Blog

Featured

NetTools Basics

NetTools has a number of common features which are used throughout the program. This post provides details on some of these features.

Where to start
The number of options in NetTools can make it confusing where to start.  The best approach is to start with the Search option under Users, this allows you to search the AD, be it at the Forest or Domain level for any object in the Active Directory, from there the context menu options allows you to then interrogate the returned objects.  See User Search.

To find your favorite option quickly, NetTools includes a Pin option, which will add a toolbar button at the top of the Options list to quickly select your commonly used options.  To Pin an item, select the option, then right click on the option name and select the Pin from the context menu, you will be prompted to select an icon for the button.  To remove a Pinned item, simply right click on the button and select Remove.

 
Option or test Linking
For a number of the tests the output from one can be used as the input for other tests and options, by selecting the corresponding output entry and right clicking the context menu will display these options.  The Search option has a number of linking options that are displayed under the use with sub menu.

Copy and Paste
The outputs from the tests can be copied into other functions in NetTools or to external programs.  The Copy and Paste option are displayed in the right click context menus. For table views it's possible to copy the data in a single column, the line, or the entire table. When using the copy column option, mouse position when the right click is pressed, is used to define which column will be selected.  For text based output fields it's possible to copy the text as with standard copy and paste.  The Copy to new Window context menu option will copy the contains of the view to a new detached window, which provide additional sort and filtering options.  See Copy to new Windows

Server Lists
In most of the options there is a server or domain enter field, this is a dropdown list.  The right click context menu you save the current name and also manage the lists.  A separate list is used based on the enter field name, i.e. Server, Domain, LDAP filters etc.

Server and Domain Fields
The server and domain fields are optional, by default NetTools will use the domain information of the computer that is running NetTools.  By default the server name will use the name returned by the DsGetDcName API.  For the domain filed , the name of the domain that the machine running NetTools will be used.

Credentials
By default NetTools will run in the context of the session that is running NetTools.  It's possible to use the RunAs option to use a different account with elevated permissions. Some of the option have an option to use the credentials that are provided in the LDAP Search option.  See Credentials

Messages\Results pane
On most options, there is a lower pane, this pane is used to display any errors or status report from the execution.

NetTools saved configuration
NetTools uses a single configuration file called NetTools.ini, this is used to save any user defined configuration or saved lists.  NetTools will try to read the configuration from the same location as the exe from executed from.

NetTools V1.27.7

General
A new Pin context menu option is available in the left hand option selector, which is used to create shortcut buttons for your commonly used options.  See Basics
Default Copy to clipboard shortcut key has been changed to Ctrl-C, to align with standard copy and paste keys. now in any of the table views if one or more rows are selected and Ctrl-C is pressed, contents of the column directly under the cursor is copied to the clipboard

AD Properties
Updated to display Kerberos DES-CDC-CRC, DES-CDC-MD5, RC4 encryption options
Updated to use the LDAP enum decode function so attribute decodes are common across all dialogs 

Compare Objects
Added a Compare Values context menu option which displays a visual side by side comparison of the values with the difference highlighted. See Compare Objects

LDAP Browser
Fixed bug in LDAP browser, where intermittently it would display the attribute values twice

LDAP Search
Updated the LDAP Session options to fix a bug with the GetDsName flags
Updated enums to support LargeInteger (int64) values
Updated the MsExchRecipientTypeDetails, msExchRemoteRecipientType, msExchModerationFlags, and MsExchRecipientDisplayType enums with O365 values
Updated the OmSyntax enums values 
Added new Base64 Decode Type, to allow attribute values to be outputted in base64 format

RID Pool
Added an extra column to display the number of RID that are left in the pool for each domain controller

Base64

the Base64 option provides the ability to encode and decode different data into and from base64 encoding.  This is useful when creating LDIFDE input files which use Base64 for the GUID or just encoding data to be send via email.

The pane is free text entry form, you just need to enter the data you want to encode, highlight the text you want to encode and then right click and select require Encode from option and select the input data type and it will be encoded it in base64.  To decode a base64, just copy and paste the base64 encode text into the pane, then highlight the encoded text and the required decode to option.

These are the menu options that are available:

Generate GUID - using the Windows API this will generate a unique GUID
Text - will encode from text to base64 or base64 from to text
GUID - will encode a GUID to base64, the text GUID is converter to Hex before its encoded, or base64 to text GUID
Hex - Encode a hex text to Base64, or from base64 and dump the decoded data in Hex

This shows a sample text being encode to Base64:

This shows the previously encoded text being decoded:

Now this is decoding a base64 encoded text to Hex:

This shows a number of GUID that have been generated and the last entry is encoded to base64 and then decoded to Hex:

AD Subnets

AD Subnets allow you to query the AD to see which site a single or multiple IP addresses have been assigned to.  For a single IP address enter the IP into the IP Address field and click Go and results will be display.  If you have multiple IP addresses that you need to check, you can copy and paste the list of IP addresses in the results pane and NetTools will check and display the results for each IP addressed that is pasted.  

URL Check

This option combines the HTTP Headers, IP Geo Location, Ping, Trace Route, WhoIs - Name and WhoIs - IP results in a tabbed view, allowing you to collect and dispaly all the necessary information for a domain or website in a single view.

The results displayed are the same as the individual options.  The result are based on the configuration set on each of the individual options.

HTTP Headers

the HTTP Headers option is used to display the HTTP headers that are returned by website. This provides the ability to check the security settings you have defined on your website.  It also includes an option to Allow Redirects, when this option is not selected, any redirect request is ignore and the original header displayed.  When enabled it will display the final redirection header for the website.

Common examples are websites redirecting the standard www.name.com to http://name.com or https://name.com

WhoIs

The WhoIs option will query the WhoIs servers and return the details of registered name or IP address.  If the Show Referrals option is enable, if a referral is returned, then it will query the returned referral server for the information.

This function using the TDL.whois-servers.net server for name lookups, and whois.arin.net for IP address lookups.  It uses the original RFC services on port 43, some proxy implementation may block this port, in which case NetTools will report a 10060 error.

Ping

The Ping option provides a simple and configurable ICMP echo function to ping one or more host simultaneously.  The configuration options include the number of pings to be sent controlled by the Count field, the delay between each ping set by the Delay field and in case of a slow or failed response, how long to wait before continuing, set by the Timeout field.

To add a single host use the Add Entry option on the context menu, if you want to test more than one, copy and paste a list of IP address or name into the pane.

When the Go button is pressed all the hosted are test simultaneously., the passed\failed column will display a indicator to show if the test passed or failed.

IP GEO Location

This option uses the web API services provided ip-api.com to display the IP geo location information about a specified IP address or name.  The ip-api.com API has usage limits, if you exceed the usage limit of 45 requests per minute you will be block, repeatedly exceeding the limit could see you blocked for up to an hour.

The API provides a basic set of information for the IP address.

Trace Route

The Trace Route option provides the fastest possible trace route function.  Like other Trace Route commands it will report the devices that are transversed with each hop until it to get the final host, and the time taken to get to each hop, with timing based on a user definable number of ICMP pings.  The main difference with this implementation of trace route, is that it doesn't test each hops sequentially, waiting for the previous hop to be tested before moving onto the next hop.  All hops in the route are tested simultaneously, the results are displayed in seconds, rather than minutes.  The number of hops that are tested simultaneously is defined by the Hops field and number of ICMP echo to be preformed is controlled by the Count field, NetTools will attempt to resolve the names of each hops if the Resolve Names option is selected.

In the default configuration, just the host name, either short name, FQDN, or IP and click Go and the results will be displayed.

 

Trace Route