http://www.diamondcs.com.au/portexplorer/

Main improvements ...
- Fixed issue with Nod32's resident scanner - shouldn't be any issues with Nod32 anymore after this build
- Fixed crash in Socket Spy when viewing corrupted data
- Increased the Socket Spy packet decoding speed
- Fixed the Resolve dialog not working after entering a blank input
- Fixed right-click on the menu bar causing highlight to stay, and hopefully fixed the black menu bar problem also
- Fixed socket count
- Fixed an issue where sometimes on NT/2K machines, if a port-process map lagged behind the display it would be shown incorrectly
- Fixed possible problem with Large Icons enabled
- Fixed 'Terminate Process' button on 'What is ?.exe' - it was set to default, not anymore
- Fixed bug in full version relating to the new 'What is' dialog
- Other minor bug fixes

This build is the most rock-solid, stable build we've yet released, and there's also a couple of additions to the helpfile:
Intro for Beginners
Tips & Tricks

We hope you enjoy the new release!

{QUOTE-> quoting: Wayne - DiamondCS link=board=7;threadid=5022;start=0#32807 date=1037769454]
This build is the most rock-solid, stable build we've yet released, and there's also a couple of additions to the helpfile:
Intro for Beginners
Tips & Tricks

We hope you enjoy the new release!
<-QUOTE}

Already installed and running! ;D

Indeed, the issue with NOD32 AMON constantly scanning the three files in question is FIXED as is the socket count. A quick glance also suggests some other minor issues I noticed are gone as well so I can cross them off the list. 8)

GREAT JOB, GUYS!! (and *quick*, too)

Now I'm off to give this puppy a REAL test drive. Comments to follow.

Phil

{QUOTE-> quoting: Phil link=board=7;threadid=5022;start=0#32809 date=1037771575]
Comments to follow.
<-QUOTE}

Well, so far, it just *works* -- plain and simple. Most all the issues I noticed in ver 1.200 are gone and the couple that remain are *so* minor I won't even bother mentioning them at this point. I will do more thorough testing over the next couple of days but it doesn't look like I will find much, if anything, buggy. Nice peice of work.

Hey -- how do you guys expect me to be happy if I don't have something to complain about? ;D ;D

Phil

> the couple that remain are *so* minor I won't even bother mentioning them at this point.
No, please do! :)

{QUOTE-> quoting: Wayne - DiamondCS link=board=7;threadid=5022;start=0#32813 date=1037776991]
> the couple that remain are *so* minor I won't even bother mentioning them at this point.
No, please do! :)
<-QUOTE}

Ok, but remember I said they are MINOR.

There is a small amount of mem creep, but it is much less than before with ver 1.200 -- probably less than half per time period. Given time, I will give you numbers. This is NO problem, though, because you can easily knock it back down with the reduce function. The reason this is minor is because the mem usage is so low anyway.

The second is with the resolve utility. It seems to have problems finding many sites and the "country highlight" seldom works. That's just eye candy anyway so no big deal. Again, with a little more time, I will give you better info and detail.

See -- baby stuff. :)

Phil

Port Explorer has been extensively tested for memory leaks, using not only 3rd party tools, but I think smart coding 8) . Everytime a new socket gets created it uses around 1-4KB of memory. I don't know if you are accustomed to "memory heaps" but basically Port Explorer's grows and very rarely shrinks to suit the amount of sockets you have. The reason I keep memory allocated if say you have 500 sockets at one stage then go back down to 100 is due to performance issues and fragmentation of memory. Since memory usage is so low I thought it would be better to optimize the usage for speed then total memory used given an amount of sockets. As it is now Port Explorer can be ran very well on large enterprise servers as well as normal Desktop PC's .

Again there is no "memory leakage", all memory allocated is deallocated correctly 100% of the time. But if it one stage you get 500 sockets on your system then Port Explorer will allocate enough memory for those 500 and keep it there until you get more sockets or close the app. Again 500 sockets only means around 0.5MB-2MB of ram, very little, considering you would need to have some sort of server to get around 500 sockets at once.

As with the resolving issue... some beta testers reported problems with it not finding ALL sites, but I havn't found it not be able to find a site yet, and since it uses windows standard resolving functions I can't see why it wouldn't find a site unless there was some network error. Would you mind sending a screen capture of a site that you tried to resolve but couldn't.
-Jason-

Hope we understand each other well. I just grab this IP from my list this moment, telling me can't find host nor country and the whois only gives the arin net.
209.123.179.78 and no location on the map of course with this.
When i find USA based IPs, i never see the location in the map, AU and EU i think all time, other areas should need to look for again but not always either.

{QUOTE-> quoting: Jason / DiamondCS link=board=7;threadid=5022;start=0#32819 date=1037780987]
As with the resolving issue... some beta testers reported problems with it not finding ALL sites, but I havn't found it not be able to find a site yet, and since it uses windows standard resolving functions I can't see why it wouldn't find a site unless there was some network error. Would you mind sending a screen capture of a site that you tried to resolve but couldn't.
<-QUOTE}

The NEXT time I will use my better judgement and NOT answer the "aw, do it now" question. I did say it was not worth mentioning and would *prefer* to have the time with 1.250 to give hard numbers. Just an hour or so is not enough time.

In the past 90 minutes sitting here on this site with no new sockets opened, PE mem has grown by 1185K. I assume it is because it is keeping up with my fw that likes to talk to itself all the time so the packet count is growing. Sorry -- I also checked one newsgroup with my newsreader during that time.

I tried maybe 10 different sites with the resolve utility -- 3 or 4 did not resolve. I will give you screen captures tomorrow -- by email.

Phil

Version 1.250 works fine now for me without adding the PE directory to the NOD32 excludes. Amon subdued!

I have noticed that when I run the mouse cursor over the top menus they go black & as you run the mouse across the blackened area the underlying menu name appears. Is this a "feature" or an artifact? :-\

{QUOTE-> quoting: Jooske link=board=7;threadid=5022;start=0#32823 date=1037782433]
Hope we understand each other well. I just grab this IP from my list this moment, telling me can't find host nor country and the whois only gives the arin net.
209.123.179.78 and no location on the map of course with this.
When i find USA based IPs, i never see the location in the map, AU and EU i think all time, other areas should need to look for again but not always either.
<-QUOTE}

That's the exact behavior I am seeing, Jooske. I have yet to see a US location show on the map and I had a couple EU that also did not. I am about to try a few more so I can get Jason some jpg's of the no host or country found.

Thanks for your post. At least now I know I'm not crazy or seeing things. ;D

Phil

In my humble opinion you are not or we would be both ;D
It would be "NOT seeing things"!
But yeah... windows basic tools...... hm, seems about every bit has been coded again with own new DCS technologies and those are all ok it seems.
Wonder about the blackening menu part; can't imagine all those people would have older versions of any of the required system files. Is this only in PE or also in other programs?
I notice for instance on win98 when i get really low in resources the icons themself blackening and the words in fat black bigger characters, but i guess here is another matter.

209.123.179.78 has no reverse DNS configured.

Please check resolve against other utilities, www.samspade.org would be the best.. when you have a non resolving IP that SamSpade can resolve, please let us know :)

The resolve locations are something we hope to work on, but it is a big deal to get everything resolving to the country. I don't think it is worth a huge effort personally, but we have to look at it more closely. User opinions are always a benefit to us, and we thank you all ;D

{QUOTE-> quoting: Gavin / DiamondCS link=board=7;threadid=5022;start=0#32839 date=1037805214]
The resolve locations are something we hope to work on, but it is a big deal to get everything resolving to the country. I don't think it is worth a huge effort personally, but we have to look at it more closely. User opinions are always a benefit to us, and we thank you all ;D
<-QUOTE}

I agree -- it's not worth the effort. That's what I TRIED to say up-thread. Don't get me wrong, it's *nice* to have the resolve util close at hand but it had NO bearing on why I purchased the app. The functions that peaked my interest are now working GREAT.

So, postpone working on resolve and get busy on something more useful -- like, say, process/socket logging. ;D

Phil

I have a suggestion for the next version.
You could build upon the trace function and make it more like VisualRoute, which can zoom in down to the city, and show all nodes between you and the target, and the whois info is available for each node as well. :)

I have another suggestion which is very urgent:
to make the download available at all at least for registered users, as i still can't get to it at all, so still was not able to update and have not the slightest idea if things have been solved in the meantime. So many tries and not available and now says doanload URL not available.
Frustrating at least, and my emails to portexplorer@diamondcs.com.au never get there while i even checked on internet blacklistings my email account is not blacklisted there.
So i can't get to the download nor reach for complaints about that the right mailbox.

{QUOTE-> quoting: Jooske link=board=7;threadid=5022;start=0#32912 date=1037836010]
I have another suggestion which is very urgent:
to make the download available at all at least for registered users, as i still can't get to it at all, so still was not able to update and have not the slightest idea if things have been solved in the meantime. So many tries and not available and now says doanload URL not available.
<-QUOTE}

Humm -- that is strange, Jooske, and would be *very* frustrating! I just went to the site to verify and had no problems getting to the dl page and starting the download. <shrug>

I feel certain you know, but I will mention anyway. The site requires both cookies and scripting enabled. Do you have anything running that might be disabling one of those? My first attempt at the dl was a little trying until I understood what was happening. I could log on fine but everytime I clicked the dl link, I would get kicked.

You might try an email direct to Wayne or Jason. They have been *very* quick to respond in my experience. It's a little after 8:00AM Perth time so they should have had their coffee by now. ;D

I hope you are able to get 1.250 soon because it is a certain improvement over previous releases.

Phil

Odd, I just downloaded it yesterday using link USA 2. No problems.

Hi Jooske,

Just tried the download and for me all works except USA Server 1, if that helps you any.

Jooske as Phil said as long as you have cookies enabled it should work. Unfortunately the ISP we are on seems to only have cookie sessions instead of URL redirection, no biggy put a pain for a few people like yourselves. I will be recoding some of the site today to allow for no cookies. Previously if cookies weren't enabled and you went to the download page it kicked you back to the login page, at which point you logged in again and were taken the main members area screen again, in a few hours it should take you to whatever page you had clicked on instead...

Phil we/I do appreciate early feedback I was just making sure you understand there isn't any memory leaks in Port Explorer :) . "Mem creep" as you said it can be caused by numerous things but you will find a non mem leaking app will only "creep" a little depending on whats happening. Memory usage goes up and down with the DLL's a program uses/free's and when certain API calls are called, etc. Sometimes depending on windows it doesn't immediately free memory incase it needs to be used again later on.

Its hard to explain but think of an application like a big empty house with all the lights turned off. As you enter some rooms (use the application) you turn on the lights (allocate memory) and when you leave the room it would make sense to turn off the light (free the memory), unless you were going to go back in there soon after. I guess thats sort of how windows works if you don't mind the bad anecdote ;)
-Jason-

Hi again Jooske,

After rereading a couple of these posts about the cookies, etc..., I assume you must be talking about a different download page(registered owner), and I was referring to the page to download the trial, so please disregard my post. Sorry.

{QUOTE-> quoting: Jason / DiamondCS link=board=7;threadid=5022;start=15#32936 date=1037847670]
Phil we/I do appreciate early feedback I was just making sure you understand there isn't any memory leaks in Port Explorer :) . "Mem creep" as you said it can be caused by numerous things but you will find a non mem leaking app will only "creep" a little depending on whats happening. Memory usage goes up and down with the DLL's a program uses/free's and when certain API calls are called, etc. Sometimes depending on windows it doesn't immediately free memory incase it needs to be used again later on.

Its hard to explain but think of an application like a big empty house with all the lights turned off. As you enter some rooms (use the application) you turn on the lights (allocate memory) and when you leave the room it would make sense to turn off the light (free the memory), unless you were going to go back in there soon after. I guess thats sort of how windows works if you don't mind the bad anecdote ;)
<-QUOTE}

Jason,

Thanks for the elementary tutorial but it was not necessary because I understand how RAM is allocated -- not at your level but far beyond 1st grade. Let's just say I will choose to accept your reasoning and not believe my lying eyes. ;D Trust me, it is NOT a big deal as I have tried, apparently unsuccessfully, to explain. Port Explorer is a SUPER little app and is performing FAR better than any app this new should. You have every reason to be proud and *no* reason to be defensive. What say let's drop this and move on to a more productive subject -- like, for instance, logging. 8)

Thank you for the great support!
Phil

I am thinking the logging feature will need a new utility that reads the data that Port Explorer logs, instead of just plain logging to a text file. The reason for this is the amount of information a socket goes through between its start and demise is massive. So one socket could easily add up to 1000 lines in a text file. I was thinking some sort of socket history logging utility that displayed the information, but the idea still needs to be worked on a lot. What do you think?
-Jason-

Yeah, all that data would pose a problem. Perhaps you could just add some extra options into the port explorer to restrict the size of the log file, or even have different log files for each process or something.
Packet logs in firewalls easily get to be a few Mb pretty quickly. Port explorer should have logs as big, but it still has a lot of data to deal with. You could have controls on how much data the logs can hold for each process, for how much any one socket can log, etc. And be able to set the maximum log file size(s) as well.

Oops, I meant "shouldn't have logs as big..."
Sorry about the double post, but I can't edit it.

{QUOTE-> quoting: Jason / DiamondCS link=board=7;threadid=5022;start=15#32953 date=1037853016]
I am thinking the logging feature will need a new utility that reads the data that Port Explorer logs, instead of just plain logging to a text file. The reason for this is the amount of information a socket goes through between its start and demise is massive. So one socket could easily add up to 1000 lines in a text file. I was thinking some sort of socket history logging utility that displayed the information, but the idea still needs to be worked on a lot. What do you think?
<-QUOTE}

Thanks for asking! You're the man with the plan as far as how the 0s and 1s go together and the interaction with system. I don't have a *clue* along those lines so my thoughts may be REAL stupid. I don't know if API calls could be used to build a relatively simple utility that could be expanded as needs or wants dictated.

What I'm thinking is *basic* logging to process level and not all the sockets a process may use. That make any sense? I'm thinking of the most basic info, but also the most important, to start with. Say, Date/Time -- Process -- Remote IP. As it is, we know *nothing* about the little things that fire up, send/receive a few packets, then shut down. Having the most basic info would give clue something is going on so you could investigate and set up to sniff. If it was a dll making the call, there are other utils that could be brought into play to track down the exe responsible. By keeping the info at the most basic level to start would help keep the log size manageable. The basic log in my mind would be a starting point for discovery, not the end-all solution. If other info could be added without complicating the process, that would be great but not essential. Things like packets sent/received, ports used (would be interesting if constant), time open, etc. I think if you tried to log all socket info, the results would prove MASSIVE and the normal user would not care to wade that river. Too many crocs. ;D

Does any of the above sound feasible or am I walking around in a fog?

Phil

You both provide some good ideas, I will think about it for a while before deciding which way to go. I may have to work on other projects and Port Explorer updates may need to be worked on in the spare time :)
-Jason-

Jooske, The blackening meus only appear in PE. My PC has a very high spec - no resource problems. Maybe Jason or Gavin can throw some light on it ;D

Yes, SnapDragon opened this thread about it too.
http://www.wilderssecurity.com/showthread.php?t=4935
If it was one person one could think of some versions of required files, but with more people.......
Must be some Bill Gates built-in tric for envy he did not build this gem in his products somewhere.

I thought of logging all in the main GUI at wish of the operator, and able to toggle on/off; now you're mentioning more options and configuration to change the spot on details. And all that in one tool or a separate additional tool to log and analyse or display the logs at wish (compare f.e. the za/zapro log analysers).
Had no idea about the consequentions with the amount of data going through.
Would separate connection logs from the socket spy data logs at least!

I think I MIGHT have found the blackening bug :) . I still havnt been able to reproduce it, but it seems to only happen on XP machines who have themes other then "Classic Windows" enabled. Very odd but v1.300 has a possible fix for it :). Don't you love that word.. possible ;)
-Jason-

{QUOTE-> quoting: Jason / DiamondCS link=board=7;threadid=5022;start=15#33098 date=1037936651]
Very odd but v1.300 has a possible fix for it
<-QUOTE}

What's this? Version 1.300? Reminds me of my single days. Spend only a day or two somewhere and already looking to move on down the road. ;D

Good news on the "possible". I am using Win standard on my XP so have not experienced the problem.

Phil

version 1.300? wow!

Hi Jason - i am still experiencing the blackening of the menu bar with ver 1.200....(no other problems that i can see though)....and i was wondering the same thing as you just mentioned....could it be the themes in XP?

i noticed that the "blackening" of the menu bar would happen even if i had PE up on the screen but the "window" of it not active....and when i just moved my mouse pointer over the menu without even clicking on the actual GUI...the words blacked out.

i wasn't using the Classic Start Menu option....i was using the first one listed there......also, i was using the shadow on the mouse. hummm.....

i will put the Start Menu to "Classic" and remove the mouse's shadow effect and let you know if it happens again....it might be as simple as that. (but i like the mouse's shadow) LOL!

thank you for all your hard work!

snap

Well, that was a short test----it didn't work. Even with using the Classic View for the Start Menu and removing the mouse pointer's shadow effect...i still get the menu bar in PE blackening out......sorry, that didn't help you very much.

snap

{QUOTE-> quoting: snapdragin link=board=7;threadid=5022;start=30#33107 date=1037946173]
version 1.300? wow!

Hi Jason - i am still experiencing the blackening of the menu bar with ver 1.200
<-QUOTE}

Ahem -- erm, hey Snap. Have you noticed there is a version 1.250? It is a *nice* improvement over 1.200 with a few issues resolved. Of course, you may want to wait on 1.300 now. :)

Phil

Snap did you try 1.250 ? That had a few fixes for the menu in it, but the last thing that could possibly cause the blackening was fixed and will be in 1.300 . I've been updating the web page stuff today for the members areas with more information on upgrading over previous installations. Don't know when it will be publicly available though... the new members area that is :)
-Jason-

;D Cheers Jason, I have XP Pro with a standard XP wallpaper with the silver toolbars (windows xp modified) i.e. not "classic" . Not a real problem anyway

{QUOTE-> quoting: Phil link=board=7;threadid=5022;start=30#33112 date=1037949278]
Ahem -- erm, hey Snap. Have you noticed there is a version 1.250?....
<-QUOTE}

Sure, Phil! MAKE me put my glasses on!! LOL! (i had to re-check though, i couldn't remember)

yes....it was ver. 1.250 i meant......now i am wondering if there really was a 1.200 and i had missed that one altogether?

*keeping sharp eyes out for ver. 1.300!*

thank you!

snap

{QUOTE-> quoting: snapdragin link=board=7;threadid=5022;start=30#33184 date=1038003699]
{QUOTE-> quoting: Phil link=board=7;threadid=5022;start=30#33112 date=1037949278]
Ahem -- erm, hey Snap. Have you noticed there is a version 1.250?....
<-QUOTE}

Sure, Phil! MAKE me put my glasses on!! LOL! (i had to re-check though, i couldn't remember)
<-QUOTE}

(hint) Having a system with high screen res capabilities is a GOOD thing. Then you can say, "why, no - my eyes are perfect, I just had my screen res up too high". ;D

{QUOTE->
yes....it was ver. 1.250 i meant......now i am wondering if there really was a 1.200 and i had missed that one altogether?

thank you!
<-QUOTE}

Yep, there was a 1.200 but just for a brief period -- and you are very welcome. :)

Phil