Helmers Blog

Thanks go to Steven Bink (from Bink.nu) for blogging the following :

Wish you could get a network capture from a computer with no capture software installed? Wish you could have a network traffic “flight recorder” on a USB key? Here’s your answer!”

The motivation behind creating this tool was to provide an extremely simple way to get a trace from an end user. And the name says it all, though maybe a small bit of false advertisement as it may take a bit more than just one click . Once you have it downloaded to your machine, you can launch the executable and it will lead you through some simple dialogs that install the tool and start a trace. Once the trace is complete, which means it was manually stopped by the user or the default time of 2 hours have passed, a window will be opened to the location for the capture, called OneClick.cap.

Two Versions for Two Scenarios

One Click Autorun: The main scenario is a customer who has network access and can simply click on the EXE from a share or get the tool locally using the internet. Running this version will install NM 3.1 on your machine (if you do not already have a previous version of NM 3) and begin capturing. The capture will terminate after 2 hours, or if you press the ‘x’ key on your keyboard. If you did not have NM3 on your machine previously, NM 3.1 will subsequently be uninstalled.

Extract Only: For this scenario, the user doesn’t have network access at all. This version is tailor made for use with a USB drive to be inserted into a problem machine. If you place the files on the root of a flash drive, One Click will run automatically when you insert the drive.  You can also run One Click by double clicking the file “OneClick.cmd” in the destination folder. The resulting capture will be copied back onto the USB device.

Detailed Tour of a One Click Capture

First thing I should mention is if you are running on Vista and don’t have NM3.1 previously installed or you are not a member of the Netmon User’s group, then you will need to run the EXE with elevated rights. Just right click the EXE and select “Run as Administrator”.

When you launch the One Click tool, it will prompt you with a EULA dialog. Assuming you accept the terms, then click YES. Remember that we do install a driver for Vista in cases where NM3 is not already installed. Also one caveat here is that if NM3.0 is installed, we use that driver rather than installing a new one. The disadvantage here is that NM3.0 can’t do wireless monitor mode or RAS capturing.

Once you accept the EULA, a CMD prompt dialog with a red background and white text shows up. We leverage NMCap for this job which is a command line utility, hence the CMD window. The window contains instructions as to where the capture file will be put by default. If you want to change this location, you can type a new one now.

If you choose the default be pressing enter, the capture will be started. At this point typing X on the keyboard will stop the capture once you are done. If you don’t press the X key, the capture will complete after 2 hours.

When the capture completes, an explorer window will open to the location where the capture file was stored. This allows the user to simply send the file to you in email or upload it to a location where it can be accessed by the original requestor.

If multiple captures are taken with the tool, the current OneClick.cap file will be renamed and appended with an incrementing number on the end.

Obtaining the Tool

At this point we are beta testing the tool. So the only means of getting it is on the Network Monitor project on http://connect.microsoft.com. When you join the project, you will see both the Auto-run and Extract Only packages in the download section. Once we release the tool, we will make it available on the Microsoft Download site as this is more convenient, which is our goal for this tool.

Source : Kurt Roggen’s Blog

Server Message Block (SMB), also known as CIFS (Common Internet File System) is the file sharing protocol used by default on Windows based computers.  Windows includes an SMB client component (Client for Microsoft Windows) and an SMB server component (File and Printer Sharing for Microsoft Windows).

SMB in Windows Server 2008 and Windows Vista support the new SMB version 2.0 that has been redesigned for today’s networking environments (wireless, possible high loss, timeouts, high latency, …) and for the needs of the next generation of file servers (EFS over the wire, Offline Files and Folders enhancements, …).

Machines running Windows Server 2008 and Windows Vista support both SMB v1.0 and SMB v2.0.  However SMB 2.0 can only be used if both client and server support it!!  So, the SMB protocol revision to be used for file operations is decided during the negotiation phase. 

A Vista client advertises to the server that it can understand the new SMB 2.0 protocol.  If the server (Windows Server 2008 or otherwise) understands SMB 2.0, then SMB 2.0 is chosen for subsequent communication, otherwise they fall back to SMB 1.0. 

This preserves “downwards” compatibility so that deploying Vista clients or Windows Server 2008 servers should be simple and straightforward.   The following list below describes what protocol will be used when communicating between different types of client and servers.

• Vista client <> Vista client or Windows Server 2008 – SMB 2.0
• Non-Vista client <> Vista client or Windows Server 2008 – SMB 1.0
• Vista client <> Non-Vista client or Non-Windows Server 2008 – SMB 1.0
• Non-Vista client <> Non-Vista client or Non-Windows Server 2008 – SMB 1.0

For an overview of the impact on network throughput, have to look at the white paper of a third-party benchmark study done by The Tolly Group which compares network throughput and time-to-completion of several tasks when using Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008 .

  Click on the image to view the image at it’s original size.

On iStartedSomething I read the following : It’s rare for a week to go by without a few interesting Microsoft job advertisements. One of which posted last week provides a pretty good idea at how the next version of Windows will improve the wireless networking experience.

Vista was about making Wi-Fi connections as seamless, manageable and secure as wired networks.

The next Windows version is really about taking Wireless networking to the next level by enabling new complete end to end scenarios and experiences that are going to change how windows PCs interact with each other and other devices and nodes over a wireless network.

As a part of the Windows Networking Ecosystem Technologies team, you will be working on scenarios around virtualizing Wireless to allow connections to multiple networks simultaneously. You will be working on enabling new windows to windows connectivity paths within a wireless network to improve wireless throughput and latency. You will be working on wireless-only office and mesh networking scenarios that will make setup and management of wireless networks quick and inexpensive with the goal to reduce TCO for centrally controlled and secured deployments by improving manageability, performance and reliability.

As a part of this work, you will be working closely on existing and in-works wireless standards such as IEEE 802.11s, 802.11k, 802.11r, 802.11w. This position will provide you the unique opportunity of working on core wireless areas as well as collaborating with several other key Windows technologies to deliver a complete functional end to end scenario. The work will be in both the Windows kernel and user space.

Whilst wireless meshing is an exciting feature to look forward to, I think the killer feature will be virtualizing wireless adapters. Currently, one wireless adapter can only connect to one wireless network. Connecting to many networks simultaneously could open up a range of opportunities beyond just performance enhancements.

For example, if you were to set up an ad-hoc computer-to-computer connection right now, you’d have to give up your current infrastructure (computer-to-router) connection. That means you’ll most likely lost internet connection as both users are only connected to each other. With virtualized adapters, you would be able to allocate one to your ad-hoc network, and another to keep your existing connection.

That together with wireless meshing technology, this could eliminate wireless dead-spots altogether. Because each wireless client could also become a repeater for the wireless signal (ad-hoc), like ripples in a pond the wireless signal will expand as long as users are within range of each other even if they’re well outside the original access point’s range.

Fifteen years ago, on October 27, 1992, Microsoft shipped Windows for Workgroups (aka WfW for those who had dial-up Internet access back in the day that charged by the character) v3.1.

One of the major selling points of this release/update was the inclusion of “built in networking functionality” that would help make sharing files, sending electronic mails and “surfing” those Gopher sites — that is, if you installed that pesky TCP/IP update – that much easier. 

Granted, these networking features were basically NetBIOS, but that didn’t stop us from saying proudly on the product box: “Windows for Workgroups: Operating System with Integrated Networking.” 

While WfW Networking was still a leap forward, you’d have to wait until Windows 95 to get the complete “Internets” ready experience out of the box with Windows.

Source : Forefront Team Blog

The DHCP Server Callout DLL helps to filter out DHCP requests based on MAC address.

When a device or computer tries to connect to network, it first tries to obtain an IP address from the DHCP Server. The Callout DLL (read: hook-in DLL) also works and should continue to work on Windows Server 2008.

The DHCP Server Callout DLL checks if this device MAC address is present in known list (text file) of MAC addresses configured by administrators. If it is present, the device will be allowed to obtain an IP address or the device requests will be ignored based on the action configured by administrator. MAC address based filtering will allow network administrators to ensure that only a know set of devices in the system are able get ip address from DHCP Server. This DLL will help administrators to enforce additional security into network.

After installation, both the DLL (MacFilterCallout.dll) and the installation/configuration instructions (SetupDHCPMacFilter.rtf) are available under %windir%\system32.

Download MacFilterCallout.dll

Additional Information : DHCP Team Blog

Source : TechLog