Searching browsing history for a specified period with BrowsingHistoryView

I performed a malware scan of a system with McAfee Total Protect on 2016-12-14 which found malware that was apparently placed on the system on December 8, 2016. Since BrowsingHistoryView from Nir Sofer provides a means to examine the browsing history stored on a system for many browsers, I installed it on the system - the installation process consists of simply extracting the files contained in the zip file you can download from the NirSoft website - in an attempt to determine the source for the malware. I thought there might be an entry in the browsing history for a time near the time stamp on the malware file that would reveal a website from which it might have been downloaded. BrowsingHistoryView allows one to view the browsing history for the following browsers:

• Chrome
• Chrome Canary
• Firefox
• Microsoft Internet Explorer
• Microsoft Edge
• Opera
• Safari
• SeaMonkey
• Vivaldi
• Yandex

[ More Info ]

[/os/windows/software/network/web/BrowsingHistoryView] permanent link

Ncat 5.59BETA1 for Microsoft Windows

Ncat, which is a reimplementation of the netcat computer networking utility, is a utility which reads and writes data across a network from a command-line interface (CLI), such as a shell prompt or a Microsoft Windows command prompt. It supports TCP and UDP, SSL, and proxy connections via SOCKS4 or the HTTP CONNECT method.

You can downloaded a precompiled binary version of the utility from Nmap.org or this site.

Nmap.org
MoonPoint Support

[ More Info ]

[/os/windows/software/network] permanent link

Using iperf on a Microsoft Windows system

Iperf is a free open-source software tool that provides a capability to measure the throughput between two hosts using both Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) data streams. The software can be run in either server or client mode. To determine the network bandwidth available between two systems, you can run iperf in server mode on one of the systems and in client mode on the other.

The software is available for a variety of operating systems. You can download iPerf binaries from iPerf - The network bandwidth measurement tool for the following operating systems:

1. Microsoft Windows
2. Android
3. iPhone / iPad
4. Apple OS X
5. Download iPerf for Ubuntu / Debian / Mint
6. Download iPerf for Fedora / Red Hat / CentOS
7. Download iPerf for openSUSE
8. Download iPerf for Arch Linux
9. Download iPerf for FreeBSD

[ More Info ]

[/os/windows/software/network/performance] permanent link

Tcproute

On Unix, Linux, and OS X systems, traceroute sends UDP datagrams to high-numbered ports with an increasing time to live (TTL) value. The first datagram sent has a time to live of 1. Each network hop, e.g. a router, along the path of a UDP datagram or TCP packet to its destination will decrement the TTL value by 1 and, unless the system is the final destination, will send an ICMP error datagram (11 - Time Exceeded) back to the source system, if after it decrements the TTL the TTL value is 0.

As an example, suppose you are performing a traceroute between two computers with two routers between the source and destination systems as in the diagram below.

When you issue the command traceroute workstation2, the traceroute command will first send out a UDP datagram with a TTL of 1. Router 1 will decrement the TTL, at which point it becomes 0, so router 1 sends an ICMP "time exceeded" datagram back to workstation 1. Workstation 1 then sends another datagram to workstation 2, but this time with a TTL of 2. Router 1 is the first hop on the path to workstation 2 and it decrements the TTL and sends it on to router 2 which also decrements the TTL at which point it is now 0, so router 2 sends back a "time exceeded" datagram to workstation 1. Then workstation 1 sends a datagram with a TTL of 3. This time the TTL is decremented to 2 at router 1 and then to 1 at router 2, which sends the datagram on to workstation 2, which is the destination system that will send a reply back to workstation 1. On Microsoft Windows systems, the tracert command uses a similar process except it sends ICMP echo requests, instead of UDP packets to a high-numbered port.

Another tool available for use on Microsoft Windows systems is tcproute. Tcproute sends TCP packets to port 80 on the destination system, increasing the TTL value by one with each packet sent, so the tool is similar to the process employed by traceroute on Unix, Linux, or OS X systems, though it is using TCP rather than UDP and is using a destination port of 80, the default port used by web servers for Hypertext Transfer Protocol (HTTP) traffic.

[ More Info ]

[/os/windows/software/network] permanent link

Resetting the password for the PRTG Network Monitor on Microsoft Windows

After you've installed the PRTG network monitoring software on a Microsoft Windows system, which provides Simple Network Management Protocol (SNMP) monitoring capabilities, when you log into the web interface for the first time, the login name and password for the default administrator login are both prtgadmin. You can leave the login name and password fields empty and click on the Default Login button to log in using these default credentials.

If you changed the password, but have forgotten the password, you can reset it by running the PRTG Administration Tool. Once you've opened the application, click on the Administrator tab then type a new password in the Password field and retype the password in the Confirm Password field. If you've also forgotten the login name you used, you will see it on that window.

When you click on Save & Close, you will see the following message:

In order to activate the settings the following will be done by the PRTG Administration Tool:
- Stop and start the PRTG core server service.

The PRTG Administration Tool will close automatically afterwards.

OK to proceed?

If you are accessing the web interfce through a browser and provide the login credentials but don't see any message indicating that they are incorrect, but just see the page for entering the userid and password again, then you may need to enable cookies in the browser; I had to enable cookies in the K-Meleon browser to get past the login screen.

If you changed the port for the web interface, you can find it listed under the Web Server tab.

Note: these instructions apply to PRTG Administration Tool version V15.3.17.2995 and might not apply to other versions.

[/os/windows/software/network/snmp/prtg] permanent link

DNSQuerySniffer v1.35

I installed DNSQuerySniffer v1.35 on a Microsoft Windows Professional system which has been generating a lot of unusual DNS and HTTP traffic even when the owner of the system is not using the system. E.g., I've seen a lot of such traffic overnight, far more than can be accounted for by normal processes running and checking on available updates, etc. And the websites being contacted are not ones I would expect to be contacted. DNSQuerySniffer allows the DNS queries and responses from DNS servers to the system on which the software is installed to be monitored and captured for later analysis.

[ More Info ]

[/os/windows/software/network/dns] permanent link

SNMP Tester

If you need an SNMP test tool for a Windows system, Paessler, a company that produces network monitoring software, offers SNMP Tester for free. There is no installation process for the software other than extracting the files in the downloaded zip file to a directory of your choice and running snmptest.exe.

After extracting the files to a directory under Program Files using an administrator account, I tried running the program from a normal user account. The program didn't appear to open, though I could see it running when I used the Task Manager to check on running processes, although the CPU utilization for it stayed at 0. So I right-clicked on snmptest.exe and chose "Run as administrator". The program then opened. I found that I could extract the files to a folder in the My Documents directory of the regular user account and run it from there. The issue I first encountered when attempting to run the program from the Program Files directory was that the program wants to update an snmp.ini file in the directory from which it runs and that account didn't have write access to the Program Files subdirectory within which it was located.

When you run the program, place the IP address of the system you wish to scan in the Device/IP field; if the SNMP port has been changed from the default value of port 161, change that also. Specify the community string in the Community field. If you want to see the uptime of the device to just verify the device is responding to SNMP queries, leave "Read Device Uptime" selected under Select Request Type. Then click on the Start button to initiate the scan.

You can also put an OID, such as 1.3.6.1.2.1 in the Walk field, select the Walk radio button and click on Start to "walk" through a sequence of OIDs or specify a particular OID, e.g.,1.3.6.1.2.1.1.5.0 in the Custom OID field.

[/os/windows/software/network/snmp] permanent link

PRTG Network Monitor

If you would like to use a Microsoft Windows system for Simple Network Management Protocol (SNMP) or Windows Management Instrumentation (WMI) monitoring of systems, Paessler AG provides a free edition of their PRTG Network Monitor software, that provides a lot of capabilities, though there is a limit of 10-20 sensors with the free version (you can increase the default limit from 10 to 20 by putting a small banner for the program on your website). But for small businesses or personal use, that may provide all of the monitoring capability you need.

The company also provides other free SNMP and network tools at Free network tools for system administrators

[ More Info ]

[/os/windows/software/network/snmp] permanent link

IE HistoryView

If you need to view information regarding the Internet Explorer history of browsed webpages, IE HistoryView allows you to access that information for not only the profile under which you are logged into a system, but for other profiles as well.

[/os/windows/software/network/web] permanent link

SimpleCheck

I installed SimpleCheck on a laptop today. The program makes it easy to check multiple POP3 email accounts. The program provides the capability to dowload only part of a message or the entire message, delete messages from POP3 servers, and to send mail from the specified accounts.

[/os/windows/software/network/email] permanent link