Port Explorer v1.250 ready for download!

Discussion in 'Port Explorer' started by Wayne - DiamondCS, Nov 20, 2002.

Thread Status:
Not open for further replies.
  1. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    http://www.diamondcs.com.au/portexplorer/

    Main improvements ...
    - Fixed issue with Nod32's resident scanner - shouldn't be any issues with Nod32 anymore after this build
    - Fixed crash in Socket Spy when viewing corrupted data
    - Increased the Socket Spy packet decoding speed
    - Fixed the Resolve dialog not working after entering a blank input
    - Fixed right-click on the menu bar causing highlight to stay, and hopefully fixed the black menu bar problem also
    - Fixed socket count
    - Fixed an issue where sometimes on NT/2K machines, if a port-process map lagged behind the display it would be shown incorrectly
    - Fixed possible problem with Large Icons enabled
    - Fixed 'Terminate Process' button on 'What is ?.exe' - it was set to default, not anymore
    - Fixed bug in full version relating to the new 'What is' dialog
    - Other minor bug fixes

    This build is the most rock-solid, stable build we've yet released, and there's also a couple of additions to the helpfile:
    Intro for Beginners
    Tips & Tricks

    We hope you enjoy the new release!
     
  2. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Already installed and running! :D

    Indeed, the issue with NOD32 AMON constantly scanning the three files in question is FIXED as is the socket count. A quick glance also suggests some other minor issues I noticed are gone as well so I can cross them off the list. :cool:

    GREAT JOB, GUYS!! (and *quick*, too)

    Now I'm off to give this puppy a REAL test drive. Comments to follow.

    Phil
     
  3. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Well, so far, it just *works* -- plain and simple. Most all the issues I noticed in ver 1.200 are gone and the couple that remain are *so* minor I won't even bother mentioning them at this point. I will do more thorough testing over the next couple of days but it doesn't look like I will find much, if anything, buggy. Nice peice of work.

    Hey -- how do you guys expect me to be happy if I don't have something to complain about? :D :D

    Phil
     
  4. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    > the couple that remain are *so* minor I won't even bother mentioning them at this point.
    No, please do! :)
     
  5. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Ok, but remember I said they are MINOR.

    There is a small amount of mem creep, but it is much less than before with ver 1.200 -- probably less than half per time period. Given time, I will give you numbers. This is NO problem, though, because you can easily knock it back down with the reduce function. The reason this is minor is because the mem usage is so low anyway.

    The second is with the resolve utility. It seems to have problems finding many sites and the "country highlight" seldom works. That's just eye candy anyway so no big deal. Again, with a little more time, I will give you better info and detail.

    See -- baby stuff. :)

    Phil
     
  6. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Port Explorer has been extensively tested for memory leaks, using not only 3rd party tools, but I think smart coding :cool: . Everytime a new socket gets created it uses around 1-4KB of memory. I don't know if you are accustomed to "memory heaps" but basically Port Explorer's grows and very rarely shrinks to suit the amount of sockets you have. The reason I keep memory allocated if say you have 500 sockets at one stage then go back down to 100 is due to performance issues and fragmentation of memory. Since memory usage is so low I thought it would be better to optimize the usage for speed then total memory used given an amount of sockets. As it is now Port Explorer can be ran very well on large enterprise servers as well as normal Desktop PC's .

    Again there is no "memory leakage", all memory allocated is deallocated correctly 100% of the time. But if it one stage you get 500 sockets on your system then Port Explorer will allocate enough memory for those 500 and keep it there until you get more sockets or close the app. Again 500 sockets only means around 0.5MB-2MB of ram, very little, considering you would need to have some sort of server to get around 500 sockets at once.

    As with the resolving issue... some beta testers reported problems with it not finding ALL sites, but I havn't found it not be able to find a site yet, and since it uses windows standard resolving functions I can't see why it wouldn't find a site unless there was some network error. Would you mind sending a screen capture of a site that you tried to resolve but couldn't.
    -Jason-
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hope we understand each other well. I just grab this IP from my list this moment, telling me can't find host nor country and the whois only gives the arin net.
    209.123.179.78 and no location on the map of course with this.
    When i find USA based IPs, i never see the location in the map, AU and EU i think all time, other areas should need to look for again but not always either.
     
  8. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    The NEXT time I will use my better judgement and NOT answer the "aw, do it now" question. I did say it was not worth mentioning and would *prefer* to have the time with 1.250 to give hard numbers. Just an hour or so is not enough time.

    In the past 90 minutes sitting here on this site with no new sockets opened, PE mem has grown by 1185K. I assume it is because it is keeping up with my fw that likes to talk to itself all the time so the packet count is growing. Sorry -- I also checked one newsgroup with my newsreader during that time.

    I tried maybe 10 different sites with the resolve utility -- 3 or 4 did not resolve. I will give you screen captures tomorrow -- by email.

    Phil
     
  9. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Version 1.250 works fine now for me without adding the PE directory to the NOD32 excludes. Amon subdued!

    I have noticed that when I run the mouse cursor over the top menus they go black & as you run the mouse across the blackened area the underlying menu name appears. Is this a "feature" or an artifact? :doubt:
     
  10. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    That's the exact behavior I am seeing, Jooske. I have yet to see a US location show on the map and I had a couple EU that also did not. I am about to try a few more so I can get Jason some jpg's of the no host or country found.

    Thanks for your post. At least now I know I'm not crazy or seeing things. :D

    Phil
     
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    In my humble opinion you are not or we would be both :D
    It would be "NOT seeing things"!
    But yeah... windows basic tools...... hm, seems about every bit has been coded again with own new DCS technologies and those are all ok it seems.
    Wonder about the blackening menu part; can't imagine all those people would have older versions of any of the required system files. Is this only in PE or also in other programs?
    I notice for instance on win98 when i get really low in resources the icons themself blackening and the words in fat black bigger characters, but i guess here is another matter.
     
  12. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    209.123.179.78 has no reverse DNS configured.

    Please check resolve against other utilities, www.samspade.org would be the best.. when you have a non resolving IP that SamSpade can resolve, please let us know :)

    The resolve locations are something we hope to work on, but it is a big deal to get everything resolving to the country. I don't think it is worth a huge effort personally, but we have to look at it more closely. User opinions are always a benefit to us, and we thank you all :D
     
  13. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    I agree -- it's not worth the effort. That's what I TRIED to say up-thread. Don't get me wrong, it's *nice* to have the resolve util close at hand but it had NO bearing on why I purchased the app. The functions that peaked my interest are now working GREAT.

    So, postpone working on resolve and get busy on something more useful -- like, say, process/socket logging. :D

    Phil
     
  14. Paragon

    Paragon Guest

    I have a suggestion for the next version.
    You could build upon the trace function and make it more like VisualRoute, which can zoom in down to the city, and show all nodes between you and the target, and the whois info is available for each node as well. :)
     
  15. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I have another suggestion which is very urgent:
    to make the download available at all at least for registered users, as i still can't get to it at all, so still was not able to update and have not the slightest idea if things have been solved in the meantime. So many tries and not available and now says doanload URL not available.
    Frustrating at least, and my emails to portexplorer@diamondcs.com.au never get there while i even checked on internet blacklistings my email account is not blacklisted there.
    So i can't get to the download nor reach for complaints about that the right mailbox.
     
  16. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Humm -- that is strange, Jooske, and would be *very* frustrating! I just went to the site to verify and had no problems getting to the dl page and starting the download. <shrug>

    I feel certain you know, but I will mention anyway. The site requires both cookies and scripting enabled. Do you have anything running that might be disabling one of those? My first attempt at the dl was a little trying until I understood what was happening. I could log on fine but everytime I clicked the dl link, I would get kicked.

    You might try an email direct to Wayne or Jason. They have been *very* quick to respond in my experience. It's a little after 8:00AM Perth time so they should have had their coffee by now. :D

    I hope you are able to get 1.250 soon because it is a certain improvement over previous releases.

    Phil
     
  17. Paragon

    Paragon Guest

    Odd, I just downloaded it yesterday using link USA 2. No problems.
     
  18. Vietnam Vet

    Vietnam Vet Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    306
    Hi Jooske,

    Just tried the download and for me all works except USA Server 1, if that helps you any.
     
  19. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Jooske as Phil said as long as you have cookies enabled it should work. Unfortunately the ISP we are on seems to only have cookie sessions instead of URL redirection, no biggy put a pain for a few people like yourselves. I will be recoding some of the site today to allow for no cookies. Previously if cookies weren't enabled and you went to the download page it kicked you back to the login page, at which point you logged in again and were taken the main members area screen again, in a few hours it should take you to whatever page you had clicked on instead...

    Phil we/I do appreciate early feedback I was just making sure you understand there isn't any memory leaks in Port Explorer :) . "Mem creep" as you said it can be caused by numerous things but you will find a non mem leaking app will only "creep" a little depending on whats happening. Memory usage goes up and down with the DLL's a program uses/free's and when certain API calls are called, etc. Sometimes depending on windows it doesn't immediately free memory incase it needs to be used again later on.

    Its hard to explain but think of an application like a big empty house with all the lights turned off. As you enter some rooms (use the application) you turn on the lights (allocate memory) and when you leave the room it would make sense to turn off the light (free the memory), unless you were going to go back in there soon after. I guess thats sort of how windows works if you don't mind the bad anecdote ;)
    -Jason-
     
  20. Vietnam Vet

    Vietnam Vet Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    306
    Hi again Jooske,

    After rereading a couple of these posts about the cookies, etc..., I assume you must be talking about a different download page(registered owner), and I was referring to the page to download the trial, so please disregard my post. Sorry.
     
  21. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Jason,

    Thanks for the elementary tutorial but it was not necessary because I understand how RAM is allocated -- not at your level but far beyond 1st grade. Let's just say I will choose to accept your reasoning and not believe my lying eyes. :D Trust me, it is NOT a big deal as I have tried, apparently unsuccessfully, to explain. Port Explorer is a SUPER little app and is performing FAR better than any app this new should. You have every reason to be proud and *no* reason to be defensive. What say let's drop this and move on to a more productive subject -- like, for instance, logging. :cool:

    Thank you for the great support!
    Phil
     
  22. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    I am thinking the logging feature will need a new utility that reads the data that Port Explorer logs, instead of just plain logging to a text file. The reason for this is the amount of information a socket goes through between its start and demise is massive. So one socket could easily add up to 1000 lines in a text file. I was thinking some sort of socket history logging utility that displayed the information, but the idea still needs to be worked on a lot. What do you think?
    -Jason-
     
  23. Paragon

    Paragon Guest

    Yeah, all that data would pose a problem. Perhaps you could just add some extra options into the port explorer to restrict the size of the log file, or even have different log files for each process or something.
    Packet logs in firewalls easily get to be a few Mb pretty quickly. Port explorer should have logs as big, but it still has a lot of data to deal with. You could have controls on how much data the logs can hold for each process, for how much any one socket can log, etc. And be able to set the maximum log file size(s) as well.
     
  24. Paragon

    Paragon Guest

    Oops, I meant "shouldn't have logs as big..."
    Sorry about the double post, but I can't edit it.
     
  25. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Thanks for asking! You're the man with the plan as far as how the 0s and 1s go together and the interaction with system. I don't have a *clue* along those lines so my thoughts may be REAL stupid. I don't know if API calls could be used to build a relatively simple utility that could be expanded as needs or wants dictated.

    What I'm thinking is *basic* logging to process level and not all the sockets a process may use. That make any sense? I'm thinking of the most basic info, but also the most important, to start with. Say, Date/Time -- Process -- Remote IP. As it is, we know *nothing* about the little things that fire up, send/receive a few packets, then shut down. Having the most basic info would give clue something is going on so you could investigate and set up to sniff. If it was a dll making the call, there are other utils that could be brought into play to track down the exe responsible. By keeping the info at the most basic level to start would help keep the log size manageable. The basic log in my mind would be a starting point for discovery, not the end-all solution. If other info could be added without complicating the process, that would be great but not essential. Things like packets sent/received, ports used (would be interesting if constant), time open, etc. I think if you tried to log all socket info, the results would prove MASSIVE and the normal user would not care to wade that river. Too many crocs. :D

    Does any of the above sound feasible or am I walking around in a fog?

    Phil
     
Thread Status:
Not open for further replies.