button with the green arrows next to it on the toolbar menu to begin a scan of the subnet the system is on.

Bobup Scanner 2.0.6 scan

If you wish to check on whether a webserver is running on any of the scanned IP addresses, click on Options and check "Scan for HTTP servers (80, 8080 ports)".

You can save the results to a text file by clicking on Actions and selecting Save list.

The developer, B-Labs Software, also offers other software that can be used for secure instant messaging.

Download Bopup Scanner

Developer Website
MoonPoint Support (may not be the most current version)

[/network/tools/scanning/bopupscanner] permanent link

Thu, Feb 21, 2008 12:34 pm

Internet Explorer Crash Recovery

An area in which Opera is far superior to Internet Explorer as a web browser is crash recovery. Internet Explorer, even in version 7.0, does not provide any crash recovery features. In Opera, should the browser or system crash, when you reopen the browser, you can go back to exactly where you were prior to the crash. You can have all of your tabs reopened and even move backwards through the prior URLs you visited in each tab. In contrast, Internet Explorer offers no crash recovery features. Since I've often encountered probelms with Internet Explorer crashing or hanging, I find the lack of any crash recovery features in the browser to be a major drawback to using Internet Explorer.

So, I decided to look for an add-on that might add similar functionality for Internet Explorer. I found a free add-on, IE7Pro, that offers that functionality as well as other enhancements for Internet Explorer. The developer states "IE7Pro includes Tabbed Browsing Management, AD Blocker, Flash Block, Super Drag Drop, Crash Recovery, Proxy Switcher, Mouse Gesture, Tab History Browser, Inline Search, User Agent Switcher, Webpage Capturer, Greasemonkey like User Scripts platform, User Plug-ins and many more power packed features. You can customize not just internet Explorer, but even your favorite web site according to your need and taste using IE7Pro."

During the installation, which uses a Nullsoft Install System v2.33 installation program, you are given the option to select default settings, which are shown below:

Please select default settings:

[x] Enable ADblock
[ ] Enable Userscripts
[ ] Enable Plugins
[X] Enable Spelling Checker
[ ] Set EasyHome as Homepage

At the end of the installation, you are requested to set the default search engine to be IEPro's Google based search, to help finance further development of the software, but you don't have to do so. Selecting that option is certainly a small measure that you can take to make continued development of the software possible.

To simulate a system crash, I powered off the system. When I restarted the system and opened Internet Explorer, I saw a "Crash Recovery" window stating "Your last session crashed, Please review and open last URLs. All of the Internet Explorer 7 tabs I had open previously were listed and checked to be reopened. I could deselect tabs I didn't want reopened, if I wished. There were also Select All and Select None buttons. I chose to reopen all of the tabs I had open previously. Unfortunately, unlike Opera's crash recovery feature, I couldn't click on the backwards arrow button in Internet Explorer to view my history of previously visited sites in any tab. So, IE7Pro definitely offered an improvement over the total lack of crash recovery features in Internet Explorer, but also falls far short of the built-in crash recovery features of Opera.

Download Sites
IE7Pro.com
MoonPoint (may not be the most current version)

References:

  1. IE7Pro User Guide
    IE7Pro.com
  2. IE7Pro FAQ
    IE7Pro.com

[/network/web/browser/ie] permanent link

Tue, Feb 19, 2008 11:27 pm

Counting Non-Blank Cells in a Spreadsheet and Using Multiple Criteria for Counting

Either the counta or countif functions can be used to count the number of cells that are not blank in a spreadsheet.

E.g., suppose you have the following information in a spreadsheet

 AB
1 applemaple
2  oak
3 plumbirch
4 birch
5apricot 

The function counta(A1:A5) would count those cells that aren't empty in cells A1 to A5 yielding 3. The function countif(B1:B5,"*") would also count those cells that contain text in cells B1 to B5, yielding 4 as well.

Note: counta will count cells that have formulas in them even though those formulas may amount to nothing appearing in the cell, i.e. they evaluate to "".

If you wanted to count the number of cells that contained specific text, e.g. birch, you could use countif(B1:B5,"birch"), which would yield 2. The count is case insensitive, i.e., if one of the cells contained "BIRCH", instead of "birch", the count would still be equal to two.

If you wanted to count the number of cells that contained "birch" in column B and "plum" in column A, then countif won't work, since you can only specify one criteria with it. You could use sum instead. E.g. sum((B1:B5="birch")*(A1:A5="plum")), which yields 1. The * in this case "ands" the two conditions. Note: You have to hit the Ctrl, Shift, and Enter keys simultaneously when you've typed the formula in order to enter it. If you don't, you will see a #value appear in the cell. This type of formula is considered to be an "array" formula or CSE formula, since it requires the Ctrl-Shift-Enter keys to be hit to enter it. When it is entered, you will see {} appear around the formula.

References:

  1. Excel -- Worksheet Functions -- Count Cells
    Last updated: November 11, 2006
    Contextures -- Microsoft Office Consulting
  2. Excel Developer Tip: Summing and Counting Using Multiple Criteria
    Excel Developer Tip Archives

[/os/windows/office/excel] permanent link

Mon, Feb 18, 2008 8:30 am

Symantec AntiVirus Server Could Not Collect Log Data From Client

On a Symantec AntiVirus Corporate Edition 8.1 server, I tried checking the logs for a client system through the Symantec System Center by unlocking the server group, right-clicking on a client system, selecting All Tasks, Symantec AntiVirus, Logs, and Scan History. I received a message that the log data couldn't be collected from the selected computer.

Symantec AntiVirus Management Snap-In
Symantec AntiVirus could not collect all the log data from the selected computer(s).

Please verify that Symantec AntiVirus is running on these computers.

OK
 

I received the same message if I tried viewing any log.

Symantec has a knowledgebase article on the problem at Error: "Symantec AntiVirus could not collect all the log data from the selected computer(s) . . ." when viewing client logs in Symantec System Center . I followed the steps listed in that article.

I could ping the IP address of the system and ping -a 192.168.0.7 showed the hostname associated with the address. I could also ping the server from the client system using ping and ping -a, which confirmed network connectivity and the ability to do reverse lookups on the IP addresses to get host names.

I checked for the presence of any .cer server group root certificate on the server and the client. I didn't see any .cer file on either system, but nor did I see a certificate on a client for which I could successfully check log files from the antivirus server, so I didn't think that was the source of the problem.

I could successfully start the Symantec AntiVirus Client program on the client system. It showed the correct server name. Though nothing was listed for "group", nothing was listed for "group" on a system I could successfully query from the server, either.

And from the server, I could query the client and see that the Symantec rtvscan.exe program was running.

C:\>tasklist /s 192.168.0.7 /fi "imagename eq rtvscan.exe"

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
Rtvscan.exe                   1760                            0     46,604 K

When I checked the Windows XP firewall settings on a system I could successfully query from the antivirus server, I saw a firewall rule listed for User Datagram Protocol (UDP) port 2967, which the Symantec RTVScan program uses. I checked the firewall rules on the system I couldn't successfully query with the command netsh firewall show portopening. I did not see a rule for RTVScan, so I created one from the command line using the command netsh firewall set portopening protocol = UDP port = 2967 name = "Symantec AntiVirus Client Management" mode = ENABLE scope = CUSTOM 192.168.0.33 (IP address 192.168.0.33 corresponds to the IP address of the antivirus server).

When I tried checking the antivirus log files from the server again, I still could not do so. Looking at the firewall rules on the client with netsh firewall show portopening verbose = enable (you have to specify the verbose option to see the scope of rules), I saw that I had mistyped the IP address of the server when I created the RTVScan rule with the netsh command. So I re-entered the netsh firewall set portopening protocol = UDP port = 2967 name = "Symantec AntiVirus Client Management" mode = ENABLE scope = CUSTOM 192.168.0.33 command exactly as before with the exception that this time I specified the IP address correctly.

I was then able to check the virus history and other logs on the client from the Symantec System Center.

References:

  1. Error: "Symantec AntiVirus could not collect all the log data from the selected computer(s) . . ." when viewing client logs in Symantec System Center
    Document ID: 2003032010404748
    Last Modified: 11/15/2006
    Date Created: 03/20/2003
    Operating System(s): Windows 2000, Windows Server 2003 32-bit Edition, Windows 98, Windows Me, Windows NT 4.0 SP6a, Windows 2000 Professional, Windows XP Professional
    Product(s): Symantec AntiVirus Corporate Edition 10.0, Symantec AntiVirus Corporate Edition 8.0, Symantec AntiVirus Corporate Edition 9.0, Symantec Client Security 3.0, Symantec AntiVirus 10.1, Symantec Client Security 3.1
    Release(s): SAV 10.0 [All Releases], SAV 8.0 [All Releases], SAV 9.0 [All Releases], Symantec Client Security 3.x [All versions], Symantec AntiVirus 10.1, Symantec Client Security 3.1
    Symantec Corporation
  2. Allow Rtvscan Access Through Windows XP Firewall
    April 9, 2007
    MoonPoint Support
  3. Configuring Windows XP Firewall for Symantec Antivirus Client
    April 9, 2007
    MoonPoint Support

[/security/antivirus/symantec] permanent link

Sun, Feb 17, 2008 11:45 pm

Unable to Unlock Symantec AntiVirus Server Group

I was unable to unlock the server group on a Symantec AntiVirus Corporate Edition 8.1 server. I was also unable to start the Symantec AntiVirus Server service or update the virus definitions on the server. I discovered the problem was due to corrupt virus definitions.

[ More Info ]

[/security/antivirus/symantec] permanent link

Sun, Feb 17, 2008 8:18 pm

Encoding Spaces in URLs

If you have a filename that includes spaces, you should encode the URL that you use for any links to the document, i.e. %20 should be used wherever a space occurs in the filename.

You can go to URL Encoding to see a list of characters that should be encoded, such as the space character. You can also plug in a URL there and have it converted to a browser safe version.

[/network/web/browser] permanent link

Sun, Feb 17, 2008 5:41 pm

IP and Domain Name Reputation Sites

An IP address may be added to a DNS Blacklist (DNSBL), if spam is detected as emanating from that IP address. You can check for the presence of an IP address on various blacklists using the MxToolBox Email Blacklist Check, which currently checks 124 blacklists, or at individual blacklist sites, such as MAPS.

You can check on whether an IP address has been associated with attacks on other systems at DShield or myNetWatchman by performing an IP lookup.

You can also obtain information on the "reputation" for a site at Barracuda Central by performing a lookup on either an IP address or a domain name. Barracuda Networks sells widely used spam firewall devices, so a poor reputation listing at Barracuda Central may lead to email from an IP address listed there, or with a domain name in the body of email messages being found there, being blocked by those using Barracuda Networks security devices.

Another reputation site is TrustedSource. You can lookup an IP address there and see a graph of activity associated with that site. If you see red bars on the graph, those represent malicious activity associated with the IP address on the days for which those bars appear.

[/network/Internet/domains] permanent link

Sun, Feb 17, 2008 4:46 pm

Locating Cybersquatters Capitalizing on a Variant of Your Domain

Cybersquatters may buy domains similar to yours hoping to take advantage of someone mistyping your domain name or to mislead someone into thinking a domain name in a URL belongs to a legitimate company or organization. For instance many people might visit microsoft.com, so a cybersquatter might buy micrsoft.com, which has a missing "o", so that someone making a typo that left out that "o" would be directed to the cybersquatter's site instead, where the cybersquatter may have nothing but ads, hoping to get money generated from those viewing those ads. If millions of people visit microsoft.com every week, the cybersquatter will probably get a signifiant amount of traffic from such a typo.

Or perhaps you own example.com. The cybersquatter may purchase example.net, if it is available. Someone seeing example.net in an email may think the domain belongs to your company and visit a site that might have nothing but ads, perhaps even risque ones, or the site might try to infect visitors with adware/spyware, which might harm your company's reputation, even though you don't own the domain name and have no control over the site.

CitizenHawk helps you locate potential cybersquatter sites for your domain name.

[/network/Internet/domains] permanent link

Sun, Feb 17, 2008 12:54 pm

Configure Sendmail to Listen on All Addresses

If you can't connect to the SMTP port on a system, i.e. port 25, from external hosts, but you can connect from the system itself, then you need to comment out a line in sendmail.mc that restricts connections to the local loopback address, 127.0.0.1.

I.e., if you can use telnet 127.0.0.1 25 and see the sendmail banner, but when you use telnet 192.168.0.44 25 (presuming 192.168.0.44 is the IP address for the mail server), you get "connection refused" messages, then the default configuration option in sendmail.mc is likely preventing the connection by causing sendmail to only listen on the loopback address.

# telnet 192.168.0.44 25
Trying 192.168.0.44...
telnet: connect to address 192.168.0.44: Connection refused
telnet: Unable to connect to remote host: Connection refused

To resolve the problem, look for the following lines in sendmail.mc , which on a Linux system will likely be in the /etc/mail directory.

dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

Edit the sendmail.mc file from the root account. Put a dnl # at the beginning of the DAEMON_OPTIONS line to comment out the line.

dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

Then issue the following commands:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart

The first command rebuilds the .cf configuration file from the modified .mc file. The second restarts sendmail so that it is using the new configuration file.

[/network/email/sendmail] permanent link

Fri, Feb 15, 2008 7:02 pm

216-115-223-200.expertcity.com HTTPS Access

While monitoring a LAN with Show Traffic, a network monitoring application for Windows systems, I noticed two systems contacting 216.115.223.200 [ 216-115-223-200.expertcity.com ] on port 443 (HTTPS).

Show Traffic detection of traffic to 216.115.223.200

Since the communications occurred at 18:30 when the employees using those systems would have gone home, I did a Google search on the FQDN, 216-115-223-200.expertcity.com, which was associated with that address. A McAfee SiteAdvisor webpage linked the site with GoToMeeting, i.e. legitimate software on the users' systems. That webpage stated "When we installed and ran GoToMeeting 2.0.0.127 (gotomeeting.exe), the following network servers were contacted." It then listed the following addresses:

216-115-222-200.expertcity.com
216-115-223-200.expertcity.com

[/os/windows/network/monitoring/show_traffic] permanent link

Fri, Feb 15, 2008 5:08 pm

Show Traffic 1.6.0

While looking for an application to monitor network traffic that would run under Microsoft Windows, I came across Show Traffic. The author came across Trafshow for Linux and decided to create a program with equivalent functionality for Windows.

The program provides a GUI interface for monitoring the traffic seen at a particular network interface. It displays statistics for the bytes transferred for connections between various systems and the bandwidth used for those individual connections.

[ More Info ]

[/os/windows/network/monitoring/show_traffic] permanent link

Wed, Feb 13, 2008 10:53 pm

Configuring SNMP on a Netopia R7220-T Router

To configure SNMP on a Netopia R7220-T router, take the following steps:

  1. From the main menu, select System Configuration.
  2. 
                               Netopia R7220-T v4.6.2
    
    
                         Easy Setup...
    
                         WAN Configuration...
    
                         System Configuration...
    
                         Utilities & Diagnostics...
    
                         Statistics & Logs...
    
                         Quick Menus...
    
                         Quick View...
    
    
    
    
    
    Return/Enter displays options for the system.
    You always start from this main screen.

    From the System Configuration menu, select SNMP (Simple Network Management Protocol)....

    
                                  System Configuration
    
    
                         Network Protocols Setup...
                         Filter Sets...
                         IP Address Serving...
    
                         Date and Time...
    
                         Console Configuration...
    
                         SNMP (Simple Network Management Protocol)...
    
                         Security...
    
                         Upgrade Feature Set...
    
    
    
                         Logging...
    
    Return/Enter to set up basic SNMP options (Community Strings, Traps, etc.).

    From the SNMP Setup window, specify the desired SNMMP configuration.

    
                                      SNMP Setup
    
    
             System Name:
             System Location:
             System Contact:
    
    
             Read-Only Community String:        public
             Read/Write Community String:
    
             Authentication Traps Enable:       Off
    
             IP Trap Receivers...
    
    
    
    
    
    
    
    
    Configure optional SNMP parameters from here.

    You can put in whatever name you would like to use for the router in the System Name field, e.g. Netopia Router and then hit Enter to advance to the next field, where you can specify the location, e.g. 1020 Maple Street. Hit Enter to fill in the System Contact field. The default read-only community string is public. To prevent others from accessing information from the router, you can provide another community string. You can provide a read/write community string as well, if you like. If you want authentication traps sent to another device, enable authentication traps and specify IP trap receivers. Otherwise, you can leave these as is.

    You can return to the main menu, if you wish, by hitting the Escape key until to back up through the menus.

    If you want a free program to monitor the router via SNMP from a Windows system, try PRTG Traffic Grapher. It is fairly straight-forward to set up and can even install its own webserver on the system on which you install it. If you already have webserver software running on the system on which you install it using port 80, PRTG will automatically set up its own webserver at port 8080. Or you can choose a different port, if you prefer. You can specify userids and passwords granted access to the webserver, where the PRTG graphs are displayed.

    [/hardware/network/router/netopia] permanent link

Wed, Feb 13, 2008 9:25 pm

FTP Attacks from 221.130.187.49 and 202.57.128.159

The system became unresponsive for a time. I ran kripp and found two systems conducting FTP brute-force password guessing attempts.

ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: poiuyt [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: purple [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: ranger [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: 111111 [F]

ftp password :: frostdragon.com -> 221.130.187.49 :: james :: purple [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: ranger [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: 111111 [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: 123go [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: 000000 [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: Airhead [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: oracle [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: Braves [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: library [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: Sparky [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: linux [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: angela [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: unix [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: brandy [F]
ftp password :: frostdragon.com -> 202.57.128.159.sta.isp-thailand.com :: anna :: amanda [F]
ftp password :: frostdragon.com -> 221.130.187.49 :: james :: cindy [F]

I blocked the 221.130.187.49 system with route add 221.130.187.49 reject . I then checked DShield to learn if it has been observed attacking other systems. The DShield report for 221.130.187.49 showed it was first reported engaged in hostile activity on 2008-02-11 and the last reported incident was today 2008-02-13. The IP address is a Chinese address. When I checked the IP Details for the ports the system was attacking, I found it was listed only for port 21 attacks, i.e. FTP attacks.

It was also listed at myNetWatchman. The Incident Detail report for that IP address at myNetWatchman showed the system had been attacking other systems on port 21 and port 22 (SSH) as well from February 5, 2008 onwards.

I then checked the second system attacking, which was 202.57.128.159.sta.isp-thailand.com. The IP address for it is 202.57.128.159. Note: a reverse lookup on 202.57.128.159 yields a Fully Qualified Domain Name (FQDN) of 202.57.128.159.sta.isp-thailand.com, but a forward lookup on 202.57.128.159.sta.isp-thailand.com does not yield an IP address.

I ran an nmap scan of it to see what operating system it was running. I got the following results:

# nmap -P0 -O 202.57.128.159

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Insufficient responses for TCP sequencing (1), OS detection may be less accurate
Interesting ports on 202.57.128.159.sta.isp-thailand.com (202.57.128.159):
(The 1588 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
80/tcp     open        http
111/tcp    open        sunrpc
135/tcp    filtered    loc-srv
137/tcp    filtered    netbios-ns
199/tcp    open        smux
443/tcp    open        https
445/tcp    filtered    microsoft-ds
3306/tcp   open        mysql
4444/tcp   filtered    krb524
8009/tcp   open        ajp13
8080/tcp   open        http-proxy
10000/tcp  open        snet-sensor-mgmt
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20

Nmap run completed -- 1 IP address (1 host up) scanned in 173 seconds

Visting http://202.57.128.159/ with a browser showed "Welcome to web4.thaibestserver.net".

When I checked DShield for any reports on hostile activity for that IP address, which is a Thai address, I found it was first reported engaged in hostile activity on 2008-02-08 with the most recent report dated 2008-02-09 (see IP Info (202.57.128.159)). The IP Details 202.57.128.159 report showed all of the incidents to be FTP attacks.

There was also an Incident Detail report for it at myNetWatchman, which also showed the system engaged in FTP attacks from February 6 onwards.

I blocked it with route add 202.57.128.159 reject. I also turned off the FTP service on the system, since it isn't needed at the moment.

[/security/attacks] permanent link

Wed, Feb 13, 2008 3:41 pm

PrimoPDF Producing Zero Byte Files

I installed PrimoPDF 3.0 on a system. PrimoPDF provides free PDF converter software that will allow you to "print" documents to a PDF file. After installing the software, I could print to PDF files without a problem from the administrator account from which I installed the software, but when I printed to a PDF file using the PrimoPDF "printer", I would receive the error message below:

Adobe Reader
Adobe Reader could not open 'http.pdf' because it is either not a supported file
type or because the file has been damaged (for example, it was sent as an
email attachment and wan't correctly decoded).

OK
 

When I checked the PDF files produced by PrimoPDF, I found they were always zero bytes in size. When the files were being produced I would hear an error beep.

An Error after converting posting at the PrimoPDF Forums, suggested giving the Users group on the system full control of the directory into which PrimoPDF is installed.

From the Windows Explorer, I right-clicked on the directory under Program Files into which I had installed PrimoPDF and chose Properties. I saw that the Users group had only read access, i.e. only the read & execute, list folder contents, and read permissions were granted to the Users group for that folder.

Note: you can use the cacls command to check permission from the command line, e.g. cacls "\program files\primopdf", if the installation directory was \program files\primopdf. You will see BUILTIN\Users:(OI)(CI)R. The R at the end indicates that the Users group on the system, to which all normal user accounts belong, has only read access to that directory.

If you are logged into an account that is a member of the Administrators group on the system, you can right-click on the directory and choose Properties to reset the security permissions. Click on the Security tab, then select the Users group under "group or user names", then grant Full Control.

Since I was logged into a normal user account at the time I encountered the problem and had a lot of windows open and didn't want to have to close all of them, logoff, logon as an administrator, logoff, logon to my user account again, and then reopen all of the applications and files I previously had open, I used the cacls command to reset the permissions. To use that method, you need to take the following steps, if you are currently logged into an unprivileged user account.

  1. Open a command prompt window as the Administrator. On Windows XP systems, you can do so by going to C:\WINDOWS\system32\ and right-clicking on cmd.exe while holding down the shift key (if you don't hold down the shift key at the same time, you won't see the "run as" option). Then select Run as. Click on The following user and put in Administrator, or some other account with administrator access, for the user name, and enter the appropriate password. Then hit Enter or click on OK. A command prompt window will open with Administrator credentials.
  2. Enter the command cacls "\program files\primopdf" /E /G Users:F to give all users of the system full control of the directory where you installed PrimoPDF, presuming that you installed it in \program files\primopdf. Granting full control of the directory means they can add or delete files in that directory. The Users group will still only have "read" access to the dll and exe files in the directory, though. The /E means "edit the existing Access Control List (ACL) rather than creating a new one and the /G grants access for the account or accounts specified as a parameter. The F at the end grants "full" access. You can enter cacls /? for help with the cacls command. You will see something like "processed dir: C:\program files\PrimoPDF", if the command is successfully executed.

[/os/windows/software/pdf] permanent link

Tue, Feb 12, 2008 9:43 pm

Smart Network Data Services for Tracking Email to Hotmail.com Addresses

Microsoft offers Smart Network Data Services, which allows someone to view data on email transmitted from IP addresses for which he or she is resonsible to hotmail.com email addresses. Microsoft describes the service as follows:

Smart Network Data Services (SNDS) is a revolutionary Windows Live Mail initiative designed to allow everyone who owns IP space to contribute to the fight against spam, malware, viruses, and other internet evils, and to protect e-mail and the internet as a valued communications, productivity and commerce tool. Windows Live Mail and MSN Hotmail, with over 250 million active user accounts world-wide, is in a unique position to collect and analyze e-mail activity data. By providing that data to service providers, most of whom wouldn.t otherwise have access to any such data, they are empowered to use their relationship with their customers to react and take repair actions, such as preventing spam from originating within their IP space. The overarching goal of SNDS is to make the Internet a better, safer place. Working together, Windows Live Mail and service providers can make their respective customers happier and more satisfied with the various services we all provide.

To request a Smart Network Data Services account, go to SNDS - Request Access. Enter the IP address or address range for which you are responsible and for which you wish to track email being sent to Hotmail.com addresses.

When you click on Submit you will see the message "We've determined that the following email addresses are associated with the specified network in an appropriately authoritative way. Please choose one that you can receive mail at and we will send instructions for completing the signup process to that address." You may then see 4 addresses similar to those below:

abuse@yourdomain.com 
noc@isp1.net 
noc@isp2.net 
postmaster@yourdomain.com

Two of the addresses will be of the form abuse@yourdomain.com and postmaser@yourdomain.com, assuming that a reverse DNS lookup on a provided IP address yields "yourdomain.com".

A "whois" lookup will also be done on a provided IP address using the relevant registrar, which, if you are in the U.S. will likely be the American Registry for Internet Numbers (ARIN). The "OrgTechEmail" address listed for the IP address may be used as one of the possible addresses, e.g. noc@isp1.net, if that was the "OrgTechEmail" listed for the ISP.

You can see further information on how the email addresses are derived at SNDS - FAQ.

If you have PTR record in DNS that points back to yourdomain.com, and wish to use one of those email addresses, make sure that you have valid abuse@yourdomain.com and postmaster@yourdomain.com email addresses.

What data does SNDS provide?

The data provided by SNDS is meant to provide as broad a picture of an IP's mail sending behavior as necessary for the system's consumers to be able to stop spam.  It reports on a variety of characteristics of mail traffic.  The data points provided are designed to be difficult or impossible for spammers to avoid differentiating themselves from well-behaved mailers.  Similarly however, data isn't provided on IPs that send very little mail because they (currently) account for a negligible amount of spam.  For each IP within the ranges that the user has been authorized, the following data is provided:

An email message is sent to the address you specified. You will need to go to a link provided in that email message to grant access to the data to a Windows Live ID account, such as a hotmail.com email address, you specified when you requested an account.

Once you have confirmed access, you can view data at SNDS - View Data There you will see a calendar where you can select dates for which to view data. You have the option to change your settings to allow access your data as a .CSV file without the need for browser-based authentication technologies such as Windows Live™ ID. This facilitates access to your data via your own automated scripts or programs.

I didn't see any data listed for an IP address I specified. I know email is sent from that address to hotmail.com users, but the volume of traffic is fairly low. The SNDS - FAQ states that "data isn't provided on IPs that send very little mail because they (currently) account for a negligible amount of spam."

[/network/email/spam] permanent link

Tue, Feb 12, 2008 8:42 pm

Viewing Exchange Logs in Excel

The email log files for a Microsoft Exchange server can be analyzed with Microsoft Excel. Exchange stores the log entries in a text file, which can be imported in Excel for analysis.

[ More Info ]

[/network/email/exchange] permanent link

Tue, Feb 12, 2008 12:30 pm

IP on LASHBACK DNS Blocklist

An IP address for a site had gotten on some blocklists, apparently due to an infected system at the site. I went to the MxToolBox Email Blacklist Check page, which currently checks for the presence of an IP address on 124 blacklists. I checked on whether the IP address was present on any of the lists queried by the MxToolBox blacklist check tool. It was on the LASHBACK blacklist, with the reason listed as "Sender has sent to LashBack Unsubscribe Probe accounts Return codes were: 127.0.0.2", but no others.

I requested a delisting from their Unsubscribe Blacklist Support page. When I looked up the address at LASHBACK, I found it was listed. When I requested it be delisted at 12:30 PM, I was notified that it would be removed within 1 hour. When I had checked for the address on the MxToolBox Email Blacklist Check page, I had seen a TTL value of 3594, which is 59.9 minutes, listed for it for the LASHBACK list.

[/network/email/blacklist] permanent link

Mon, Feb 11, 2008 9:03 pm

System Not Recognizing EasyShare printer dock plus

A user told me that she was no longer able to communicate with her Kodak EasyShare C340 camera, which she plugs into a Kodak EasyShare printer dock plus.

The following steps can be taken to see if the system is recognizing the presence of the printer dock.

  1. Click on Start.
  2. Select All Programs.
  3. Select Kodak.
  4. Select Kodak EasyShare printer dock.
  5. Select Kodak printer dock firmware updater. When the application opens, you should see the printer name listed along with the current firmware version number as shown below.

    Kodak printer dock firmware updater

In this case nothing was listed under "Printer Name" nor under "Firmware Version Number". I unplugged the USB cable from the computer and plugged it back in. I then saw the message below:

USB Device Not Recognized

One of the USB devices attached to this computer has malfunctioned, and Windows does not recognize it. For assistance in solving this problem, click this message.

I tried plugging the device into two other USB ports with the same results. I unplugged the cable from the printer dock and powered it off. I plugged the cable back in and powered it on. I then heard noises from the unit and when I exited the Kodak printer dock firmware updater program and restarted it, I saw entries listed under "Printer Name" and "Firmware Version Number"

[/hardware/camera] permanent link

Sun, Feb 10, 2008 9:45 pm

Use Custom Filter with Netopia R7220-T Router

A Netopia R7220-T router has built-in firewall capabilities. It comes with two filter sets preconfigured, "Basic Firewall" and "NetBIOS", but you can create your own custom filters. To use a custom filter you have created, take the following steps.
  1. From the main menu, select Quick Menus and hit Enter.

    
                               Netopia R7220-T v4.6.2
    
    
                         Easy Setup...
    
                         WAN Configuration...
    
                         System Configuration...
    
                         Utilities & Diagnostics...
    
                         Statistics & Logs...
    
                         Quick Menus...
    
                         Quick View...
    
    
    
    
    
    Return/Enter displays options for the system.
    You always start from this main screen.

  2. From the Quick Menu, select Change Connection Profiles and hit Enter.

    
                                       Quick Menu
    
     Connection Profiles          Line Configuration     IP Setup
     Add Connection Profiles                             IP Address Serving Setup
     Change Connection Profiles                          IP Filter Sets
     Delete Connection Profiles   Backup Config          Static Routes
     WAN Default Profile                                 Network Address Translation
    
                                                         IPX Setup
                                                         IPX Filters & Filter Sets
    
    
    
    
     Console Configuration        TFTP
     SNMP Setup
    
    
    
    
    
    
    This menu allows you to visit most configuration screens.

  3. When your connection profile, e.g. Easy Setup Profile, appears hit enter to accept it for editing.

    
                                       Quick Menu
             +-Profile Name---------------------IP Address----IPX Network-+
     Connecti+------------------------------------------------------------+
     Add Conn| Easy Setup Profile               192.168.6.25              | Setup
     Change C|                                                            |
     Delete C|                                                            |
     WAN Defa|                                                            |anslation
             |                                                            |
             |                                                            |
             |                                                            |er Sets
             |                                                            |
             |                                                            |
             |                                                            |
             |                                                            |
     Console |                                                            |
     SNMP Set|                                                            |
             |                                                            |
             |                                                            |
             |                                                            |
             +------------------------------------------------------------+
    
    
    Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.

  4. Select IP Profile Parameters... and hit Enter.

    
                                 Change Connection Profile
    
             Profile Name:                      Easy Setup Profile
             Profile Enabled:                   Yes
    
             Data Link Encapsulation...         RFC1483
    
    
             IP Enabled:                        Yes
             IP Profile Parameters...
    
             IPX Enabled:                       No
    
    
             Interface Group...                 Primary
    
    
    
    
    
    
    Return accepts * ESC cancels * Left/Right moves insertion point * Del deletes.
    Modify Connection Profile here. Changes are immediate.

  5. Select Filter Set... and hit Enter.

    
                                IP Profile Parameters
    
    
             Address Translation Enabled:       Yes
             IP Addressing...                   Numbered
    
             NAT Map List...                    Easy-PAT List
             NAT Server List...                 Easy-Servers
    
             Local WAN IP Address:              192.168.6.25
             Local WAN IP Mask:                 255.255.254.0
    
    
    
             Filter Set...                      NetBIOS Filter
             Remove Filter Set
    
             Receive RIP:                       Both
    
    
    
    Return/Enter to select Filter Set (Firewall) for this profile.
    Configure IP requirements for a remote network connection here.

  6. Select the custom filter set you created, e.g. "Custom", if that was the name you used, and hit Enter.

    
                                IP Profile Parameters
    
                              +-----------------------------------+
             Address Translati+-----------------------------------+
             IP Addressing... | Basic Firewall                    |
                              | NetBIOS Filter                    |
             NAT Map List...  | Custom                            |
             NAT Server List..|                                   |
                              |                                   |
             Local WAN IP Addr|                                   |
             Local WAN IP Mask|                                   |
                              |                                   |
                              +-----------------------------------+
    
             Filter Set...                      NetBIOS Filter
             Remove Filter Set
    
             Receive RIP:                       Both
    
    
    
    
    Up/Down Arrows to select, then Return/Enter; ESC to cancel.

  7. Hit Esc to go back to the prior IP Profile Parameters menu. You should now see whatever name you used for your custom filter listed on the same line as Filter Set....

    
                                IP Profile Parameters
    
    
             Address Translation Enabled:       Yes
             IP Addressing...                   Numbered
    
             NAT Map List...                    Easy-PAT List
             NAT Server List...                 Easy-Servers
    
             Local WAN IP Address:              66.159.76.25
             Local WAN IP Mask:                 255.255.254.0
    
    
    
             Filter Set...                      Custom
             Remove Filter Set
    
             Receive RIP:                       Both
    
    
    
    Toggle to Yes if this is a single IP address ISP account.
    Configure IP requirements for a remote network connection here.

  8. You can then keep hitting Esc until you get back to the main menu or just disconnect from the router

[/hardware/network/router/netopia] permanent link

Sun, Feb 10, 2008 4:39 pm

Colasoft MAC Scanner 1.1

If you need to determine the Media Access Control (MAC) addresses on a LAN using a Windows system, Colasoft provides a tool, MAC Scanner, which you can use to scan all IP addresses in a subnet to obtain a list of the MAC, aka hardware addresses, associated with those IP addresses. The results can be exported to a text or Comma Separated Value (CSV) file.

[/os/windows/software/network/scanner] permanent link

Sun, Feb 10, 2008 2:02 pm

Dell PowerConnect 3024 - Finding MAC Addresses

To determine the Media Access Control (MAC) addresses of devices connected to a Dell PowerConnect 3024 switch, take the following steps:
  1. Select Address Manager from the main menu.

                                   PowerConnect 3024
                                       Main Menu
    
    
    
    
                                 a. System Manager
                                 b. Port Manager
                                 c. Address Manager
                                 d. Spanning Tree
                                 e. VLAN and CoS Setup
                                 f. Port Trunking
                                 g. Port Mirroring
                                 h. SNMP Management
                                 i. Multimedia Support
                                 j. Statistics
                                 k. Save Configuration
    
    
    
    
    
    Hit  to configure Static Address Table or Address Aging Time
                                                    <Ctrl-L> Refresh  <Ctrl-W> Save

  2. Select Dynamic Addresses from the Address Manager menu.

                                   PowerConnect 3024
                                    Address Manager
    
    
    
    
    
    
    
                       a. Static Addresses
                       b. Dynamic Addresses
                       c. Address Aging
                       d. Static Multicast Groups Administration
                       e. Static Multicast Groups Membership
    
    
    
    
    
    
    
    
    Hit <Enter> to view Dynamic Addresses
    <ESC> Back                                      <Ctrl-L> Refresh  <Ctrl-W> Save

You will then see the MAC addresses that have been seen by the switch for each port. Ports with no device attached will not be listed. If nothing is listed for a port at the time you check, though, that does not necessarily mean that no device is attached to that port, only that no activity has been seen on that port recently. A system could be attached to the port, but turned off, or may be on, but has not communicated with another device over the network recently.

If the switch is seeing multiple MAC addresses on a port, as it would if there is another switch or hub plugged into the port, which itself has multiple systems plugged into it, it will show all of the MAC addresses. In the example below, 5 addreses are listed for port 6 and 4 addresses are listed for port 16. There is another switch connected to port 6 and a hub connected to port 16.

                               PowerConnect 3024
                       Address Manager/Dynamic Addresses

             Dynamic Address Learning is: Enabled
    Port:      VLAN ID:      MAC Address:                   Query  Next  Prev
    Port    VLAN     MAC Address             Port    VLAN     MAC Address
--------------------------------------------------------------------------------
    1:3     1     00:0c:f1:c8:99:09          1:16    1     00:09:6b:19:38:a5
    1:4     1     00:13:20:97:de:e4          1:20    1     00:16:01:41:72:3b
    1:5     1     00:1d:09:0a:5d:55
    1:6     1     00:11:11:64:ec:bc
    1:6     1     00:13:20:97:e2:cf
    1:6     1     00:13:72:3b:4a:b6
    1:6     1     00:16:76:96:cb:1e
    1:6     1     00:17:a4:26:88:d5
    1:7     1     00:11:11:5e:b5:90
    1:8     1     00:11:11:a8:9c:b0
    1:15    1     00:30:18:aa:70:a5
    1:16    1     00:00:74:ad:e8:c6
    1:16    1     00:00:c5:7c:08:7c
    1:16    1     00:06:25:b5:b4:62

Hit <Space> to Enable or Disable Dynamic Address Learning
<ESC> Back                                      <Ctrl-L> Refresh  <Ctrl-W> Save

If you see a MAC address which you don't recognize, you can lookup up the manufacturer of the network adapter associated with that address at Vendor/Ethernet MAC Address Lookup and Search, which may help you identify what type of device is connected on the port showing that MAC address. For instance, when I look up 00:09:6b:19:38:a5, I see the vendor listed as "IBM Corporation". When I look up 00:17:a4:26:88:d5, I see "Global Data Services (may now be Hewlett-Packard, HP)" listed and, in this case, the device is an HP K5400 printer.

References:

  1. Vendor/Ethernet MAC Address Lookup and Search
    Coffer.com

[/hardware/network/switch/dell] permanent link

Sat, Feb 09, 2008 8:22 pm

Setting IP Information From the Command Line

On a Windows system, you can use the netsh interface ip set command to configure IP parameters for the system from the command line.

E.g. the command netsh interface ip set address name="Local Area Connection" static 192.168.0.66 255.255.255.0 192.168.0.1 1 could be used to set the IP address to a static value of 192.168.0.66 with a subnet mask of 255.255.255.0 and a default gateway of 192.168.0.1.

[ More Info ]

[/os/windows/commands] permanent link

Fri, Feb 08, 2008 10:16 pm

Uploading Blocked Files to a SharePoint Server

On a Windows Small Business Server (SBS) 2003 system, I tried uploading an exe file to the SharePoint server, but saw the following displayed when I attempted to upload it.

Form Validation Error

Please correct the information you provided by following these steps, then submit the information again:

The following steps can be taken to allow the upload of an .exe file. Similar steps can be followed to allow the upload of other blocked files.

  1. Click on Start.
  2. Select All Programs.
  3. Select Administrative Tools.
  4. Select SharePoint Central Administration.
  5. Under Security Configuration, click on Manage blocked file types.
  6. Delete exe from the list and click on OK.

[/os/windows/sharepoint] permanent link

Thu, Feb 07, 2008 8:01 pm

Determining Version of Microsoft Exchange

To determine what version of Microsoft Exchange is running on a system, you can take the following steps:
  1. Click on Start.
  2. Select All Programs.
  3. Select Microsoft Exchange.
  4. Select System Manager. Note: the System Manager is applicable if you have Exchange Server 2000 and later. For Exchange Server 5.5 and earlier, you will need to run Exchange Administrator.
  5. Click Servers. You will then see the version displayed. For Exchange Server 2000, the version is 6.0; for Exchange Server 2003, the version is 6.5.

Exchange server version

You can also determine the version number, by going to C:\Program Files\Exchsrver\bin, right-clicking on store.exe, selecting Properties, and clicking on the Version tab.

Store.exe properties

Clicking on Product version will show the version of the Exchange software. In the case shown above, the file version is listed as 6.5.7651.61 while the product version is 6.5. The digits after the 6.5 in the file version don't necessarily match the build version displayed using the first method.

Note: the version number you see using the above methods may not necessarily be the same version number you would see displayed if you telnet to port 25 on the Exchange server. E.g. the above method of determining the version of Exchange running on a system shows it to be 6.5 (Build 7638.2: Service Pack 2), but if I telnet to port 25 on that same Exchange server, I see the following:

220 example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at
Wed, 13 Feb 2008 19:07:30 -0500

I.e. the "ESMTP MAIL Service" version is not the same as the version number for the Exchange server software on the system, so you can't infer that the version number you see displayed when you connect to port 25 on the system is the Exchange server version number.

References:

  1. How to tell which software version your computer is using
    Published: June 18, 2004
    Microsoft Corporation

[/network/email/exchange] permanent link

Wed, Feb 06, 2008 9:38 pm

HPProduct Assistant Installation Failure

While checking a user's Windows XP system, I found that every time I logged into it a window opened for the installation of HPProductAssistant.

HPProductAssistant
Please wait while Windows configures HPProductAssistant

Cancel
 

Then another HPProductAssistant window would appear stating "The feature you are trying to use is on a CD-ROM or other removalable disk that is not available" and asking me to "Insert the 'HPProductAssistant' disk and click OK" with "1" appearing in the "use source" field. When I clicked on the browse button, I saw it was looking for hpproductassistant.msi.

If I clicked on the Cancel button, I would see the error message below:

HPProductAssistant
Error 1706.No valid source could be found for product
HPProductAssistant. The Windows Installer cannot
continue.

OK
 

If I clicked on OK, which was the only option, the process would just repeat. Clicking on the Cancel button at the point where it prompted for the HPProductAssistant installation file, just kept the process repeating as well. I had to kill the application through the Task Manager to stop it.

When I checked on what process was associated with the HPProductAssistant in the Task Manager by right-clicking on HPProductAssistant under the Applications tab in the Task Manager and selecting Go To Process , I found it was hpqtra08.exe That file is associated with "HP Digital Imaging Monitor" software and is located in C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

When I went to Start, All Programs, and Startup, I found "HP Digital Imaging Monitor" listed there. It was probably put there during the installation of software for the user's printer. HP will install a lot of other software in addition to a printer driver when you use the HP-provided installation disc for one of their printers. Since it wasn't working and I doubted the user had any need for it, I clicked on Start, All Programs and Startup then right-clicked on "HP Digital Imaging Monitor and selected Delete to get rid of the entry from the startup group. I rebooted the system to verify that the problem would no longer occur; it did not.

References:

  1. Wait while Windows configures HPProductAssistant???
    Yahoo! Answers
  2. How to remove hpqtra08 error
    file.net

[/os/windows/processes] permanent link

Sun, Feb 03, 2008 7:36 pm

Determing the Package to Which a File Belongs

If you wish to determine what package a file belongs to under Solaris, you can use the command pkgchk -l -p /path/file. E.g. to determine the package to which the openssl program located in /usr/sfw/bin belongs, the following command could be used:

# pkgchk -l -p /usr/sfw/bin/openssl
Pathname: /usr/sfw/bin/openssl
Type: regular file
Expected mode: 0555
Expected owner: root
Expected group: bin
Expected file size (bytes): 318668
Expected sum(1) of contents: 16493
Expected last modification: Jan 26 21:01:01 2006
Referenced by the following packages:
        SUNWopenssl-commands
Current status: installed

From the above information, I can see the file belongs to the package SUNWopenssl-commands. I can get further information on that package, such as the date the package was installed with the command pkginfo -l SUNWopenssl-commands.

# pkginfo -l SUNWopenssl-commands
   PKGINST:  SUNWopenssl-commands
      NAME:  OpenSSL Commands (Usr)
  CATEGORY:  system
      ARCH:  i386
   VERSION:  11.10.0,REV=2005.01.21.16.34
   BASEDIR:  /
    VENDOR:  Sun Microsystems, Inc.
      DESC:  OpenSSL Commands (Use)
    PSTAMP:  on10-patch-x20060126144406
  INSTDATE:  Jul 08 2006 23:31
   HOTLINE:  Please contact your local service provider
    STATUS:  completely installed
     FILES:        5 installed pathnames
                   3 shared pathnames
                   3 directories
                   2 executables
                 634 blocks used (approx)

References:

  1. Solaris find out a package which a file belongs to
    nixCraft - Insight Into Linux Admin Work

[/os/unix/solaris/commands] permanent link

Sun, Feb 03, 2008 11:08 am

Internet Explorer Shortcut Keys

I use Furl to save copies of webpages I've found interesting. Furl creates an online bookmarks or "favorites" list for you. If you make your Furl archive public, others can also have access to your links. You also get an online archived copy of the webpage you've "furled". So if the webpage disappears or the website where it resided is inaccessible for some other reason the next time you want to view it, you have a stored copy at Furl.

But sometimes I run into difficulty with multi-page news articles. I don't want to have to furl each page individually. Some websites offer a "print" function, so that you can display a copy of all pages of the article at once to send them to the printer at once. But often, when the window opens that displays the entire article for printing, I don't see the Internet Explorer (IE) menubar with "File, Edit, View, Favorites, Tooks, and Help" on it. The link to furl pages is under "Favorites", so I don't then have access to that link.

One alternative is to right-click on the "print" version of the webpage, choose "Properties" and then copy the URL for the webpage, which you can paste into another IE window with the menubard displayed to access the page. Another method is to hit the Ctrl and "I" keys simultaneously, which will bring up the IE Favorites box.

Other IE shortcut keys to view and explore web pages are listed below:

To do this                                Press this key
----------------------------------------------------------------------
Display Internet Explorer Help or to      F1
display context Help about an item in 
a dialog box

Toggle between full-screen and other      F11
views in the browser

Move forward through the items on a       TAB 
Web page, the Address box, or the 
Links box

Move through the items on a Web page,     SHIFT+TAB
the Address box, or the Links box

Go to your Home page                      ALT+HOME

Go to the next page                       ALT+RIGHT ARROW

Go to the previous page                   ALT+LEFT ARROW or BACKSPACE

Display a shortcut menu for a link        SHIFT+F10

Move forward between frames               CTRL+TAB or F6

Move back between frames                  SHIFT+CTRL+TAB

Scroll toward the beginning of a          UP ARROW
document 

Scroll toward the end of a document       DOWN ARROW

Scroll toward the beginning of a          PAGE UP
document in larger increments

Scroll toward the end of a document       PAGE DOWN
in larger increments

Move to the beginning of a document       HOME

Move to the end of a document             END

Find on this page                         CTRL+F

Refresh the current Web page              F5 or CTRL+R

Refresh the current Web page, even if     CTRL+F5
the time stamp for the Web version and 
your locally stored version are the same  

Stop downloading a page                   ESC

Go to a new location                      CTRL+O or CTRL+L

Open a new window                         CTRL+N

Close the current window                  CTRL+W

Save the current page                     CTRL+S

Print the current page or active frame    CTRL+P

Activate a selected link                  ENTER

Open the Search box                       CTRL+E

Open the Favorites box                    CTRL+I

Open the History box                      CTRL+H

In the History or Favorites boxes,        CTRL+click
open multiple folders

References:

  1. Internet Explorer Keyboard Shortcuts
    Article ID : 306832
    Last Review : May 7, 2007
    Revision : 2.3
    Microsoft Help and Support

[/network/web/browser/ie] permanent link

Fri, Feb 01, 2008 9:41 pm

Removing a Package

Removing a package that has been installed on a Solaris system is handled by the pkgrm command, which must be run from the root account. E.g. pkgrm SMCx11vnc would remove the previously installed x11vnc package from a system. The output produced from running the command appears below.

# pkgrm SMCx11vnc

The following package is currently installed:
   SMCx11vnc  x11vnc
              (sparc) 0.7

Do you want to remove this package? [y,n,?,q] y

## Removing installed package instance <SMCx11vnc>
## Verifying package <SMCx11vnc> dependencies in global zone
## Processing package information.
## Removing pathnames in class <none>
/usr/local/share/x11vnc/classes/index.vnc
/usr/local/share/x11vnc/classes/VncViewer.jar
/usr/local/share/x11vnc/classes
/usr/local/share/x11vnc
/usr/local/share <shared pathname not removed>
/usr/local/man/man1/x11vnc.1
/usr/local/man/man1
/usr/local/man
/usr/local/doc/x11vnc/TODO
/usr/local/doc/x11vnc/README
/usr/local/doc/x11vnc/NEWS
/usr/local/doc/x11vnc/INSTALL
/usr/local/doc/x11vnc/ChangeLog
/usr/local/doc/x11vnc/COPYING
/usr/local/doc/x11vnc/AUTHORS
/usr/local/doc/x11vnc
/usr/local/doc <shared pathname not removed>
/usr/local/bin/x11vnc
/usr/local/bin <shared pathname not removed>
## Updating system information.

Removal of <SMCx11vnc> was successful.

References:

  1. Remove a Solaris package with pkgrm
    November 28, 2005
    tech-recipes - Your cookbook of tech-tutorials

[/os/unix/solaris/commands] permanent link

Fri, Feb 01, 2008 8:40 pm

Pkginfo Command

On Solaris systems, the pkginfo command can be used to obtain information on installed packages. It is somewhat aking to the rpm and similar commands on Linux systems.

usage:
pkginfo [-q] [-pi] [-x|l] [options] [pkg ...]
pkginfo -d device [-q] [-x|l] [options] [pkg ...]
where
  -q #quiet mode
  -p #select partially installed packages
  -i #select completely installed packages
  -x #extracted listing
  -l #long listing
  -r #relocation base
and options may include:
  -c category, [category...]
  -a architecture
  -v version

If you just issue the command pkginfo, you will see list of all of the installed packages on the system with a one-line listing per package.

# pkginfo
system      CADP160                          Adaptec Ultra160 SCSI Host Adapter
Driver
application CFWWine                          WINE
system      HPFC                             Agilent Fibre Channel HBA Driver
system      NCRos86r                         NCR Platform Support, OS Functional
ity (Root)
system      SK98sol                          SysKonnect SK-NET Gigabit Ethernet
Adapter SK-98xx
system      SKfp                             SysKonnect PCI-FDDI Host Adapter
application SMChtdig                         htdig
<text snipped>
system      SUNWzlib                         The Zip compression library
system      SUNWzoner                        Solaris Zones (Root)
system      SUNWzoneu                        Solaris Zones (Usr)
system      SUNWzsh                          Z shell (zsh)
system      SYMhisl                          Symbios 895A, 896 and 1010 SCSI driver

If you are just interested in a particular package, you can use pkginfo pkgname where pkgname is the relevant package. But you need to bear in mind that the name assigned to the package may have SUNW in front of it or may not otherwise be exactly what you expect. E.g., suppose I want to know whether the zlib package is installed, because I want to install some other package that lists the zlib software as a dependency. If I use the command pkginfo zlib, I see the following:

# pkginfo zlib
ERROR: information for "zlib" was not found

Using pkginfo | grep -i pkgname will likely be better, unless you are certain of the package name.

# pkginfo | grep -i zlib
system      SUNWzlib                         The Zip compression library

Now I see the package name for the zlib package is SUNWzlib and I could use that command with the pkginfo command, but I want see any more information unless I use the -l option to get a long listing.

# pkginfo SUNWzlib
system      SUNWzlib The Zip compression library
# pkginfo -l SUNWzlib
   PKGINST:  SUNWzlib
      NAME:  The Zip compression library
  CATEGORY:  system
      ARCH:  i386
   VERSION:  11.10.0,REV=2005.01.08.01.09
   BASEDIR:  /
    VENDOR:  Sun Microsystems, Inc.
      DESC:  The Zip compression library
    PSTAMP:  sfw10-x20050108014620
  INSTDATE:  Jul 08 2006 23:00
   HOTLINE:  Please contact your local service provider
    STATUS:  completely installed
     FILES:       13 installed pathnames
                   4 shared pathnames
                   4 directories
                   2 executables
                 424 blocks used (approx)

The long listing shows me the version of zlib installed, which in this case is version 11.10.0. I also see the installation date was July 8, 2006 at 11:00 P.M.

References:

  1. Solaris: list installed packages with pkginfo
    November 28, 2005
    tech-recipes - Your cookbook of tech-tutorials

[/os/unix/solaris/commands] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo