OSTU - Remote Capture Using rpcapd (by Tony Fortunato)
Methods for Digital Sound Quality Estimation (by Endre Domiczi)

Review of NetScanTools Pro (by the Masked Network Engineer Team)


Logofinal2005_188wVendor Profile - Northwest Performance Software, Inc. is a privately held small business located in Sequim, WA and a leading provider of network information and security utilities. Its flagship product, NetScanTools Pro, is used at hundreds of Fortune 500 companies and government sites. NetScanTools was designed in 1995 as one of the first combined network utility toolsets at a time when most Windows based network applications were offered as separate utilities for each function. This integrated approach was further expanded with the introduction of NetScanTools Pro in 1999.

REVIEW: NetScanTools Pro is a collection of over 40 handy network tools – a veritable “Swiss-army knife” in your networking toolkit.

Very nicely laid out and organized into functional groups: Host/Domain/IP tools; Target Presence tools; Target Information tools; and tools which relate to the host computer, such as tools for examining the local internet browser’s cache of cookies and files.

An extremely cost-effective way to acquire in depth knowledge about your network and with the DNS tools and Whois tools one can gain knowledge about other sites and networks.

With this many tools, one has to stand back a bit and consider how to evaluate the total product, while admiring the boldness required to put so many assorted tools together in one package. After all, it might be possible for a weakness or imperfection in just a couple of the tools to tempt some to underestimate the value of the whole, also considering that space and time prohibits a comprehensive evaluation of every tool in the set.

Here are some of the key parameters and metrics…. This is not a tool that will be used for ongoing performance measurement and monitoring of networks. It will be vital however, for understanding how the network is laid out, prior to taking on performance-management related activities.

Ease of use and payback. For ease of use, each tool has a well-designed interface and adequate Help screens. For payback, how well the tool gathers and presents information in a timely fashion. In my view, payback in this arena correlates to knowledge – in this case knowledge about the components that make up the network, particularly those that play key roles in facilitating the operation of web-based applications, starting from the assignment of TCP addresses, DNS operations, and so forth.

Explanations and examples will follow, however, there is no doubt that the tools are extremely well-designed and easy to use, with very good supporting help built in. For Payback, We estimate that most people will find that the NetScanTools Pro can pay for itself in less than one day of use – such is the intrinsic value of this comprehensive toolset! We cannot think of a higher compliment to pay than this: If you install this toolset and make an effort to try each of the 40+ tools, in the process of learning and applying them, the price of the product will fade to insignificance.

For each of the above-mentioned categories, we will select one tool and describe it:

Host/Domain/IP tools:

This group contains an IP/MAC Address Management tool, IP Address-to-Country Mapping tool, DNS Name Server Lookup tool, Realtime Black List Check tool, Subnet Calculator tool, and WhoIs tool. The DNS Name Server Lookup tool is a very comprehensive set of operations in and of itself: Just about anything you want to do gather DNS information you will be able to do via this tool, including detailed trace information on a subject host starting from root servers downwards towards authoritative DNS servers.

In the latest version 10.80 the Name Server Lookup tool talked about above has been split in two tools and renamed “DNS Tools – Core” (this contains the features above) and “DNS Tools – Advanced” which now has new tools that we have not reviewed.

For your own personal review of the new additions go to -


Target Presence tools:

This group contains ARP, ARP ping, DHCP Server Discovery, Passive Discovery of Local Subnet IP Devices, NetBIOS (Windows-based systems) Basic and Advanced tools, NetScanner (ping sweep), Net Topography, Packet Generator, Ping, Promiscuous Mode
Scanner, TraceRoute, and Wake-On LAN tools.

The ARP tool contains tools for manipulating the ARP cache and a specialized ARP Scan tool. ARP Scan shows all IP devices connected to your subnet even if they are protected by a personal firewall and invisible to ICMP Ping.

The TraceRoute tool does the Windows style ICMP echo/echo reply TraceRoute and it also does the *nux style UDP packet/ICMP echo reply method plus the newer firewall penetrating TCP TraceRoute. TCP TraceRoute is very useful in showing the hops beyond the last responding router to a web server. Large companies will quite often block incoming ICMP at a border gateway so you are prevented from seeing all the hops to the web server – TCP TraceRoute is designed to show you the additional hops.

The Packet Generator tool can be used in conjunction with a Network Protocol Analyzer like Wireshark to test the response of devices to normal and malformed TCP, UDP, and ICMP packets.

The Packet Viewer can capture packets and save them to files suitable for offline analysis using Wireshark.

One of the more interesting and intriguing tools in this group is the Promiscuous Mode Scanner, which purports to identify devices on a local subnet that are listening to every packet presented to them. Since unauthorized packet sniffing has been a key part of several serious security breaches, a tool like this could help flag devices which may be set into a packet-capture mode unbeknownst to network managers.

Target Information tools:

This group consists of some of the same tools to be found in the above two groups, but also includes: Finger, Launcher, Port Scanner, RPC Info, Simple Services, SMTP Mail Generator, TCP Term, Test TCP (TTCP), and URL Capture tools.

The SMTP Mail Generator and Relay Test tool can send test email messages, and can also check SMTP servers for open relays without sending email using 17 of the most common relay tests. Test TCP (TTCP) can be used to measure data communications with a remote station running a version of NetScanTools Pro in a client-server relationship.

Local Host tools:

This group contains the following tools: (Browser) Cache Forensics, Connection Detection, Database Tests, NetBIOS Basic and Advanced Info Collection, Network Statistics, TimeSync, and Winsock Info tests.

The Browser Cache Forensic tool is very interesting and, in a word, cool! With it, you can pull up and examine history, files, and cookies stored in your local browser’s cache. In a matter of a few clicks, for example, you can hone in on an individual GIF or JPG file and launch a program to display it.

In summary, all of the tools, like the ones described, are very simple and functional, and can apply to a great many situations where detailed information about network systems may be lacking and answers are needed quickly. Nearly all of the information screens are exportable to text and/or HTML files.

Overall the Masked Network Engineer Team gives the NetScan Tools two (2) out of two (2) thumbs up!

#1Thumb1#2Thumb2 Super Tool!

We feel that this consolidated tool kit with it’s easy GUI would be a valuable addition to your tool kit.

For videos showing most of these tools in action check out –