Advanced Administrative Tools Software Manual

Reference Guide
Advanced Administrative Tools
Copyright 1999-2003 G-Lock Software. All rights reserved. AATools is a trademark of G-Lock Software.
Contents
1. INTRODUCTION
AATools Overview .......................................................................................................................... 5 Global Settings .............................................................................................................................. 7
2. PORT SCANNER
Port Scanner Overview................................................................................................................... 8 Port Scanner Settings................................................................................................................... 10 General Settings ................................................................................................................... 10 Socks Proxy Settings............................................................................................................. 10 Colo r Theme ......................................................................................................................... 11 Port Scanner Main Window........................................................................................................... 12 Working with Port Scanner........................................................................................................... 14 Working with Profile ..................................................................................................................... 15 Working with Policies ................................................................................................................... 16 Working with Port Sets................................................................................................................. 17 How to Specify Tasks for Scanning ............................................................................................... 18
3. PROXY ANALYZER
Proxy Basics ................................................................................................................................ 19 Proxy Analyzer Overview.............................................................................................................. 21 Proxy Analyzer Settings ............................................................................................................... 22 General Settings ................................................................................................................... 22 Startup Settings.................................................................................................................... 23 Socks Analyzer Settings ........................................................................................................ 23 FTP ....................................................................................................................................... 24 Proxy Rating Settings ............................................................................................................ 25 Color Theme ......................................................................................................................... 25 Environment Variable Scripts ....................................................................................................... 26 Proxy Analyzer Main Window........................................................................................................ 27 Working with Proxy Analyzer........................................................................................................ 28 Working With Exclusion List.......................................................................................................... 30 Working with Profile ..................................................................................................................... 30 Saving HTTP Proxy....................................................................................................................... 31 Saving Socks Proxy...................................................................................................................... 32
4. RBL LOCATOR
RBL Locator Overview .................................................................................................................. 33 RBL Locator Settings.................................................................................................................... 34 General Settings ................................................................................................................... 34 Spam Databases................................................................................................................... 34
2 Copyright 1999-2003 G-Lock Software. All rights reserved. AATools is a trademark of G-Lock Software.
Color Theme ......................................................................................................................... 34 RBL Locator Main Window ............................................................................................................ 35 Working with RBL Locator............................................................................................................ 36 Saving Results............................................................................................................................. 37 Spam Glossary............................................................................................................................. 38
5. TRACEROUTE/PING
TraceRoute/Ping Overview ........................................................................................................... 43 TraceRoute Settings..................................................................................................................... 44 Color Theme ......................................................................................................................... 44 TraceRoute/Ping Main Window...................................................................................................... 44 Working with TraceRoute/Ping...................................................................................................... 45
6. E-MAIL VERIFIER
E-mail Verifier Overview............................................................................................................... 46 E-mail Verifier Settings ................................................................................................................ 47 General Settings ................................................................................................................... 47 Socks Proxy Settings............................................................................................................. 48 Color Theme ......................................................................................................................... 48 E-mail Verifier Main Window......................................................................................................... 49 Working with E-mail Verifier......................................................................................................... 50 Working with Profile ..................................................................................................................... 51
7. LINKS ANALYZER
Links Analyzer Overview .............................................................................................................. 52 Links Analyzer Settings ................................................................................................................ 53 General Settings ................................................................................................................... 53 Color Theme ......................................................................................................................... 53 Links Analyzer Main Window......................................................................................................... 54 Working with Links Analyzer......................................................................................................... 55
8. WHOIS
Whois Overview ........................................................................................................................... 57 Whois Settings............................................................................................................................. 58 General Settings ................................................................................................................... 58 Socks Proxy Settings............................................................................................................. 59 Whois Main Window ..................................................................................................................... 59 Working with Whois ..................................................................................................................... 60
9. NETWORK MONITOR
Network Monitor Overview ........................................................................................................... 62 Network Monitor Settings............................................................................................................. 62 General Settings ................................................................................................................... 62 Color Theme ......................................................................................................................... 62 Connections ................................................................................................................................. 63 Statistics...................................................................................................................................... 65 IP Address Table .......................................................................................................................... 70
IP Routing Table .......................................................................................................................... 70 Adapter/IF Info ............................................................................................................................ 73 ARP Table .................................................................................................................................... 75
10. PROCESS MONITOR

Working with Process Monitor....................................................................................................... 77 Process Monitor Settings .............................................................................................................. 79
11. SYSTEM INFO ...................................................................................................... 80
12. RESOURCE VIEWER ............................................................................................. 81 13. REGISTRY CLEANER

Registry Cleaner Overview ........................................................................................................... 82 Working with Registry Cleaner...................................................................................................... 83
1. Introduction
Overview
To secure Internet-connected network, firewalls are the necessary component in your arsenal of tools. However, firewalls alone are no longer sufficient protection, because they are static devices that enforce a particular rule set. This setup means that intruders can use valid, legal packets to formulate an attack on your network and compromise your security. You have to use additional tools for complete protection, especially for Windows NT/2000 and the TCP/IP protocol. To spot potential problems before intruders exploit them from inside or outside of your network, you can implement several security tools, such as port scanner, vulnerability tests, and network analyzers. Advanced Administrative Tools (AATools) include 12 different state-of-the-art tools for assessment optimizing, managing, and safeguarding of your networks and computers in one program. Advanced Administrative Tools is a multithreaded network and system explorer. It's a 12-in-1 utility, including Port Scanner, Proxy Analyzer, RBL Locator, TraceRoute, E-mail Verifier, Links Analyzer, Network Monitor, Process Monitor, Whois, System Info, Resource Viewer and Registry Cleaner. Its purpose is to accumulate data pertaining to network status and availability, using all of the latest development tools in network research. AATools is security toolset that finds holes before intruders attack. AATools should be a part of your security toolkit and you should employ them regularly. Port Scanner analyzes hosts and different services that have been started on them. Its comprehensive scanning engine gathers all the information about the services, threads, etc. AATools Port S canner accurately determines the mapping of the active services using both TCP and UDP port interrogations. Proxy Analyzer tests lists of proxies and/or verifies a list of addresses on present proxy servers. It provides the most detailed information obtainable about the proxy itself, including, its headers, locations etc. It is a fully loaded tool for managing proxy lists (with anonymous proxy rating). RBL Locator is a special tool, designed to quickly search for an IP address in DNS-Based spam databases. RBL Locator checks a given IP address against the most known blacklists. TraceRoute shows you the path of a packet sent from your machine to another machine on the network as it hops from router to router. It will show you the IP address (and usually the actual name) of each router, line-by-line. During this process, TraceRoute refers to your DNS server and reports the DNS address and the IP address of each node it encounters along the way. E-mail Verifier verifies every email address from your mailing list. Whois is a useful network utility that allows you to get all the available information about an IP address or a host name. Unlike standard Whois utilities, AATools Whois can find the information about a computer located in any part of the world, intelligently querying the right database and delivering all the related records within a few seconds. If a user is not satisfied with the results found in database he can have the program query a specific user-defined whois-server. Network Monitor is an intrusion detection/audit tool that reports all open local TCP/IP and UDP ports, display the services that are active on the ports, and maps the ports to their respective applications (for Windows NT/2000/XP only), provides useful information about network interfaces.
Copyright 1999-2003 G-Lock Software. All rights reserved. AATools is a trademark of G-Lock Software. 5
Links Analyzer is a new state-of-art utility that will scan all your saved links from your IE Favorites folder or any other folder in your HDD and notify you when every link is being changed or becomes invalid. It allows the scanning of your entire system and finds all URL files. It also checks dynamic HTML pages, URLs with CGI and may move the bad ones to the IE Favorites folder that you should specify in the appropriate dialog window. Process Monitor shows you any process running on your PC. So, you can manually stop any suspicious activity. Very useful to get rid of Trojans that were placed in your system, etc. System Info provides extremely large amount of supplementary information about your local PC: processor, memory, WinSock data, etc. Resource Viewer is intended for viewing resources of executable files (with the extension .exe and .dll). It displays comprehensive information about program resources including dialogs, icons, strings and more. Resource Viewer can also be used to save resources of any selected modules on your hard disk. Registry Cleaner is designed to clean up unnecessary registry entries in your registry. Using AATools Registry Cleaner increases your computer performance, speeds up the loading of operation system and reduces the number of failures. CPU Usage monitor provides information about CPU usage of all system processes.
Global Settings
Primary DNS: The primary DNS-server can be preset either as a domain name or IP-address. The access times to DNS-servers used by the program by default, takes 2 seconds. You can reduce this time to 0.5 -3 second, using the DNS servers of your ISP. You can also determine the DNS-servers by yourself with IPCONFIG utility using the key /ALL (Windows NT), or WINIPCFG utility (Windows 95/98). These utilities are included with the OS. Secondary DNS: Additional DNS server may not be specified. It may be preset either as a domain name or IP-address too. It is used in the case only if the first DNS-server does not answer to queries. For example, to configure the DNS on Windows 95/98 system, perform the following steps: 1. Make sure you are connected to the Internet. 2. Click the Start button and choose Run option. 3. On the Run dialog box, type WINIPCFG and click OK. 4. At the WINIPCFG window, click More. 5. Look through the information of DNS Server. 6. Open E- mail Verifier and fill in the Primary DNS edit box with the address of the defined DNS Server. 7. Click OK to save the new configuration. User Agent for All HTTP connections: Some web sites allow only certain browser(s) to get web pages from their site. By using this option, you're telling AATools to imitate IE, Netscape Navigator, etc. in a HTTP request. A few common user agents (Netscape Navigator, Microsoft Internet Explo rer) are included in the list, along with some rare ones. Enable CPU usage monitor - allows you to switch on/off CPU Usage indicator. Show wallpaper - allows you to enable/disable program wallpaper. Use color tooltips - allows you to enable/disable color tooltips. To take this option into effect, you should restart AATools. Autosave profile every XX minutes allows you to automatically save profiles from Port Scanner, Proxy Analyzer, Email Verifier, Links Analyzer every XX minutes.
2. Port Scanner
Port Scanner Overview
Port scanners are vital pieces of any network security toolkit, and the range of such utilities is quite extensive for all major platforms. In all cases good research and understanding of the underlying technology is essential to get the most use from the software. Hackers are possibly already pointing such programs at your network, so it makes sense that you do the same before they do. But it is also important to note that these powerful programs can easily be misused, either accidentally or with malicious intent. AATools Security Port Scanner analyzes hosts and the different services that have been started on them. Its comprehensive scanning engine gathers all the information about the services, threads etc. Port Scanner accurately determines active ports (services) on the appropriate host using both TCP and UDP port interrogations. This information is rather critical for developing and/or the verifying of the security policies. TCP and UDP use p ort numbers to identify higher-layer services. Systems administrators use port scanners to determine what TCP/UDP services are available on a server. A cardinal rule of server security is to disable any service that the system isn't using because any open TCP/UDP service offers intruders a possible entry into the system. Thus, you can use a port scanner to ensure that only the desired TCP/UDP services are running. Port numbers 0 through 1023 are well-known ports that systems administrators usually use for only system processes or for programs that privileged users are running. If attackers exploit a well-known port, they can potentially gain control of a server. In an effort to compromise a network, attackers use several generic schemes to scan ports. The following examples focus on TCP and UDP scanning: TCP connect() scanning is the most basic form of TCP scanning. An attacker's host issues a connect system call to every interesting port on the target machine. If the port is listening, connect() will succeed; otherwise, the port is unreachable and the service is unavailable. This attack scheme is fast and doesn't require any special privileges; however, port scanner can easily detect and block this attack at the target system. UDP Internet Control Message Protocol (ICMP) port unreachable scanning is one of the few UDP scans. UDP is a connectionless protocol, so it's harder to scan than TCP because UDP ports aren't required to respond to probes. Most implementations generate an ICMP port unreachable error when a user (or intruder) sends a packet to a closed UDP port. Thus, this lack of response indicates an active port. Unfortunately, UDP port scanning is not as reliable as TCP port scanning. If there is a firewall between you and the Internet that blocks UDP traffic by simply dropping the packet, and sends no response, our port scan will detect this as an indication of an open port. AATools Port Scanner will return which TCP or UDP ports are listening. You should check these ports to see if they are running services that you have approved. If they are undocumented services, or services you do not wish to run, we suggest that you disable them. Many operating systems are shipped with a large number of services that are not required for normal operation. In some cases these services may contain known or unknown security problems. It is recommended that any services that are not required be disabled.
Network security is not a task that can ever be closed off and deemed as having been completed. Even if a comprehensive port scan shows that your system is properly configured today, it may not remain so for a long time. Port scanning needs to be a regular maintenance task as soon as new devices are added to the network. Closing off ports, and securing those that remain, is not enough to deter the most determined hacker, but it may be enough to deter the less determined opportunist. As in other areas of security, there should be no room for complacency. In addition, AATools Port Scanner has the following features: Supports a wide range of addresses Supports scanning from a list of ports Resolves host names into IP addresses Searches for host name in DNS before scanning Provides adding/removing and selecting ports from a list Scans for ports that is/may be used by Trojan/backdoor programs Scans a list of host names located in a text file
Port Scanner Settings

General Settings
Ask confirmation to save the profile when closing the port scanner When this option is checked, you will have to confirm either to save or not the made changes when closing the port scanner. If you don't want the program ask you the confirmation to save the changed profile, uncheck this option. Ask confirmation to delete items from the Results window When this option is checked, you will have to confirm deleting of selected items from the Results window. If you don't want the program ask you the confirmation to delete the selected items from the Results window, uncheck this option. Send to Proxy Analyzer items only with ports from "Proxy Ports" Port Set When this option is checked, the program will send to the Proxy Analyzer scanned hosts that contain ports only from the "Proxy Ports" Port Set. Otherwise, the program will send to Proxy Analyzer all selected hosts with any ports. Note: this option is applied only to selected items.
Socks Proxy Settings

Proxy server is a special program that allows LAN users to work with Internet (when only one machine has the "real" IP address). Please contact your network administrator if you're not sure how you're connected, and how to set appropriate options here. Popular programs such as ICQ work in LAN using Socks5 protocol. You must indicate to the proxy-server a domain in the SMTP settings if you use a proxy-server. Use Socks proxy server - check this box if you would like to use the socks proxy server. Specify your Socks Proxy Server - check the appropriate box to specify your socks proxy server. The program supports SOCKS 4, 4A and 5 Proxy server. Address: A proxy-server address. proxyserver.isp.com, 127.0.0.1. It may be either domain or IP-address. Examples:
Port: Usually, it is 1080. Don't confuse Socks proxy with http and ftp proxies, which are on 3128 (8080) and 3121 ports by default. AATools Port Scanner doesn't work through http or ftp proxies. Note: You can use a socks proxy server only if you perform TCP scanning. Use authentication (RFC 1929) The server requires authentication, i.e. requires user login and password. In most Socks5 realizations, the login and password are transferred as a plain text, as described in RFC 1929 document. Login: The name (login) of Socks proxy server user. Password: The password for Socks proxy server user.
Color Theme
The color theme option allows a user to customize the color and appearance of the Port Scanner interface. The following abilities are available when Enable Color Theme option is checked: two-color theme and multi-color theme. You can customize the color of the Port Scanner Interface as you like as well as enable or disable grid in the Result window.
11
Port Scanner Main Window

Toolbar New Profile - creates a new profile. See Working with Profile section. Load Profile - allows you to load the saved profile. Save Profile - allows you to save a profile. You can save a profile only when the scanning process is stopped or paused. Start Scanning - allows you to start/continue scanning a list of target hosts or a manually specified host. Attention! Scanning is available only if the target hosts are entered in Hosts to Scan window. Pause - allows you to hold up the scanning process. You can save your profile when the scanning process is paused and then re-load it to continue scanning. To continue scanning, click Start Scanning button. The scanning will be continued from that point where it was interrupted. Stop - allows you to stop the scanning process. Pay attention that the Port Scanner needs a few time (specified in the 'Connect Timeout' box) to terminate active threads. Port Setup - allows you to determine port information, create/modify port sets. See Working with Port Sets section. Settings - shows you Settings dialog. Show/Hide control panel Clear - clears the Results window. When you click the black down arrow near the Clear button, you will see the drop down menu with the following options: (Clear) Selected Item(s), Not Responded Host Items, ICMP Protocol Items, TCP Protocol Items, UDP Protocol Items, All Items. Save [Host IP:Port]- saves the results to disk. You can select the following options: All Items, Everything, Trojan, NFS, Proxy Ports, HSF. Everything, Trojan, NFS, Proxy Ports, HSF are your port sets. So if you select, for example, the 'Save [Host IP:Port]->Trojan' option, the program will save the scanning results containing ports from the Trojan port set. Report - allows you to save scanning results to Paradox, DBase, Text (.CSV), HTML, Excel, SYLK, DIF, Lotus 1-2-3, QuattroPro, MS Access database files as well as MS Windows clipboard. Host Name/IP Enter a host name or IP in the Host Name/IP Lookup box and click the Lookup button. If the host name/IP can be resolved, Start and Stop IP boxes in the Host Name/IP section will contain the resolved IP address or [255.255.255.255] if the IP address is not found. In the Start and Stop boxes, change the third and the fourth sections of the IP addresses with the appropriate Up and Down buttons. Use 1..255 button to determine the whole C network class to scan within the specified IP (or Web) address. Use Network PC button to search for computers in your LAN. Use Load List to load list of hosts from the .TXT file. Use Add button to combine a pool of tasks for scanning. See How To Specify Tasks For Scanning
section. Policy By clicking the black down arrow, you can select the Policy: Smart Scanning or TCP Scanning as well as add/edit/delete a policy. See Working with Policies topic. Port Set By clicking the black down arrow, you can select the Port Set you create via Port Set Setup window. If you specified the Port Set as 'None', the program will scan the target machine for the ports that have been checked before in the main port list. See the Working with Port Sets section. Threads You can specify the number of threads running simultaneously (1 - 200). Set this property to a high value only if you have a high-speed connection! The higher the number of threads, the faster the scan will be. However, specifying more threads will require more computer resources, such as computer memory and processor time. Connect Timeout This box shows you the maximum amount of seconds AATools Port Scanner waits for the answers from the remote server. Ping Timeout This box shows you the maximum amount of seconds AATools Port Scanner waits for ICMP echo Reply. This variable can be adjusted to compensate for network congestion issues. If ICMP echo Reply is not received during the indicated period of time, AATools Port Scanner considers the host as not active. The program indicates all the scanning process if Enable indicators while scanning option is checked. See below the description of the indicators. Resolve threads - shows the number of Host Name/Host IP Resolve active threads TCP/IP threads - shows the number of active sockets that are used for scanning. ICMP threads - shows the number of active threads for ICMP scanning. Total threads - shows the total of active threads. Attention! More threads you use, more computer resources (computer memory and processor time) are required.
13
Working with Port Scanner

Results Window Here you can see the results of scanning as well as call Advisor program that is specified to the selected port. Simply double-click your mouse on the line with the appropriate port. (See Working with Port Sets topic). Results Window has two tabs: Simple List and List by Host. If you click List by Host tab, you will have the results of scanning filtered by host. Both the Simple List and List by Host contain the following columns: Host IP - indicates the IP address of the target machine. Host Name - shows the resolved Host Name of the scanned computer. Port - indicates the open/active port on the target machine. Protocol - may be TCP, UDP, ICMP. Banner/Replies Info - shows the information that has been received from the appropriate port or ping information from the target machine. Description - gives additional information about standard port assignments, some of which are registered assignments and some of which are unregistered uses. ATTENTION! You should check these ports to see if they are running services that you have approved. If they are running undocumented services, or services you do not wish to run, we suggest that you disable them.
Possible Trojan - indicates well-known Trojans commonly using this port. For example, the 'Possible Trojan' column on port 25 shows this: RATs: Ajan, Antigen, Email Password Sender - EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, I love you, Kuang2, Magic Horse, MBT (Mail Bombing Trojan), Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC, WinSpy. That doesn't mean that you are infected with all of those Trojans! It just lets you know what Trojans and programs have been known to frequent that port. Right-clicking on Simple List window brings up a menu with the following commands: Delete - deletes a selected string from the Simple List. To select all, click <Ctrl+A>. Send To - sends a selected IP address and port (if needed) to Proxy Analyzer, Whois. Copy to Clipboard - copies a selected IP address:Port to clipboard. Invert Selection - inverts selection Select All - selects all strings. To select all, you can also click <Ctrl+A> buttons. Right-clicking on List by Host window brings up a menu with the following commands: Delete, Send To Whois, Invert Selection, Select All. Below you can see the icons shown by Results Window during the scanning. Host not reachable or Host not resolved. Host answered ICMP echo request. There is an open
14
UDP or
TCP port (service) on the tested machine.
Working with Profile

A Port Scanner Profile includes a scan file of all the data that was gathered while scanning using a
specific policy and port set. If you wish to retain your data for future use or to continue uncompleted scanning, it is a good idea to save the Profile. Creating new Profile To create a new profile, click New Profile button on the Toolbar. The program will clear HostName/IP, Hosts to Scan and Results windows. Opening Profile To open a profile, click Saving Profile To save a profile, click Save Profile button on the Toolbar, select the destination and type the name of your profile. You can save a profile only when the scanning process is stopped or paused. Load Profile button on the Toolbar and select your file.
15
Working with Policies

Policy contains the scan settings that you wish to use each time AATools Port Scanner performs scanning. Different policies can then be created and saved for future use. Adding/Creating Policy To add/create a policy, click the black down arrow in the Policy field to display the drop down menu. Then click the right mouse button on the drop down menu to display the popup menu and select Add New Policy option.
Policy Settings Policy Settings allow a user the ability to specialize and customize scan settings. For example, a user could create a Policy for TCP, UDP and/or both type of scanning. Resolve Host Name - switch on this option for the automatic resolve IP address to Hostname of the scanned computer. ICMP Scanning - switch on this option to detect responsive hosts on a network without scanning them for open ports. Sometimes you only need to know the active hosts address in the scanned network. AATools Port Scanner can do this by sending ICMP echo request packets on each IP-address you indicated. The host responded on echo request packet is active. If you would like that before Port Scanner performs scanning, it will ping the target computer to verify if this computer is alive, then you have to check on this option. However, it is possible for a computer to ignore ping requests in order to "conceal" it from other computers. In such a scenario, using Perform scanning, if the host does not respond on ping policy option may be necessary. UDP Scanning - switch on this option for UDP scanning. Please note, UDP-ports scanning is running very slowly because practically all the OS limit the speed of the generation of ICMP messages "port unreachable". For example, the kernel Linux limits the generation of such messages to 80 for 4 seconds with delay of 0,25 seconds in the case of exceeding of this limit. Unfortunately, UDP port scanning is not as reliable as TCP port scanning. If there is a firewall between you and the Internet that blocks UDP traffic by simply dropping the packet, and sends no response, our port scan will detect this as an indication of an open port. TCP Scanning - switch on this option for TCP scanning. Perform scanning, if the host does not respond on ping - with this option enabled, AATools PS will not ping the target machine at all. I.e. in this rate the program will not make ping-inquiry of the hosts before their scanning. This option allows you to scan the nets blocking the processing of ICMP echo with Firewalls. Switch off this option for the scanning of the machines responded on Ping only. Editing/Modifying Policy To edit a policy, click the black down arrow in the Policy field to display the drop down menu. Then click the right mouse button on the drop down menu to display the popup menu and select Edit Policy option. In Edit Policy window you can change the name of a policy as well as the policy settings.
Deleting Policy To delete a selected policy, click the black down arrow in the Policy field to display the drop down menu. Then click the right mouse button on the drop down menu to display the popup menu and select Delete Policy option.
Working with Port Sets

A port in the network sense is the pathway that a computer uses to transmit and receive data. To add, edit and delete a port or a port set, click window. Port Set button on the Toolbar to display Port Set
Selecting Port Specify a port number for fast search in the appropriate box. You can check the boxes with the port number in the main list of ports. This list contains the list of standard services assigned by IANA. Adding Port To add a port to the main list of ports, click Add button on Port Set window and fill in the required fields. Editing Port To edit a port from the main list of ports, click Edit button on Port Set window and edit any of the displayed fields except Port field. Working with Advisor application Advisor application is a program that is associated with the specified port. You can launch it by doubleclicking on the string with the appropriate port from the Results window. For example, you can set an advisor application to allocate the Internet Explorer to the port 80, the FTP Client - to the port 21, the Mail Client - to the ports 25 and 110, etc. Example: setting up an advisor application to allocate Internet Explorer to the port 80: 1. Click on "Browse" and find the folder where iexplore.exe is located e.g. C:\Program Files\Internet Explorer\IEXPLORE.EXE 2. Specify the following parameters: http://$d:$p (for FTP Client it should be ftp://$d:$p). Click the OK button to save the changes you have made to a disk. Deleting Port To delete a port from the main list of ports, click the right mouse button on the main list to bring up the popup menu and select Delete. A Port Set is a quick way to highlight an entire group of ports in the port list. For example, if you routinely scan for FTP, Telnet, and HTTP ports, you can place those ports into a port set so you could select them quickly. Common examples of port sets might be mail services (smtp, pop2, pop3), and web services (http, ftp, nntp, smtp).
17
Creating, Editing, Deleting Port Set You can create your own sets of ports. To create a port set, click New button on Port Set window and type the name of your port set. Now you can enter ports from the main list in this port set. To do this, select one or a few ports from the main list and click the right arrow > button. To remove a port from a port set, click the left arrow < button. When you finished working with a port set, click Save. To delete a port set, click Delete Port Set button. To rename a port set, click Rename and type a new name of your port set. Switch on Uncheck all Ports, when Port Set window is activated if you want the program to automatically clear all the port checkboxes when you open the Port Set window.
How to Specify Tasks for Scanning

Make sure that Hosts to scan window contains the target machine(s). Below are the examples of correctly specified tasks for scanning. Example 1: 127.0.0.1 your own computer, local host. If the ports are not specified, the program will scan the ports that have been c hecked before in the main port list. The range of IP addresses should be specified in brackets [<range of the last portion of IP address with the delimiter "-" between the numbers>: Example 2: 192.168.1.[1-255] 192.168.0.15:21,80 192.168.5.15:21-139 192.168.15.[10-15]:21 www.domain.com:21,25,80 www.domain.com You can specify the ports at the desired IP. The delimiter between IP address and port address is ":", and the ports may be specified one after another with the comma delimiter, or "-": Example 3: 127.0.0.1:21,25 (ports 21 AND 25 will be checked) 127.0.0.1:21-25 (ports FROM 21 TO 25 will be checked) 127.0.0.1:1-65535 (full range of ports FROM 1 TO 65535 will be checked) 127.0.0.1:21-80,139 (ports FROM 21 TO 80 AND 139 will be checked) 127.0.0.1:21-80,139,435-600 (ports FROM 21 TO 80, 139 AND FROM 435 TO 600 will be checked)
18
3. Proxy Analyzer
Proxy Basics
What is a Proxy Server? A proxy server is a kind of buffer between your computer and the Internet resources you are accessing (i.e. Web sites or FTP archives). The data you request comes to the proxy first, and through the requested proxy, the data is transmitted to you. What are proxy servers used for? Proxy servers are usually used to increase the effective speed of your connection to the Internet, because they save files that are requested most often in a special database called "cache". The cache of a proxy server is generally very large in its capacity, and contains not only the requests made by you, but also the files that have been requested by hundreds, if not thousands, of other Internet users. As a result, the information you need may already be present in cache by the time of your request, making it possible for the proxy to deliver it immediately. The overall increase in performance may be very high. Besides that, proxy servers can help in the cases when, for example, the owners of the Internet resource impose some restrictions on users from certain countries or geographic regions. What is an anonymous proxy server? Any web site in the world can track your movements through its pages and monitor your reading interests using your IP address, a unique ID assigned to each computer on the Internet. Depending on the policies of the Internet resource, you may not be able to get access to the information you need. In addition, your visit can be registered and used later to gather some personal information about you. It is widely agreed that governments and organizations publish dummy web sites on controversial topics for the purpose of monitoring interested parties. Also, this information, in combination with your e-mail address, can be used to increase the number of targeted advertisements fired at you by the marketers. Using only your IP address and your operating system type, a Web s ite can automatically exploit security holes in your system using some not-very-complex, ready-made, free hacking programs. Some of such programs may just hang your machine, making you reboot it, but other, more powerful ones, can get access to the content of your hard drive or RAM. The anonymous proxy prevents this by hiding your IP address so that no one can access your computer via the network. In most cases, however, proxies do inform the target server about the address of the computer that made the request, transmitting your IP-address in different forms. Anonymous (real anonymous!) proxy servers don't transfer the information about the IP-address of the client, and thus effectively hide the information about you and your surfing interests. Besides this, some proxy servers can also hide the very fact that your are surfing through a proxy server! Anonymous proxies can be used for all kinds of Web-services, such as Web-Mail (HotMail, Yahoo mail), web-chats, FTP archives, etc.
What is a SOCKS proxy server? A SOCK is a protocol that relays TCP sessions at a firewall host to allow application users transparent access across the firewall. As the protocol is independent of application protocols, it can be used for many different services, such as telnet, ftp, whois, SMTP, etc. Access control can be applied at the beginning of each TCP session; thereafter the server simply relays the data between the client and the application server, incurring minimum processing overhead. No information about the client is sent to the server thus there is no need to test the anonymity level of the SOCKS proxies. What is a public proxy server? It is a proxy server, which is free and open for everybody in the Internet. There is a quite large number of public proxy servers in many countries but most of them are not anonymous. These headers contain information that any server can receive when you connect to them. In order to remain anonymous you DO NOT want your real IP to be shown, only the proxy's. Client sends to server the great amount of information including the information about itself. The header of request consists of the following fields (only those we are interested in): Remote Addr, Remote Host, Pragma, Forwarded, Client IP, Via, X-Forwarded For, Proxy-Connection. These fields cause the privacy leak. REMOTE_ADDR The IP address of the remote client browser. If your are using an anonymous proxy, its IP will be shown here REMOTE_HOST The host name of the remote client. If your are using an anonymous proxy, its IP will be shown here HTTP_USER_AGENT The name of the remote client browser software FORWARDED, The name of the proxy server which this document is being processed X_FORWARDED through VIA The main variable revealing the fact that you are using a proxy. This variable provides the resource server with information about the proxy itself. CLIENT_IP Your IP can be revealed by proxy HTTP_FROM The name (most likely the email address) of the remote client user. Unlikely to be set
20
Proxy Analyzer Overview

Proxy Analyzer is a special tool, designed to manage a database of proxy servers located all over the world. This program is essential for those who are concerned about their privacy and who want to surf the web anonymously. You can check SOCKS Proxies and see their levels 4, 4a, 5. Proxy Analyzer can find out the 3 types of HTTP proxies: Transparent proxies (not anonymous, simply HTTP) do not change the header fields and they transfer your real IP. Such proxies are not applicable for security and privacy while surfing on net. You can use them only for network speed improvement. Anonymous proxies do not show your real IP no more and change and/or hide the header fields. Distorting (gateways) proxies. Such proxies alter their own IP address (your real I is also hidden), P change the header fields that it looks like the real browser connects without using a proxy. People administrating web sites will think that you are not using any proxies. Note: AATools Proxy Analyzer rates proxies from 0 to 125 points. A 105 and higher rated proxy is anonymous 99.9% of the time! With Proxy Analyzer you can: Check the anonymity degree of proxy servers Choose to use only those proxies that meet particular anonymity requirements Find the anonymous proxy server which is the fastest for your region Scan each server, check its response time, confirm its anonymity Choose the best candidate as your default proxy Test proxies for HTTP and Secure HTTP (SSL): HTTPS support Check only one Proxy, or a list of Proxies simultaneously View results of testing in your favorite browser Use a multithreading to check your Proxy list faster Save only Bad or only Good Proxies to any file And many more...
After you chose the best anonymous proxy for your needs, you can: - surf the web with your IP address hidden so that the websites you visit will not know who you are and what country you are from; - download files with your default browser remaining anonymous; - submit your web pages to search engines without worrying about submission limits (submit each page using a different anonymous proxy); - check the anonymity status of proxy servers.
21
Proxy Analyzer Settings

General Settings
Script: any URL to the environment checker or the ProxyJudge script that returns proxy server environment variables. To delete URL click the CRTL+Del. Control string: Control word for checking the response of a proxy. Control string field must contain a permanent word from the obtained document. Test proxy for HTTPS support - check this box if you need this search parameter. URL must contain the link to any https:// page. Your IP - enter your IP if AATools could not determine it automatically. IP address is necessary to check a proxy server for anonymity. Detect IP address via external script - if this option is checked, the program will try to detect your IP address using the external CGI script on our web site. Auto detect IP address at startup - when this option is checked, the program will automatically detect your IP address while starting AATools. When this option is unchecked, click the 'Detect IP' button to detect your IP as well as you can always click this button to refresh your IP address. If the AATools works on the network computer, for correct detecting of your external IP, please, ma ke sure that your computer has the internal IP from any of the following three blocks of the IP address space for private networks: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Detect IP address before analyzing proxies - when this option is checked, the program will automatically detect your IP address before to start analyzing proxies. Enable processing visibility - when this option is checked, you can see all the details of the proxy analyzing process in the Results window. Ask confirmation to delete items from the Results window - when this option is checked, you will have to confirm deleting of selected items from the Results window. If you don't want to confirm deleting of selected items from the Results window, uncheck this option. Enable Logging - when this option is checked, you will see the detailed header information later in your browser.
22
Startup Settings
Load Proxy profile at startup - when this option is checked, the program will automatically load at startup the proxy profile that you indicated in Select profile field. Load Socks profile at startup - when this option is checked, the program will automatically load at startup the socks profile that you indicated in Select profile field.
Socks Analyzer Settings

Host for connecting - there you have to indicate a target host that the Socks Proxy Analyzer will connect to for checking socks proxies and determine their protocol (socks 4, 4a, 5). Attention! It must be any host that has 21 or 25 ports open, for example, your ISP FTP or SMTP server.
Port: in the current version you are allowed to use either FTP port 21 or SMTP port 25. Use Test button to check your FTP or SMTP server for validity. In the window below you can see the result. If the server responds with the banner beginning from '220', it means that this server is active and can be used to test socks proxies. There are the following options available: Check proxy for Socks 4 Protocol support - if this option is checked, the program will check a list of proxies for Socks 4 Protocol support and you will see the V icon in the title of the appropriate column in the Result window. If this option is unchecked, the column will be marked with icon.
Check proxy for Socks 4A Protocol support - if this option is checked, the program will check a list of proxies for Socks 4A Protocol support. Check proxy for Socks 5 Protocol support - if this option is checked, the program will check a list of proxies for Socks 5 Protocol support. SOCKSv4 does not support authentication neither UDP proxy. SOCKSv4A is the extended SOCKSv4 Protocol. SOCKSv5 supports a variety of authentication methods and UDP proxy.
23
FTP
The program can find proxies that support FTP connect method. These proxies may be used, for example, in download managers that support this kind of proxy. Test Proxy for FTP support - check this box if you want the Proxy Analyzer test the proxy for FTP support. FTP Server: this field must contain any working FTP server. It is recommended that the server allow no less connections than the number of threads in the Proxy Analyzer. Port: this field must contain the port number of your FTP server. Usually this is 21. Timeout: this field contains information about the time that the program needs to wait for the answer from a proxy in ms. I.e. if within the given period, a specific proxy has not sent an answer, the program will terminate the connection to it and state that the proxy did not pass the checking for FTP support. Test FTP - click this button if you want to make sure in the efficiency of the FTP. Abort - click this button to terminate the testing process if the FTP gives no answer. You can choose the method of checking a proxy for FTP support: Connect only (fast) - the program will connect to the FTP server via the proxy server. In the case of success you will see one point in the FTP column in the Result window. Wait for banner (middle) - the program will try to connect to the FTP server via the proxy first. Then it will wait for the banner from FTP. In the case of success you will see two points in the FTP column in the Result window. Send USER and PASS commands (slow) - the program will perform two previous steps first, i.e. try to connect to the FTP server via the proxy and wait for the banner from FTP. Then it will execute the USER and PASS commands. In the case of success the proxy will receive three points in the FTP column in the Result window. You can use such a proxy in any download manager which supports FTP connect proxy. USER Name - this field must contain your user name. If your server allows anonymous users, it may be any word. Password - this field must contain your password for the FTP server.
24
Proxy Rating Settings

You can manually select the headers of proxy you want to combine your personal rating specifications. To see the values of the headers, go to Proxy Basics. The digits show the points of the header's weight in the anonymity rating. The proxy server is called fully anony mous if it has the rating 100 points or higher. How does the program calculate the rating of anonymity? A fully anonymous proxy gets the rating 100 points. Then the program analyzes the CGI environment received after connecting to the CGI script through the analyzed proxy. The values of the CGI environment also have a number of points depending on that how they affect the anonymity of a particular proxy. So, the rating of anonymity is calculated by subtracting the points of each variable of the CGI environment from the initial 100 points. For example: If the REMOTE_ADDR value from the CGI environment contains your IP address (it means that the proxy is not anonymous), this variable gets 100 points. So, 100 100 = 0, i.e. the rating of anonymity of this proxy is 0. If the result of calculating is negative, the program considers the rating of anonymity of this proxy as 0 too. For more information about the CGI environment, see Proxy Basics topic. Restore default - click this button if you want to load default settings. Press OK or Cancel to save or discard the settings you have made.
Color Theme
The color theme option allows a user to customize the color and appearance of Proxy Analyzer interface. The following abilities are available when Enable Color Theme option is checked: two color theme and multi color theme. You can customize the color of Proxy Analyzer Interface as you like as well as enable or disable grid in the Result window.
25
Environment Variable Scripts

You can find a simple script that reports all the CGI environmental variables it can find from the server, in AATools directory after you install the program. It is called jenv.cgi If you have a website you can use this script on your server. For this purpose, you should upload the script to cgi-bin directory on your server and modify URL in the Script field in the Proxy Analyzer General Settings. Do not forget to set up permissions of your script on the server (use CHMOD command, change default to 755, i.e. execute all). You may also have problem with "#!/usr/bin/perl" string (first string of the script), on some servers this may be "#!/usr/local/bin/perl"; if the script does not work, try to change it. Below are some (free) hosting companies that allow you to use your own CGI scripts: http://www.virtualave.net http://www.portland.co.uk http://www.hypermart.com http://www.tripod.com http://www.t35.com You can also find hundreds of such scripts on the Internet. For example, go to the www.google.com search engine or any other one you like, and type the "environment variable". You will get some links to CGI scripts of this kind. For correct work the script must send the following variables in its response: REMOTE_ADDR The IP address of the remote client browser. If your are using an anonymous proxy, its IP will be shown here REMOTE_HOST The host name of the remote client. If your are using an anonymous proxy, its IP will be shown here HTTP_USER_AGENT The name of the remote client browser software FORWARDED, The name of the proxy server which this document is being processed X_FORWARDED through VIA The main variable revealing the fact that you are using a proxy. This variable provides the resource server with information about the proxy itself. CLIENT_IP Your IP can be revealed by proxy HTTP_FROM The name (most likely the-mail address) of the remote client user. Unlikely to be set
26
Proxy Analyzer Main Window

Toolbar New Profile - allows you to create a new profile. See Working with Profile section. Load Profile - allows you to load the saved profile. Save Profile - allows you to save a profile. You can save a profile only when the analyzing process is stopped. Start - allows you to start analyzing the hosts. Clicking the black down arrow, you can select the following options: analyze Selected Items, Bad Items, Good Items, New Items, Broken by timeout Items, or All Items. Stop - allows you to stop the analyzing process. Note that Proxy Analyzer needs a few time (specified in Connect Timeout box) to terminate active threads. Show/Edit Exclusion List - allows you to view and edit the Exclusion List. Legend - Shows legend for the Results - HTTP Proxies window. Settings - allows you to determine different settings for the analysis. Clear - allows you to clear the Results window. When you click the black down arrow near the Clear button, you will see the drop down menu with the following options: delete Selected Items, Bad Items, Good Items, New Items, Duplicate Items, Broken by timeout Items, or All Items. Save - allows you to save analysis results. Report - allows you to save analysis results to Paradox, DBase, Text (.CSV), HTML, Excel, SYLK, DIF, Lotus 1-2-3, QuattroPro, MS Access database files as well as MS Windows clipboard. Timeout (ms) This field contains information about the time that the program needs to wait for the answer from a proxy in ms. I.e. if during the given period, a specific proxy has not sent an answer, the program will terminate the connection to it and will mark it as a proxy broken by Timeout. Threads (1-100) This field contains a number of threads. Minimum 1 thread, maximum 100 threads. Faster the speed of analyzing, more the traffic loads on the network and more separate operating tasks can be simultaneously performed. Therefore, if you have a Dial-Up connection to the Internet, you should select the number of threads from 1 up to 30, and if you have a fast connection, it is possible that you select the maximum number of active tasks.
27
Working with Proxy Analyzer

If you want to add a single proxy to the list, enter its name or IP address in Host Name or IP Address field and click Add button. If you want to load names/IPs from a file, click button. The format of the entries in the appropriate TXT file should be: [hostname/IP]:[port number] Example: www.domain.com:8080 127.0.0.1:3128 Note: All above is subject both to HTTP Proxies and Socks Proxies lists. First Host name and Port number should be preferably checked with the Port Scanner for validity, or you must be sure that it is valid and available. Load List
To start checking the loaded list of proxies, click Start Scanning button on the Toolbar. By clicking the black down arrow next to Start button, you can select the next options from the drop down menu: check Selected Items, Bad Items, Good Items, New Items, Broken By Timeout Items, Check Good Items for FTP support or All Items. After the program finished its work, you will see the results in the Result window. The Result window contains the following columns: Host IP (shows the resolved IP address of the proxy server), Host Name (shows the resolved host name of the proxy server), Port (shows the port number of the proxy server), Location (shows the country where the proxy server is located), Time (shows the response time of the proxy server in seconds). Speed column shows the transfer speed of the data through the proxy server in Kb/sec. You will get only approximate results if you use more than 1 thread for testing. In some cases you may see N/A in this column. It means that the transfer speed of the given web page cannot be calculated because this page was received within a very short period of time: maybe the page is very small or we received it just from the cache of the proxy server. Tip: Note that you will never get absolute transfer speed. But for more accurate results you may use the next trick: 1. Go to the General Settings in the Proxy Analyzer. 2. Fill in Script URL field with any web page with size ~10kb. 3. Fill in Control String field with any word from this web page. 4. Click OK. 5. Go to the Main Window of the Proxy Analyzer and type 1 in the Threads field. 6. Start the Proxy Analyzer.
28
ATTENTION! You cannot use this method to check proxies for anonymity. Further you will see columns with color dots showing environment variables that the proxy server transmits to the visited site. For more information, see Proxy Basics topic. If you want to check a proxy for FTP connect support, you should check Test Proxy for FTP Support (see FTP topic) option in the FTP Settings. In the FTP column you will see one, two or three color points (see the FTP topic) in the case of success. Or, this column will be blank if the checked proxy cannot be used as a FTP proxy server. Rating column shows you the anonymity rating of the proxy server. See Proxy Rating Settings topic for more information. Status column shows you the details of working process and the checking results. Last Attempt column shows you the time when the proxy was last checked. When you click the right mouse button on a particular string with the analyzed proxy, you get the context menu with the following options (applied both to HTTP Proxies and Socks Proxies lists): Check Proxy - allows you to start analyzing the selected proxy. Delete - allows you to delete a selected proxy. Add To Exclusion List - allows you to add selected items to the Exclusion list. Add All Bad Items to Exclusion List - allows you to add all bad items to the Exclusion List. Reload Exclusion List - if you have manually edited your Exclusion List, select this option to get it active. Copy to Clipboard - allows you to copy Host IP, Host IP:Port, Host Name or Host Name:Port to clipboard of selected proxy. Set as (IE) Proxy for ... - allows you to make the selected proxy your default proxy for your Internet connection. This function works ONLY if the Internet Explorer is your default browser. Disable (IE) Proxy for ... - allows you to disable your default proxy for your Internet connection in the Internet Explorer. View Log - allows you to view the header information of the selected proxy. This option is available only on HTTP Proxys tab if Enable Logging option is checked in the General Settings. Invert Selection - allows you to invert selection. Select All - allows you to select all the proxies in the Results window.
29
Working With Exclusion List

The Exclusion List is a simple text file that allows you to create a list of proxies that you do not want to be loaded into the Proxy Analyzer database. There may be stored, for example, all bad proxies or the proxies with a specific rating, etc. To add selected items to the Exclusion List, click the right mouse button on the selected string and choose Add to Exclusion List option from the popup menu. To add only bad proxies to the Exclusion List, select Add All Bad Items to Exclusion List. Note that the items you added to the Exclusion List are not removed from the Proxy Analyzer database. The proxies that the IP addresses are stored in the Exclusion List will be skipped the next time when you are loading a proxy list into the Proxy Analyzer database. To view the Exclusion List, click Show Exclusion List button on the Toolbar. You can also manually edit the Exclusion List, i.e. add or remove proxies. If you have manually made some changes in the Exclusion List, select Reload Exclusion List option from the popup menu to get your edited Exclusion List active. For correct work of the program, the Exclusion List must contain IP addresses only.

A Proxy Analyzer Profile includes a scan file of all the data that was gathered while proxy analyzing. If you wish to retain your data for future use or to continue uncompleted analyzing, it is a good idea to save the Profile. You can save as many profiles as you want and then to change them easily. Creating new Profile To create a new profile, click New Profile button on the Toolbar. The program will clear all your data from the Results window. Opening Profile To open a profile, click Saving Profile To save a profile, click Save Profile button on the Toolbar, select the destination and type the name of your profile. You can save a profile only when the analyzing process is stopped. Load Profile button on the Toolbar and select your file.
30
Saving HTTP Proxy

This option is available in the registered version only.
The option allows you to save the results of proxy analyzing to a file on your HDD. Results frame allows you to choose the results of proxy analyzing to save them on your HDD. Good - check this option if you want to save Good proxies. Bad - check this option if you want to save Bad proxies. Unchecked - check this option if you want to save Unchecked proxies. Save as frame allows you to perform the next options: Host IP: Port - select this option to save the Host IP: Port of the analyzed proxies to a file. Host Name: Port - select this option to save the Host Name: Port of the analyzed proxies to a file. Rating Frame allows you to specify the rating of anonymity (e.g. 75% and up, or 100%) by check the appropriate radio button, or choose your custom rating parameters by yourselves. Location Frame allows you to specify the location of the analyzed proxies if you want to save proxies for the specific country. To select all the countries, click Select All button. To disable this option, click Deselect All. If you want to save all of them, none of the locations should be checked! Use Quick search box to find location with 1 or 2 initial letters. Parameters Frame allows you to select the parameters you need to save in the results tab. If you need ALL parameters, please do not check any!
31
Saving Socks Proxy

This option is available in the registered version only.
The option allows you to save the results of proxy analyzing to a file on your HDD. Location frame allows you to specify the location of the analyzed proxies if you want to save proxies for the specific country. To select all the countries, click Select All button. To disable this option, click Deselect All. If you want to save all of them, none of the locations should be checked! Use Quick search box to find location with 1 or 2 initial letters. Results frame allows you to choose the results of proxy analyzing to save them on your HDD: Good - check up this option if you want to save Good proxies. Bad - check up this option if you want to save Bad proxies. Unchecked - check up this option if you want to save Unchecked proxies. Save as frame allows you to perform the next options: Host IP: Port - select this option to save the Host IP: Port of the analyzed proxies to a file. Host Name: Port - select this option to save the Host Name: Port of the analyzed proxies to a file. Socks Level frame allows you to select the socks level you need to save in the results. If you need all levels, please do not check any!
32
4. RBL Locator
RBL Locator Overview

In the last few years, UBE - unsolicited bulk email, commonly known as spam - has become a fact of life for many of us. Most of such abusive sessions are initiated by junk emailers - so-called spammers attempting to distribute their unwanted messages all over the Internet. Probably the most effective method of prevention is blocking spammers and their harvester bots from your web site altogether. It's a lot of work to keep track of spam sources, so some system administrators use shared blacklists to decide which senders to block. AATools RBL Locator will help you to determine if you're listed as a "bad actor" on any of the shared blacklists. RBL Locator is a specia l tool, designed to quickly search for an IP address in DNS-Based spam databases. RBL Locator checks a given IP address against the most known blacklists. The information you get from the RBL Locator can be used to help anyone configure his own network or mail relay for the purpose of limiting the transport of known-to-be-unwanted mass e-mail.
33
RBL Locator Settings

General Settings
Load profile at startup When this option is checked, the program will automatically load at startup the profile that you indicated in Select profile field. Try to get text description from Database Some spam databases contain text description. If this option is checked, the program will try to get a text description for the specified record from a spam database. Ask confirmation to delete items from the Results window When this option is checked, you will have to confirm deleting of selected items from the Results window. If you don't want the program ask you the confirmation to delete the selected items from the Results window, uncheck this option.
Spam Databases
Here you can select one or several DNS-based spam databases that the program will check for the specified IP address. Below the list of databases you will find text information about the selected database. Clicking the right mouse button on the selected string will display the popup menu with the following options: Check All - allows you to select all the listed databases to be checked for a specified IP address; Uncheck All - allows you to deselect all the databases from the list; Add New - allows you to manually add a new DNS-based spam database. Selecting this option will display Add new spam database window where you have to fill the required fields in: Name, Link, Lookup, Description. Check Has text description checkbox if the database contains a text description. Delete - allows you to delete a selected database from the list.
Color Theme
The color theme option allows a user to customize the color and appearance of RBL Locator interface. The following abilities are available when Enable Color Theme option is checked: two color theme and multi color theme. You can customize the color of RBL Locator interface as you like as well as enable or disable grid in the Result window.
34
RBL Locator Main Window

Toolbar Create New Profile - allows you to create a new profile. Load Profile - allows you to load the saved profile. Save Profile - allows you to save a profile. You can save a profile only when the searching process is stopped. Start Scanning - allows you to start scanning databases for a specified IP address. Clicking the black down arrow, you can select the following options: search for Selected Items, Listed Items, Not Listed Items, New Items, or All Items. Stop Scanning - allows you to st op the searching process. Note that the RBL Locator needs a few time (specified in Timeout box) to terminate active threads. Show/Edit Exclusion List - allows you to view and edit the Exclusion List. Settings - allows you to determine different settings for the searching process. Show/Hide Details - allows you to show/hide detailed information including text description if available about the IP address listed in the specified databases. Clear - allows you to clear the Results window. When you click the black down arrow near the Clear button, you will see the drop down menu with the following options: delete Selected Items, Listed Items, Not Listed Items, New Items, Duplicate Items, or All Items. Save Results - allows you to save the results of searching process. Report - allows you to save the verification results to Paradox, DBase, Text (.CSV), HTML, Excel, SYLK, DIF, Lotus 1-2-3, QuattroPro, MS Access database files as well as MS Windows clipboard. Timeout (ms) This field contains information about the time in ms that the program needs to wait for the answer from a DNS-based spam database. I.e. if during the given period, a specific database did not send an answer, the program will terminate the connection to it and will mark it as a Not Listed. Threads (1-100) This field contains a number of threads. Minimum 1 thread, maximum 100 threads. Faster the speed of searching, more traffic loads on the network and more separate operating tasks can be simultaneously performed. Therefore, if you have a Dial-Up connection to the Internet, you should select the number of threads from 1 up to 30, and if you have fast connection, it is possible to select the maximum number of active tasks and increase the speed of checking.
35
Working with RBL Locator

Host Name or IP address - enter any IP address here and click Add button. It will appear in the list in the History window. To open an existing file with a list of IP addresses to check whether they are listed in DNS-based spam databases, click Load List button. The program will automatically add these IP to the existing list if applicable. To start searching IP addresses in specified databases, click Start button on the Toolbar. Clicking the black down arrow next Start button allows you to select the following options: search Selected Items, Listed Items, Not Listed Items, New Items, or All Items. Result Window is shown as a table with the following columns: Host IP, Host Name, Port, Location, Status, Last Attempt. You can sort the listings with a click on the appropriate column header. When you click the right mouse button on a particular string with the IP address, you will get the context menu with the following options: Check - allows you to start checking the databases for the selected IP address. Delete - allows you to delete the selected IP address. Add to Exclusion List - allows you to add the selected IP address to Exclusion List. Add All Listed Items to Exclusion List - allows you to add the IP addresses which are listed in DNS-based spam databases to Exclusion List. Reload Exclusion List - if you have manually edited your Exclusion List, select this option to get it active. Send To - allows you to send a selected IP address to the Port Scanner, Traceroute or Whois. Copy to Clipboard - allows you to copy to clipboard: Host IP, Host IP:Port, Host Name, Host Name:Port. Paste From Clipboard - allows you to paste an IP address from clipboard. Invert Selection - allows you to invert selection Select All - allows you to select all the strings. To select all, you can also click <Ctrl+A> buttons. By clicking the appropriate button on the Toolbar you can also show/hide detailed information as Lookup domain, URL, Text description (if available) about the selected IP address. When you click the right mouse button on the selected string, you will bring up the context menu with the following options: Copy to Clipboard - allows you to copy to clipboard: Lookup domain, URL or Text description of the selected IP address. Visit URL - allows you to visit the URL from the selected string.
36
Saving Results
This option allows you to save to a file on your HDD the results of searching process. Clicking Save Results button on the Toolbar will display Save Result window where you can select DNS-based spam database(s). After you click OK, the program will save to a file IP addresses that are not listed in the selected databases. Save as frame allows you to perform the next options: Host Host Host Host IP - select this option to save a Host IP to a file. IP: Port - select this option to save the Host IP: Port to a file. Name - select this option to save the Host Name to a file. Name: Port - select this option to save the Host Name: Port to a file.
When you click the right mouse button on the selected string, you will bring up the context menu with the following options: Check All - allows you to select all the databases from the list. Uncheck All - allows you to deselect all the databases from the list. Invert - allows you to invert selection. Example: After the RBL locator finished its work, you want to save to a file IP addresses that are not listed in, for example, the relays.osirusoft.com spam database. Click Save Result button on the Toolbar and check the checkbox on the string with the relays.osirusoft.com bkacklist. Then click OK. The program will save to a file only the IP addresses that were not found in the relays.osirusoft.com spam database.
37
Spam Glossary
Today, "Spamming" is flooding netnews or email with tons of useless garbage, thus reducing the signalto-noise ratio and driving people nuts. This typically means flooding the net with one single message (often an advertisement) posted to hundreds or even thousands of newsgroups. It can also mean posting over and over again to a single newsgroup in the hopes of drowning someone out. ECP Excessive Cross-Posting. Crossposting an article to many newsgroups at once. Such articles are rarely relevant to so many newsgroups at once and are usually the hallmark of a clueless newbie or a spammer. Alphabetic Spam (AKA Alpha Spam.) Spam that is transmitted to newsgroups in alphabetic order. Alphabetic spam generally indicates that the spammer plans to hit every newsgroup on the net and is completely unconcerned with whether or not the message is appropriate to the newsgroups spammed. The newsgroup alt.3d invariably gets hit first and hardest by alphabetic spam. Horizontal Spam Spam that consists of a large number of messages sent to a large number of newsgroups. Horizontal spam typically represents someone trying to get a message across to the greatest number of people, regardless of whether or not the message is relevant to those newsgroups or of interest to the people who receive it. See also spam and vertical spam. Vertical Spam Spam that consists of a large number of messages sent to a single newsgroup. Vertical spam may represent a clueless newbie who has screwed up a posting command, or a malicious spammer who is trying to drown out a newsgroup. See also spam and horizontal spam. Crosspost (v.) To cross-post is to send a single message to multiple newsgroups. This is preferable to sending single copies of a message to each newsgroup for three reasons: first, by only sending a single copy, you reduce network resource consumption; second, most newsreaders allow users to view and discard a crossposted message with just one reading, even if t hey subsequently visit other newsgroups to which the message was posted; third, a followup response to the original article will be seen in all the relevant newsgroups, instead of just the one. Articles should be crossposted to the newsgroups to which they are relevant and no more. Crossposting is not, in itself, considered net abuse unless done to excess (see ECP), or to many non-relevant newsgroups (see troll.). Multi- Post (v.) To multi-post is to send a single message over and over again to multiple newsgroups; as opposed to crossposting which is to send a message just once with multiple newsgroups specified in the headers. Multi-posting is especially annoying, as it forces readers to encounter the same post over and over again as they peruse the net. Some people multi-post because they are using broken news software that does not allow crossposting. Others do it under the mistaken belief that crossposting is considered anti-social (it's not.). Spammers will multi-post in order to force potential customers to see the same ad over and over again. This is the same logic that causes people to plaster hundreds of copies of an advertisement on a wall right next to each other.
Flood Large quantities of material posted to the net at once, typically in a binaries group. For example, someone might decide to post all of his nude pictures of Pamela Anderson, which could take days. Although floods can be annoying, they are not considered spam if each post contains unique and relevant material. Some floods are done purposely to drown out discussion in a group. Most common are the floods in alt.religion.scientology intended to drown out criticism of Scientology. These are classified as vertical spam. Spew Large quantities of garbage sent to the net by a malfunctioning news program or robot. A typical cause of spew can be a netnews-to-BBS gateway that strips out or reassigns message id before forwarding articles to the BBS. Fidonet used to be notorious for this problem, although there wasnt any major Fidonet spews in recent years. UCE Unsolicited Commercial Email. Haven Spam Spam from a "safe haven" -- a site which permits spammers to maintain web sites. For example, a spammer might set up a web site at Netcom and then spam ads for it from throw-away accounts on other providers. As long as Netcom provides safe haven for the spammer, the spam will continue. Address Harvester A robot that searches netnews, web pages or other sources for anything that looks like a valid email address. The addresses thus acquired are used for email spam, or sold to email spammers. Revenge Spam Spam that has had some poor innocent person's identification planted in the headers or message body. The intent is to make life miserable for the victim. Revenge spam is another reason why you should not blindly reply to spam you receive. MMF MMF stands for Make Money Fast, the title of a popular pyramid scheme that has been floating around the Internet like a virus. Pyramid schemes are a form of gambling. You receive a list (via mail or internet) with five names on it. You send money to the top name on the list, cross it off, add your own name to the bottom and send it on to five soon-to-be-ex friends. After the list has propagated five generations, you should receive a whole lot of money. In reality, pyramid schemes only work for the people who start them or happen to be near the top of the pyramid. Everyone else in the list is out five bucks. You are in effect gambling that you'll be at the top of the pyramid. This scam has been floating around the net for so long that your chances of being near the top are nil. Pyramid schemes are a major annoyance on the Internet and are considered cancel-on-sight. They are grounds for losing your account at many sites. Pyramid schemes are serious business. The post office considers them to be mail fraud and will prosecute. In 1996, pyramid schemes caught on in the country of Albania where the populace is new to the idea of capitalism and naive when it comes to fraud. The resulting economic collapse led to the fall
of the government, social anarchy. ( CNN Article.) Some pyramid schemes come with window dressing to make them look legitimate. There may be a text in letters assuring you that the sender's lawyer has verified that it's legal, or some sort of worthless commodity such as recipes or mailing lists may change hands. Don't be fooled -- if success depends on being at the top of the pyramid then it's a pyramid scheme and illegal in most places. For more information, visit the Make Money F ast Myth Page at Stopspam.org and the U.S. Postal Service's Chain Letters page. See also the MMF Hall of Humiliation, and Google's archive of the very first MMF. If you are annoyed enough to take action, here's what you do: Print a hardcopy of the MMF and send it to the postmaster(s) where the snail- mail addresses are located POSTMASTER -- OFFICIAL BUSINESS Anytown, USA 12345 Include a note to the effect that you think it's an illegal chain letter. Finally, if the address is a post box, point out that the box holder is using the box for commercial purposes and you would like the name, address and phone number from the box rental card. The U.S. Postal Service maintains a web page to help you locate the nearest inspector. Nigerian 419 Scam So-called because it violates section 419 of the Nigerian criminal code. This scam usually, not always, originates in Nigeria. In the 419 scam, you receive a letter from an official in Nigeria or other African country, and are told that someone needs to move a great deal of money out of the country and that you've been selected to help them do it. In return for your help, you'll be given a cut of the action. All you need to do is to pay some sort of "Advance Fee" or "Transfer Tax" or give them your bank account information so they can wire the money to you. It's hard to believe anyone in the world is stupid enough to fall for this scam, but people do. Supposedly, this scam has evolved into a major industry in Nigeria. The scam has been on-going for decades and is propagated by other means than the Internet. I received one via international snail- mail once. Here is an example: Dear xxxx, I am Mrs LISA MONIGBA Ivorien widow with an only son ISMEAL ADAMS MONIGBA. My husband was the chief security officer to the ousted President Henry BEDIE of Cote d'voire. During the over throw of 24th December 1999, my husband was among the people that were killed by the military. Immediately after my husband's death, I ran away with my only son to Togo, I do hereby wish to ask for your assistance in urgent business transaction that requires absolute honesty and secret. Although I have not in any way disclose to anybody about this business because I want to be very careful about it and have being underground since I left m country immediately after the death of my husband. y Please the details of this my proposal to you are very confidential and I want you to treat it as such because I don't want to be traced by the former President concerning this transaction which I want to involve you by seeking your assistance. By virtue of my husband's position. The former President (BEDIE) gave him US 20.000.000.00 Dollars (Twenty million US dollars) cash in US100.00 dollars bill stacked in a box to transfer into his foreign
account overseas through Ghana that is one of the neighboring countries with my country Cote d'ivoire. My husband was about to go on one of his usual journies with only some days left before the 24th December overthrow took place and he was killed by the military. Immediately my husband was confirmed dead, I made away with this box with my only son and ran away so that we cannot be reached by Mr BEDIE. I have really been waiting for a more suitable time and a trustworthy person to assist me provide his or her foreign bank account to transfer this money as I don't have any foreign bank account overseas and also I cannot bank this money here in Togo where I am presently staying with my son because I don't have any business here to cover up such a big amount of money. Right now, the money is in a safe place, I deposited it with a security company for safekeeping. I am using this opportunity to seek for your assistance to move this money on trust to your country, to be invested on behalf of my only son ISMEAL. I got your contact through the internet and I therefore decided to contact you so that you can assist me transfer this fund to your country. For this transaction to be concluded immediately, all you need to do is to arrange to meet with me and my son here in LOME- TOGO where this box is been lodged, open an account in your name, pay in the whole money after clearing it from the security company, pay it into your account and transfer it to your chosen bank account in your country. I am ready to offer you 30% of the total sum and give you the full power to manage the remaining 70% on behalf of my son. Contact me with this e- mail address. Now we are currently staying in LOME-TOGO. This money I deposited it with the best security company in LOMETOGO. Upon conclusion of a rrangement, I shall forward to you the certificate of deposit, contract agreement form and the phone and fax number of the security company for confirmation immediately you develop interest to assist me in this transaction. Please be informed that you'll also assist us get traveling documents that will enable us meet you in your country immediately this fund is transferred into your account so that we can invest the remaining fund. Please I want us to finish this transaction as quickly as possible and I want to hear from you immediately you receive this mail. Thanks and may God bless you for assisting me. Yours faithfully MRS LISA MONIGBA DNSbl DNS Blacklist. A list of IP addresses which are blacklisted. This list may be queried in real time via DNS (Domain Name Service) lookup. The most wellknown example is the RBL. RBL Mail Abuse Protection System Realtime Black List. An online database of email spam sites that may be used for email spam filtering, either on a personal basis or used by an entire site. Problem sites are added to the RBL almost instantly when spam becomes a problem, and are removed again quickly once the problem is dealt with. For more information, see the Mail Abuse Protection System home page and this Yahoo article about the RBL. DUL Companion database to the RBL. The DUL is a list of known dial-up IP addresses. These sites are not necessarily spam sites, but the list is provided so that you may choose not to accept email directly from them. Email transmitted directly from a dial-up system -- as opposed through the dial-up system own provider -- is very likely to be spam. For more information, see the Mail Abuse Protection System Dial-Up List
41
Headers Headers are the block of information lines that appear at the top of a mail or news message. Headers identify the sender and recipient of a message, the route the message took from one site to another and so on. Headers are used to determine the source of a post. For more information, see Tracking Spam.
42
5. TraceRoute/Ping
TraceRoute/Ping Overview
Ping utility is essentially a system administrator's tool that is used to see if a computer is operating and also to see if network connections are intact. Ping uses the Internet Control Message Protocol (ICMP) Echo function that is detailed in RFC 792. A small packet is sent through the network to a particular IP address. This packet contains 64 bytes - 56 data bytes and 8 bytes of protocol reader information. The computer that sent the packet then waits (or 'listens') for a return packet. If the connections are good and the target computer is up, a good return packet will be received. PING can also tell the user the number of hops that lie between two computers and the amount of time it takes for a packet to make the complete trip. Additionally, an administrator can use Ping to test out name resolution. If the packet bounces back when sent to the IP address but not when sent to the name, then the system is having a problem matching the name to the IP address. To understand traceroute, you must understand something fundamental about the nature of Internet communications. As you may know, the Internet gets data from one place to another by formatting it as a "packet," which is simply a chunk of data along with some routing information and a few other things attached in a specific format. All data is passed across the network in the form of packets, and it is the job of the Internets many "routers" to decide how to get packets from one place to another. The way it works is best illustrated with a step-by-step walk-through: when one computer has some information to send (a web page, perhaps), it puts it in a packet (or multiple packets), and sets the TTL (Time -To-Live is simply a number specifying how many "hops" the packet is allowed to take during its journey across the Internet) to some initial value (typically 30). The computer then sends the packet to a router (Router A), which is directly connected, be it by Ethernet, PPP (dialup), or some other form of network. Router A would be called the "default gateway" for that computer. Generally, all routers will be connected in some form to one or more OTHER routers. Router A will examine the packet to determine the destination IP address and will, based on that address, choose one of these other routers which will get the packet closer to the destination. This new router (Router B) is referred to as the "Next Hop". There are many ways that the router might be able to choose the most appropriate Next Hop intelligently, but a discussion of "routing protocols" is beyond the scope of this article. At any rate, Router A will then decrement the TTL by one, and forward the packet to the new router, Router B. This process of "hopping" repeats indefinitely, with Router B choosing a new Next Hop, decrementing the TTL, and forwarding the packet, etc. until one of two things happens: 1) The packet reaches its destination, or 2) the TTL decrements to zero, or "times out." Its this last bit that allows the traceroute to do its magic. We are now at a point where we can explain what the traceroute is supposed to do. AATools TraceRoute shows you the path a packet sent from your machine to some other machine on the network goes as it hops from router to router. It will show you the IP address (and the actual name, usually) of each router, line-by-line. The last caveat we should mention is: the path BACK from the remote machine to you is NOT NECESSARILY the same! This situation is called asymmetric routing, and is usually not an issue. In
cases where it does exist though, it can make troubleshooting much more difficult, because some problem may exist on the reverse path (preventing data from getting back to you) that TraceRoute cannot show you.
TraceRoute Settings
Color Theme
The color theme option allows a user to customize the color and appearance of TraceRoute interface. When Enable Color Theme option is checked, two-color theme is available. So, you can customize the color of TraceRoute interface as you like as well as enable or disable grid in the Result window.
TraceRoute/Ping Main Window

Toolbar
New Profile - allows you to clear the Result window. Start - allows you to start TraceRoute. Clicking the black down arrow allows you to select the following options: Trace, Ping. Stop - allows you to stop TraceRoute. Settings - allows you to determine different settings for TraceRoute. Report - allows you to save results to a HTML file. Ping Timeout This box shows you the maximum amount of seconds AATools TraceRoute waits for ICMP echo Reply. This variable can be adjusted to compensate for network congestion issues. If ICMP echo Reply was not received within the indicated period of time, AATools TraceRoute considers the host as not active.
44
Working with TraceRoute/Ping

To start working with AATools TraceRoute, enter the numerical IP (ie, 123.123.123.123) or hostname (ie, server.com) into the Host Name or IP for Trace Route field and click Start button on the Toolbar. By default Traceroute option will be performed. If you click the black down arrow next Start button, you can select Ping option. You can set Timeout (ms), Start Hop, End Hop properties for TraceRoute and Data Size, Time To Live and Retries - for Ping. If, in the destination host, the IP module cannot deliver the datagram because the indicated protocol module or process port is not active, the destination host may send a destination unreachable message to the source host. More details on ICMP, protocol behind TraceRoute, can be found in RFC 792. Result Window is shown as a table with the following columns: Hop Number, Response Time, Host IP, Host Name. When you click the right mouse button on a particular string with the IP address, you get the context menu with the following options: Copy Host IP to Clipboard - allows you to copy the selected IP to clipboard. Copy Host Name to Clipboard - allows you to copy the selected host name to clipboard. Send To - allows you to send the selected IP address or host name to other tools: Port Scanner or Whois.
45
6. E-mail Verifier
E-mail Verifier Overview
When some Internet users move from one service provider to another, they do not take their e- mail addresses along with them. Users who lost their email accounts may not notify you of their loss. Internet users may choose to subscribe to your service with a phony email address so that they have access to a free download or a free offer that you may be offering online. Hence, you are left with "dead" email addresses. E- mail Verifier is the unique solution for the "message delivery error." You don't need to disturb your clients and friends anymore to check if their e- mail addresses are still valid. E- mail Verifier connects directly to their SMTP server and checks it for you. Nothing is sent to the recipie nt. E-mail Verifier verifies every email address from a specified mailing list, allowing you to determine up to 90 % of "dead" mail addresses. E-mail Verifier helps to decrease Internet traffic, because you can clean your mailing list beforehand, keeping you from sending undeliverable messages that causes ping-pong of useless messages between SMTP servers. In addition to saving your Internet resources, E-mail Verifier helps you to save money. Furthermore, E- mail Verifier has the following features: Multithreading that gives you a high performance on checking Importing recipients from CSV/ Text files
46
E-mail Verifier Settings

General Settings
SMTP frame: MAIL FROM contains the email address, which is used in MAIL FROM request to a mail server. It is recommended that you use a valid email address. Otherwise, servers with high levels of security may refuse to work with you, because they will also verify your email address as you verify your list of addresses. Domain for HELO - When you send an email, the recipient's SMTP server asks your domain name. It is recommended that you use your real domain. If the domain is not specified, the program tries to determine your domain itself. If it cannot be done for some reason, the domain name "localhost" is used. The use of somebody else's domain or localhost alias is allowed but not recommended - servers with high levels of security may refuse to work with you. If Domain for "HELO" field is blank and you use a socks proxy server, the program will use the socks proxy address in this field. Load profile at startup - when this option is checked, the program will automatically load at startup the profile that you indicated in the 'Select profile' field. Enable processing visibility - when this option is checked, you can see all the details of the verifying process in the Result window. Enable Logging (double click on the address in Result window to see the log) - when this option is checked, you will see the detailed log later in the text editor. Ask confirmation to delete items from the Results window - when this option is checked, you will have to confirm deleting of selected items from the Result window. If you don't want to confirm deleting of selected items from the Results window, uncheck this option.
47

Proxy server is a special program that allows LAN users to work with Internet (when only one machine has the "real" IP address). Please contact your network administrator if you're not sure how you're connected, and how to set appropriate options here. Popular programs such as ICQ work in LAN using Socks5 protocol. You must indicate to the proxy-server a domain in the SMTP settings if you use a proxy-server. Use Socks proxy server - check this box if you would like to use the socks proxy server. Specify your Socks Proxy Server - check the appropriate box to specify your socks proxy server. The program supports SOCKS 4, 4A and 5 Proxy server. Address: A proxy-server address. It may be either domain or IP-address. Examples: proxyserver.isp.com, 127.0.0.1. Port: Usually, it is 1080. Don't confuse Socks proxy with http and ftp proxies, which are on 3128 (8080) and 3121 ports by default. AATools doesn't work through http or ftp proxies. Use authentication (RFC 1929) The server requires authentication, i.e. requires user login and password. In most Socks5 realizations, the login and password are transferred as a plain text, as described in RFC 1929 document. Login: The name (login) of Socks proxy server user. Password: The password for Socks proxy server user.
Color Theme
The color theme option allows a user to customize the color and appearance of E-mail Verifier interface. The following abilities are available when Enable Color Theme option is checked: two color theme and multi color theme. You can customize the color of E- mail Verifier Interface as you like as well as enable or disable grid in the Result window.
48
E-mail Verifier Main Window

Toolbar New Profile - allows you to create a new profile. See Working with Profile section. Load Profile - allows you to load the saved profile. Save Profile - allows you to save a profile. You can save a profile only when the verifying process is stopped. Start - allows you to start verifying email addresses. Clicking the black down arrow, you can select the following options: verify Selected Items, Bad Items, Good Items, New Items, or All Items. Stop - allows you to stop the verifying process. Note that the E -Mail Verifier needs a few time (specified in the Timeout box) to terminate active threads. Settings - allows you to determine different settings for the verifying process. See Settings Dialog for details. Save - allows you to save the verification results. Clear - allows you to clear the Results window. When you click the black down arrow near the Clear button, you will see the drop down menu with the following options: delete Selected Items, Bad Items, Good Items, New Items, Broken by Timeout Items, or All Items. Report - allows you to save the verification results to Paradox, DBase, Text (.CSV), HTML, Excel, SYLK, DIF, Lotus 1-2-3, QuattroPro, MS Access database files as well as MS Windows clipboard. Threads (1-100) This field contains a number of threads. Minimum 1 thread, maximum 100 threads. Faster the speed of verifying, more traffic loads on the network and more operating tasks can be simultaneously performed. Therefore, if you have a Dial-Up connection to the Internet, you should select the number of threads from 1 up to 30, and if you have a fast connection, it is possible to select maximum value of the active tasks and increase the speed of verifying. Timeout (seconds) This field indicates time that E-Mail Verifier needs to wait for the answer from SMTP. I.e. if within the given period SMTP did not send any answer, the program will terminate the connection to it and will mark it as the connection broken by Timeout.
49
Working with E-mail Verifier

Enter e-mail address (one only) - enter any e-mail address here and click Add button. It will appear in the list in the History window. To open an existing file with e- mail addresses for verifying, click Load List button. The program will automatically add it to the existing list if applicable. To start verifying email addresses, click Start button on the Toolbar. Clicking the black down arrow next Start button allows you to select the following options: verify Selected Items, Bad Items, Good Items, New Items, or All Items. Attention! It is not recommended to load more than 2000-3000 email addresses for verification. If you want more advanced functions and power, you should look at Advanced Email Verifier. Result Window is shown as a table with the following fields: E-mail address, Location, SMTP, Verification Result, Last Attempt. You can sort the listings with a click on the appropriate column header. When you click the right mouse button on a particular string with the email address, you get the context menu with the following options: Check Email - allows you to start verifying the selected email address. Delete - allows you to delete the selected email address. View Log - allows you to view the header information of the selected email address. Please note: this option is available only if the 'Enable Logging' option in the General Settings is checked. Delete SMTP from DNS cache - allows you to delete all MX entries (information about SMTP servers) from local DNS of the particular email address. Mailto: [Selected email(s)] - allows you to send an immediate message through your default email client to selected addresses. Select All - allows you to select all the email addresses in the Results window. Note: The program can check from 1 to 100 addresses at one time - each address is checked by a single program thread. It is recommended to use 15-20 threads if you work with 33.6k modem. Further increasing of the number of threads would not lead to better productivity, but even decrease it because the modem channel will be overloaded. In the case of a high-speed Internet connection you can increase the number of threads, but setting it to maximum may result in the overloading of the DNS-server, and the most of checked addresses will be marked as "Unknown" because of DNS-server refusals, although your output channel is loaded only by 30%.
50

An E- mail Verifier Profile includes a scan file of all the data that was gathered during the verifying process. If you wish to retain your data for future use or to continue uncompleted verification, it is a good idea to save a profile. You can save so many profiles as you want and then easily change them. Creating new Profile To create a new profile, click New Profile button on the Toolbar. The program will clear all your data from the Results window. Opening Profile To open a profile, click Saving Profile To save a profile, click Save Profile button on the Toolbar, select the destination and type the name of your profile. You can save a profile only when the process of verifying is stopped. Load Profile button on the Toolbar and select your file.
51
7. Links Analyzer
Links Analyzer Overview

Links Analyzer is a new state-of-the-art utility that will scan all your URLs and IE Favorites and notify you when every link is being changed, or becomes invalid. It also doubles a navigation tool and makes it very easy to find what you are looking for without the need to search inside folders. Useful to monitor URLs and spy on your favorite Web Sites. Links Analyzer allows you to automatically scan your system and finds all URL files. Links Analyzer also checks dynamic HTML pages, URLs with CGI and automatically (optional) moves "bad" ones to the specified folder. It is truly multithreaded, - so you can fully load up your Internet connection. 500 URLs can be checked within 10 minutes with the connection speed of 28.8K! You can also easily maintain your own link lists. We all know why we have bookmarks and favorites ... TO SAVE TIME! in visiting the sites you like or need. Let Links Analyzer organize them for you in seconds for easy access again and again, while making sure that these sites are still on place.
52
Links Analyzer Settings

General Settings
Load profile at startup - when this option is checked, the program will automatically load at startup the profile that you indicated in Select profile field. Use HTTP proxy server - check this box if you want to use an HTTP proxy server to check your links. Address: A proxy-server address. proxyserver.isp.com, 127.0.0.1. It may be either domain or IP-address. Examples:
Port: Indicate the port number of your HTTP proxy server. Usually, these are 3128, 8080, 80 or 3121 ports by default. Authenticate - check this box if the server requires authentication, i.e. requires user login and password. User: The name (login) of HTTP proxy server user. Password: The password for HTTP proxy server user. Press OK or Cancel either save or discard the settings you have made. Do not check 'Good' links within NN days - allows you to indicate a number of days within (since the last checking) the program skips 'good' links while checking. Try to check Bad links xx times - allows you to indicate a number of attempts the program will try to check 'Bad' links. Find URLs at all local Harddrives - check this box if you want the program to find URLs at all local hard drives. Enable processing visibility - check this option if you want to see all the details of the analyzing process in the Result window.
Color Theme
The color theme option allows a user to customize the color and appearance of Links Analyzer interface. The following abilities are available when Enable Color Theme option is checked: two color theme and multi color theme. You can customize the color of Links Analyzer Interface as you like as well as enable or disable grid in the Result window.
53
Links Analyzer Main Window

Toolbar New Profile - allows you to clear the program result window without removing the links from your HDD or creates a new profile. Load Profile - allows you to load the saved profile (works in My Links only) Save Profile - allows you to save a profile. You can save a profile only when the analyzing process is stopped (works in My Links only) Collect - allows you to scan the entire HDD for URL files and IE Favorites (works in IE Favorites only) Start - allows you to start analyzing the links. Click the black down arrow and you are able to select the following options: analyze Selected Items, Bad Items, Good Items, New Items, or All Items. Stop - allows you to stop the analyzing process. Note that Links Analyzer needs a few time (specified in Timeout box) to terminate active threads. Visit link! - brings you to the URL you choose. Add to Zip - allows you to save all links to a ZIP file for further use. Settings - allows you to d etermine different settings for the links checking. See Settings Dialog for details. Save - allows you to save results to your HDD. Delete - allows you to delete the URL from your HDD. Clicking the black down arrow, you can select the following optio ns: delete Selected Items or Bad Items. Report - allows you to save analysis results to Paradox, DBase, Text (.CSV), HTML, Excel, SYLK, DIF, Lotus 1-2-3, QuattroPro, MS Access database files as well as MS Windows clipboard. Threads (1-100) This field contains a number of threads. Minimum 1 thread, maximum 100 threads. Faster the speed of checking, more the traffic loads on the network and more operating tasks can be simultaneously performed. Therefore, if you have a Dial-Up connection to the Internet, you should select the number of threads from 1 up to 30, and if you have a fast connection, it is possible to select maximum value of the active tasks and increase the speed of checking. Timeout (minutes) This field indicates the time that Links Analyzer needs to wait for the answer from a web server. I.e. if within the given period the web server did not send any answer, the program will terminate the connection to it and will mark it as connection broken by Timeout.
54
Working with Links Analyzer

The Result Window has two lists: IE Favorites and My Links. The IE Favorites list works with IE favorites and .URL files on your HDD. The results are displayed in a table with the following fields: Name, URL, Created, Last Modified, Full Path. You can sort the listings with a click on the header. To start working with the IE Favorites, click Collect button on the Toolbar. The program will
collect all the links from your harddrive and enter them into the Result window. Now click Start button on the Toolbar to start checking the links. Clicking the black down arrow next to Start button allows you to select the following options: verify Selected Items, Bad Items, Good Items, New Items, or All Items. To manage your own link lists, you can use the My Links tab that is shown as a table with the fields: URL, Last Modified, Last Attempt, Result. To enter any link into the My Links list, type the URL link into the URL field and click Add button. It will appear in the list in the Result window. Or, you can simply l ad your links from a file by clicking o Load List button. The program will automatically add them to the existing list if applicable. To start verifying the links, click Start button on the Toolbar. Clicking the black down arrow next to Start button allows you to select the following options: verify Selected Items, Bad Items, Good Items, New Items, Broken By Timeout or All Items. You can work with different link formats like it is shown below and see if a link is still active or "dead". Example: http://www.dsv.su.se/~p-lundst/internet2/misc/env.cgi http://www.fortunecity.com/skyscraper/cable/607/freeproxy3.htm http://tools.rosinstrument.com/cgi-bin/sps.pl?pattern=;8080;&max=50&nskip=250&file=proxlog.csv To send a link to your default web browser, click Working with Profile (My Links) My Links Profile includes a scan file of all the data that was gathered during the checking process. If you wish to retain your data for further use or continue uncompleted analyzing, it is a good idea to save the Profile. You can save so many profiles as you want and then easily change them. Creating new Profile To create a new profile, click New Profile button on the Toolbar. The program will clear all your data from the Results window. Opening Profile To open a profile, click Load Profile button on the Toolbar and select your file. Visit this URL button on the Toolbar.
55
Saving Profile To save a profile, click Save Profile button on the Toolbar, select the destination and type the name of your profile. You can save a profile only when the analyzing process is stopped. When you click the right mouse button on the string with a particular link, you get the context menu with the following options: Check Link - allows you to start checking the selected link. Find - allows you to find the link by a word or a part of the word. Find Next - allows you to find the next link by a word or a part of the word previously indicated in the Find dialog. Visit this URL - allows you to visit the URL you choose. View Source - allows you to view the source of the selected link. Copy URL to Clipboard - allows you to copy the selected link to clipboard. Paste From Clipboard - allows you to paste links from clipboard to My Links tab. Find Target - allows you to open the folder that contains the original file with the selected link.
56
8. Whois
Whois Overview
Whois is a useful network information utility that allows to get all the available information about IP addresses, host names, location, ISP name, administrator and technical support contact information of any place in the Web. Whois is an information retrieval tool, which you might use to find information about the people or entities responsible for a routing failure, or a particular web site, or perhaps email policies. Whois can find the information about a computer located in any part of the world, intelligently querying the right database and delivering all the related records within a few seconds. If you are not satisfied with the results found in the database, you can force the program to query a specific user-defined whois-server. Whois can save the information to the archive file. You can load the file and add more information to it. This feature allows you to build and maintain your own database of IP addresses and host names. Whois has the capability to cache query results: if the information is in the cache, it is immediately displayed and no connections to whois-servers are required, thus, effectively speeding up any Whois query that has previously been run.
57
Whois Settings
General Settings
Standard Whois Servers Here you can see the default names of whois servers for the different regions of the world. You do not need to change these entries. User defined Whois servers Here you can enter the nam of whois servers that you would like to add. The name you entered will es appear in the drop-down list of Start button. Press OK or Cancel either save or discard the settings you have made.
58

Proxy server is a special program that allows LAN users to work with Internet (when only one machine has the "real" IP address). Please contact your network administrator if you're not sure how you're connected, and how to set appropriate options here. Popular programs such as ICQ work in LAN using Socks5 protocol. You must indicate to the proxy-server a domain in the SMTP settings if you use a proxy-server. Use Socks proxy server - check this box if you would like to use the socks proxy server. Specify your Socks Proxy Server - check the appropriate box to specify your socks proxy server. The program supports SOCKS 4, 4A and 5 Proxy server. Address: A proxy-server address. proxyserver.isp.com, 127.0.0.1. It may be either domain or IP-address. Examples:
Port: Usually, it is 1080. Don't confuse Socks proxy with http and ftp proxies, which are on 3128 (8080) and 3121 ports by default. AATools doesn't work through http or ftp proxies. Use authentication (RFC 1929) The server requires authentication, i.e. requires user login and password. In most Socks5 realizations, the login and password are transferred as a plain text, as described in RFC 1929 document. Login: The name (login) of Socks proxy server user. Password: The password for Socks proxy server user.
Whois Main Window

Toolbar Clear Cache - allows you to clear the program cache. Load Cache - allows you to load the information from the internal program cache. Start - allows you to start querying a Whois server. By clicking the black down arrow near the Start button, you can choose either the standard whois server or a whois server defined by user. Stop - allows you to stop the query process. Undo - undo the last operation. Settings - allows you to determine different settings for Whois. Report - allows you to save obtained information to any HTML file.
59
Working with Whois

To start working with Whois, type in or paste an IP address, hostname, or domain name and click Start to see the results. An example of an IP address query is shown below: 154.123.54.23 A domain name query: microsoft.com An IP address is a unique number that identifies a computer on the Internet. You may want to find out who is the real sender of an e-mail message, or who is attacking your computer. A hostname is just an easy-to-remember name corresponding to an IP address. For example, www.microsoft.com is the name for the IP address 207.46.230.219. A Whois query for www.microsoft.com and 207.46.230.219 returns exactly the same information. Domains are different from hostnames and IP addresses. A domain is a network name registered to someone. Domain queries provide information about the owner of a domain name. For example, if you want to purchase the mystore.com domain name to make a web site about store, you may want to contact the current owner of this domain to discuss the deal. To receive the information about the domain name owner you have to make a domain query. When you click the right mouse button on a particular string with the IP address, you will get the context menu with the following options: Query again - allows you to query a Whois server about the selected IP address again Copy to Clipboard - allows you to copy to clipboard either Host IP or Host Name from the selected string Delete - allows you to delete the selec ted string Example: [Enter "www.anything.com" and click Start] Results: in the left window you can see the resolving address/IP and in the right window - all the information about that host, as the example below indicates: Registrant: Anything Company , Inc. (SCSTDNEINC-DOM) PO Box 987654321, Any town, WA 99999-9999 US Domain Name: ANYTHING.COM Administrative Contact: Doe, John (JD99999) john.doe@ ANYTHING.COM 111-999-9999 (FAX) 111-999-9888 Technical Contact, Zone Contact: ANYWHERE HOST MASTER (HC12345678-ORG) hostmaster@ANYWHERE.COM 777-777-77777 Fax- 777-666-9996 Billing Contact:
Doe, John (JD11111) john.doe@ANYWHERE.COM 111-999-9999 (FAX) 1113-999-6666 Record last updated on 27-Jul-99. Record created on 15-Jun-96. Database last updated on 26-May-20008 06:34:47 EDT. Domain servers in listed order: NS1.SOMETHING.COM 10.1.2.3 NS2.SOMETHING.COM 10.1.2.4
61
9. Network Monitor
Network Monitor Overview

Network Monitor shows you an extremely large amount of supplementary information about your outbound and inbound network connections, additionally, AATools Network Monitor maps open ports to the owning application (for Windows NT/2000/XP only); the TCP/IP, UDP and ICM Protocols statistics on the local computer; information for a particular IP address; information that describes a particular IP network route to a particular destination; information about a particular network adapter on the local computer; physical characteristics of all network adapters; the mapping of IP addresses to physical (MAC) addresses and much more. Network Monitor is useful in diagnosing networks and monitoring your computer's network connections.
Network Monitor Settings

General Settings
Autorefresh - allows you to switch on/off automatic refreshing of the active list. Interval (sec.) - allows you to set in seconds the auto-refresh intervals for Network Monitor if autorefreshing is on. Resolve remote Host Name - check this box if you want the program to perform reverse DNS lookups of the IP addresses. If you uncheck it, the Remote Host name column in Connections will be blank.
Color Theme
The color theme option allows a user to customize the color and appearance of Network Monitor interface. When Enable Color Theme option is checked, two-color theme is available. So, you can customize the color of N etwork Monitor interface as you like as well as enable or disable grid in the Result window.
62
Connections
Connections table displays the list of your computer's outbound and inbound network connections, as well as TCP or UDP ports in use, IP addresses of both parts (the local IP and the remote IP), and connection states. Today there is no program, either antivirus or antitrojan, which can detect unknown trojan horses. To secure your network, you may need to lock down applications that aren't required, b to do this ut effectively you first have to know what ports are available and what application is responsible for them. AATools Network Monitor will report on all of the processes exposing themselves to potential exploitation. Network Monitor displays the services that are active on the ports, and maps the ports to their respective applications. (This feature is available under Windows NT/2000/XP only and you MUST have administrative privileges.) Extremely useful while monitoring unwanted connections, investigating suspected trojans, viruses, and backdoors. For example, if you find probes directly against ports normally not used, it may be someone trying to connect to a trojan inside your network. The results are shown as a table with the following columns - Protocol (TCP or UDP), Local IP (shows your address in the LAN if applicable), Local Port (which is used for the present connection), Remote IP (IP address of the computer connected to you via LAN - if applicable), Remote Host Name (shows the resolved host name), Remote Port (which is used for the present connection), State. The following three columns will be shown on the Windows NT/2000/XP only: PID, Process, Path. You can have your information in the realtime. For this purpose you only need to specify the auto refresh period in ms, or manually refresh connections list by clicking the appropriate button. Protocol column shows the name of the protocol used by the connection, which can be either TCP (Transmission Control Protocol) or UDP (User Datagram Protocol). TCP connections are transient; they cease existing when (or soon after) the connection makes the transition to the closed state. Local IP column shows the local IP address and the Local Port column shows the local port for the TCP connection or UDP listener. The value 0.0.0.0 is used for the local IP address. Remote IP column shows the remote IP address and the Remote Port column shows the remote port associated with the TCP connection or UDP listener. A connection progresses through a series of states during its lifetime. The states are: LISTEN, SYNSENT, SYN-RECEIVED, ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK, TIME-WAIT, and the fictional state CLOSED. CLOSED is fictional because it represents the state when there is no TCB, and therefore, no connection.
63
Status column shows connection states. Briefly, the meanings of the states are: LISTEN SYN-SENT SYN-RECEIVED ESTABLISHED FIN- WAIT-1 represents waiting for a connection request from any remote TCP and port. represents waiting for a matching connection request after having sent a connection request. represents waiting for a confirming connection request acknowledgment after having both received and sent a connection request. represents an open connection, received data can be delivered to the user. The normal state for the data transfer phase of the connection. represents waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent. represents waiting for a connection termination request from the remote TCP. represents waiting for a connection termination request from the local user. This may indicate that the server still keeps the socket open. represents waiting for a connection termination request acknowledgment from the remote TCP. represents waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request). represents waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request. (Connection can stay in TIME_WAIT for a maximum of four minutes.) represents no connection state at all.
FIN- WAIT-2 CLOSE- WAIT CLOSING LAST-ACK
TIME- WAIT
CLOSED
64
Statistics
Network Monitor Statistics provides information about various kinds of packet/connection statistics information network protocols such as Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet Protocol (IP) and Internet Control Message Protocol (ICMP) that are used on the local computer. Provided information is useful for the network administration of the local computer. Network Monitor Statistics contains the following tables: IP Statistics, UDP Statistics, TCP Statistics and ICMP Statistics. IP Statistics Table contains information about the IP protocol running on a particular computer. The results are shown as a table with the following columns: Parameter and Value. Parameter column describes the next information about the IP Protocol. Forwarding Specifies whether IP forwarding is enabled or disabled. DefaultTTL Specifies the default initial time to live (TTL) for datagrams originating on a particular computer. Datagrams Received Shows the number of datagrams received. Header Errors (In) Shows the number of datagrams received that have header errors. Datagrams Received Header Errors is the number of input datagrams discarded due to errors in their IP headers, including bad checksums, version number mismatch, other format errors, time -to-live exceeded, errors discovered in processing their IP options, etc. Address Errors (In) Specifies the number of datagrams received that have address errors. These datagrams are discarded because the IP address in their IP header's destination field was not a valid address to be received at this entity. This count includes invalid addresses (for example, 0.0.0.0) and addresses of unsupported Classes (for example, Class E). Datagrams Forwarded Specifies the number of datagrams forwarded. Unknown Protocols (In) Specifies the number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol. Datagrams Discarded (In) Specifies the number of input IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (for example, for lack of buffer space). This counter does not include any datagrams discarded while awaiting reassembly. Datagrams Delivered Specifies the number of received datagrams delivered.
65
Requests Out Specifies the number of outgoing datagrams that IP is requested to transmit. This number does not include forwarded datagrams. Routing Discarded Specifies the number of outgoing datagrams discarded. Datagrams Discarded (Out) Specifies the number of transmitted datagrams discarded. These are datagrams for which no problems were encountered to prevent their transmission to their destination, but which were discarded (for example, for lack of buffer space.) This counter would include datagrams counted in Datagrams Forwarded if any such packets met this (discretionary) discard criterion. No Routes (Out) Specifies the number of datagrams for which no route could be found to transmit them to the destination IP address. These datagrams were discarded. This counter includes any packets counted in Datagrams Forwarded that meet this "no route" criterion. Reassemble Timeouts Specifies the amount of time allowed for all pieces of a fragmented datagram to arrive. If all pieces do not arrive within this time, the datagram is discarded. Reassemble Requests Specifies the number of datagrams that require reassembly. Successful Reassemblies Specifies the number of datagrams that were successfully reassembled. Failed Reassemblies Specifies the number of datagrams that cannot be reassembled. Successful Fragmentation Specifies the number of datagrams that were fragmented successfully. Failed Fragmentation Specifies the number of datagrams that need to be fragmented but couldn't be because the IP header specifies no fragmentation, for example, because their "Don't Fragment" flag was set. These datagrams are discarded. Datagrams Fragmented Specifies the number of fragments created. Number of Interfaces Specifies the number of interfaces. Number of IP Addresses Specifies the number of IP addresses associated with this computer. Routes in Routing Table Specifies the number of routes in the IP routing table.
66
UDP StatisticsTable shows the User Datagram Protocol (UDP) statistics for the local computer. The results are shown as a table with the following columns: Parameter and Value. Parameter column describes the next information about the UDP Protocol. Datagrams (In) Specifies the number of datagrams received. Datagrams (Out) Specifies the number of datagrams transmitted. No Ports Specifies the number of received datagrams that were discarded because the specified port was invalid. Errors (In) Specifies the number of erroneous datagrams that were received. Datagrams Received Errors is the number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port. UDP Listen Ports Specifies the number of entries in the UDP listener table. TCP StatisticsTable shows the Transmission Control Protocol (TCP) statistics for the local computer. The results are shown as a table with the following columns: Parameter and Value. Parameter column describes the next information about the TCP Protocol. Retransmission Algorithm Specifies the retransmission time-out (RTO) algorithm in use. Retransmission Algorithm can have one of the following values.
CONSTANT RSRE VANJ OTHER
Constant Time-out MIL-STD-1778 Appendix B Van Jacobson's Algorithm Other
Minimum timeout (ms) Specifies the minimum retransmission time -out value in milliseconds. Maximum timeout (ms) Specifies the maximum retransmission time -out value in milliseconds. Maximum Pend. Connections Specifies the maximum number of connections. If it is -1, the maximum number of connections is dynamic. Active Opens Specifies the number of active opens. In an active open, the client is initiating a connection with the server.
Passive Opens Specifies the number of passive opens. In a passive open, the server is listening for a connection request from a client. Failed Open Attempts Specifies the number of failed connection attempts. Established connections Reset Specifies the number of established connections that have been reset. Current Established Connection Specifies the number of currently established connections. Segments received Specifies the number of segments received. Segments sent Specifies the number of segments transmitted. This number does not include retransmitted segments. Segments Retransmitted Specifies the number of segments retransmitted. Incoming Errors Specifies the number of errors received. Outgoing Resets Specifies the number of segments transmitted with the reset flag set. Cumulative Connections Specifies the cumulative number of connections. ICMP StatisticsTable shows the statistics for both incoming (IN) and outgoing (OUT) Internet Control Message Protocol (ICMP) messages on a particula r computer. The results are shown as a table with the following columns: Parameter, IN and OUT. Parameter column describes the next information about the ICMP Protocol. Mesages received Specifies the number of messages received or sent. Errors Specifies the number of errors received or sent. Destination Unreachable Specifies the number of destination-unreachable messages received or sent. A destinationunreachable message is sent to the originating computer when a datagram fails to reach its intended destination. Time Exceeded Specifies the number of time-to-live (TTL) exceeded messages received or sent. A time-to-live
exceeded message is sent to the originating computer when a datagram is discarded because the number of routers it has passed through exceeds its time -to-live value. Parameter Problems Specifies the number of parameter-problem messages received or sent. A parameter-problem message is sent to the originating computer when a router or host detects an error in a datagram's IP header. Source Quench Specifies the number of source quench messages received or sent. A source quench request is sent to a computer to request that it reduces its rate of packet transmission. Redirects Specifies the number of redirect messages received or sent. A re direct message is sent to the originating computer when a better route is discovered for a datagram sent by that computer. Echo Requests Specifies the number of echo requests received or sent. An echo request causes the receiving computer to send an echo reply message back to the originating computer. Echo Replies Specifies the number of echo replies received or sent. A computer sends an echo reply in response to receiving an echo request message. Timestamp requests Specifies the number of time -stamp requests received or sent. A time -stamp request causes the receiving computer to send a time -stamp reply back to the originating computer. Timestamp replies Specifies the number of time-stamp replies received or sent. A computer sends a time-stamp reply in response to receiving a time -stamp request. Routers can use time -stamp requests and replies to measure the transmission speed of datagrams on a network. Address Mask Requests Specifies the number of address mask requests received or sent. A computer sends an address mask request to determine the number of bits in the subnet mask for its local subnet. Address Mask Replies Specifies the number of address mask responses received or sent. A computer sends an address mask response in response to an address mask request.
69
IP Address Table
IP Address Table shows information about a particular IP address. The results are shown as a table with the following columns - Index (shows the index of the interface associated with this IP address), IP Address (shows the IP address), Subnet Mask (shows the subnet mask for the IP address), Broadcast Address (shows the broadcast address. A broadcast address is typically the IP address with the host portion set to either all zeros or all ones), Reassembly Size (shows the maximu m reassembly size for received datagrams).
IP Routing Table
IP Routing So how does an IP packet addressed to a computer on the other side of the world find its way to its destination? The basic mechanism is very simple. On a LAN, every host can see every packet that is sent by any other host on that LAN. Normally, it will only do something with that packet if it is addressed to itself, or if the destination is a broadcast address. A router is different. A router examines every packet, and compares the destination address to a table of addresses that it holds in memory. If it finds an exact match, it forwards the packet to an address associated with that entry in the table. This associated address may be the address of another network in a point-to-point link, or it may be the address of the next -hop router. If the router doesn't find a match, it runs through the table again, this time looking for a match on just the network ID part of the address. Again, if a match is found, the packet is sent to the address associated with that entry. If a match is still not found, the router looks if a default next - hop address is present. If so, the packet is sent there. If no default address is present, the router sends an ICMP "host unreachable" or "network unreachable" message back to the sender. If you see this message, it usually indicates a router failure at some point in the network. The difficult part of a router's job is not how it routes packets, but how it builds up its table. In the simplest case, the router table is static: it is read in from a file at startup. This is adequate for simple networks. You don't even need a dedicated piece of kit for this, because routing functionality is built into IP. Dynamic routing is more complicated. A router builds up its table by broadcasting ICMP router solicitation messages, to which other routers respond. Routing protocols are used to discover the shortest path to a location. Routes are updated periodically in response to traffic conditions and availability of a route. IP Routing Table contains information that describes a particular IP network route to a particular destination, under a particular policy. The results are shown as a table with the following columns If.Index Specifies the index of the interface for this route. This value identifies the local interface that the next hop of this route should be reached through. Forward Destination IP Specifies the IP address of the destination host. An entry with a value of 0.0.0.0 is considered as a default route.
70
Subnet Mask Specifies the subnet mask of the destination host, indicates the mask to be logical-ANDed with the destination address before being compared to the value in the Forward Destination IP field. Forward Policy Specifies the set of conditions that would cause the selection of a multi-path route. IP TOS format is typically used. For more information, see RFC 1354. Next Hop IP Specifies the IP address of the next hop in the route. On remote routes, the address of the next system en route; Otherwise, 0.0.0.0. Route Type Specifies the route type. Possible values are:
REMOTE LOCAL INVALID OTHER
The next hop is not the final destination (remote route). The next hop is the final destination (local route). The route is invalid (logically deleted). Not specified by this MIB.
Note that LOCAL refers to a route for which the next hop is the final, REMOTE refers to a route for which the next hop is not the final destination. Setting this object to the value INVALID has the effect of invalidating the corresponding entry in the ipForwardTable object. That is, it effectively disassociates the destination identified with said entry from the route identified with said entry. It is an implementation-specific matter as to whether the agent removes an invalidated entry from the table. Accordingly, management stations must be prepared to receive tabular information from agents that corresponds to entries not currently in use. Proper interpretation of such entries requires examination of the relevant ipForwardType object. Forward Protocol Specifies the protocol that generated the route - the routing mechanism via which this route was learned. Inclusion of values for gateway routing protocols is not intended to imply that hosts should support those protocols. Below is a list of possible protocols (The following routing protocols are associated with the IP transport). Protocol OTHER LOCAL NETMGMT ICMP Description Protocol not listed here. Routes generated by the stack (local interface). Routes added by "route add" or through SNMP (static route). Routes from ICMP redirects (result of ICMP Redirect).
71
The following are all dynamic routing protocols EGP GGP HELLO RIP IS_IS ES_IS CISCO BBN OSPF BGP BOOTP NT_AUTOSTATIC NT_STATIC Exterior Gateway Protocol. Gateway-Gateway Protocol. HELLO routing protocol (FuzzBall HelloSpeak). Routing Informaton Protocol (Berkeley RIP or RIP-II). Dual IS-IS. ISO 9542. Cisco IGRP. BBN SPF IGP. Open Shortest Path First routing protocol. Border Gateway Protocol. Bootstrap Protocol. Routes that were originally generated by a routing protocol, but which are now static. Routes that were added from the routing user interface, or by "routemon ip add".
NT_STATIC_NON_DOD Identical to NET_STATIC, except these routes do not cause Dial On Demand (DOD). Routes with a protocol identifier of LOCAL include: The loopback route The subnet route All networks broadcast route for subnetted interfaces All "1"s broadcast route Local multicast route Route to remote end of a PPP link Age (sec) Specifies the age of the route in seconds - the number of seconds since this route has been last updated or otherwise determined to be correct. Note that no semantics of 'too old' can be implied except through knowledge of the routing protocol by which the route was learned. Hop Number Autonomous System Number of the Next Hop. When this is unknown or not relevant to the protocol indicated by Forward Protocol, then the hop number is zero. Forward Metric 1 - Specifies a primary routing-protocol-specific metric value for this route. The semantics of this metric are determined by the routing-protocol. 2-5 (alternate) - an alternate routing metric for this route. The semantics of this metric are determined by the routing-protocol.
Adapter/IF Info
Adapter Info table contains information about a particular network adapter on the local computer. The results are shown as a table with the following columns: Index Shows the adapter index. Type Shows the adapter type. Description Shows a description for the adapter. MAC Address Shows the hardware address for the adapter. DHCP Shows whether dynamic host configuration protocol (DHCP) is enabled for this adapter. IP Address Shows the current IP address for this adapter. Gateway IP Shows the IP address of the default gateway for this adapter. DHCP IP Shows the IP address of the DHCP server for this adapter. WINS Shows whether this adapter uses Windows Internet Name Service (WINS). Primary WINS Server Shows the IP address of the primary WINS server. Secondary WINS Server Shows the IP address of the secondary WINS server. Interface (IF) Info Table shows all network adapters physical characteristics on the local computer (information about a particular interface). The results are shown as a table with the following columns: Index of Interface Shows the index that identifies the interface. Type of Interface Shows the type of interface. Max Transmission Unit Shows the Maximum Transmission Unit (MTU).
Speed of Interface Shows the speed of the interface in bits per second. Physical Address of Adapter Shows the length of the physical address. Administrative Status Shows whether the interface is administratively enabled or disabled. Operational Status Shows the operational status of the interface. The following values NON_OPERATIONAL, UNREACHABLE, DISCONNECTED, CONNECTING, OPERATIONAL. Bytes Received Shows the number of octets of data received through this interface. Unicast Packets Received Shows the number of unicast packets received through this interface. Non Unicast Packets Received Shows the number of non-unicast packets received through this interface. Broadcast and multicast packets are included. Received packets discarded Shows the number of incoming packets that were discarded even though they did not have errors. Erroneous packets received Shows the number of incoming packets that were discarded because of errors. Unknown Protocol packets received Shows the number of incoming packets that were discarded because the protocol was unknown. Bytes Sent Shows the number of octets of data sent through this interface. Unicast Packets sent Shows the number of unicast packets sent through this interface. Non Unicast Packets sent Shows the number of non-unicast packets sent through this interface. Broadcast and multicast packets are included. Outgoing packets discarded Shows the number of outgoing packets that were discarded even though they did not have errors. Erroneous packets sent Shows the number of outgoing packets that were discarded because of errors.
are available: CONNECTED,
Output Queue Length Shows the output queue length.
ARP Table
How to figure out what Ethernet address to use when you want to talk to a given Internet address? In fact, there is a separate protocol for this, called ARP ("address resolution protocol"). (Note by the way that ARP is not an IP protocol. That is, the ARP datagrams do not have IP headers.) Suppose you are on system 128.6.4.194 and you want to connect to system 128.6.4.7. Your system will first verify that 128.6.4.7 is on the same network, so it can talk directly via Ethernet. Then it will look up 128.6.4.7 in its ARP table to see if it already knows the Ethernet address. If so, it will stick on an Ethernet header, and send the packet. But suppose this system is not in the ARP table. There is no way to send the packet, because you need the Ethernet address. So it uses the ARP protocol to send an ARP request. Essentially an ARP request says, "I need the Ethernet address for 128.6.4.7". Every system listens to ARP requests. When a system sees an ARP request for itself, it is required to respond. So 128.6.4.7 will see the request, and will respond with an ARP reply saying in effect "128.6.4.7 is 8:0:20:1:56:34". (Recall that Ethernet addresses are 48 bits. These are 6 octet s. Ethernet addresses are conventionally shown in hex, using the punctuation shown.) Your system will save this information in its ARP table, so future packets will go directly. Most systems treat the ARP table as a cache, and clear entries in it if they have not been used in a certain period of time. Note that ARP requests must be sent as "broadcasts". There is no way to send an ARP request directly to the right system. After all, the whole reason for sending an ARP request is that you don't know the Ethernet address. So an Ethernet address of all ones is used, i.e. ff:ff:ff:ff:ff:ff. By convention, every machine on the Ethernet is required to pay attention to packets with this as an address. So every system sees every ARP requests. They all look whether the request is for their own address. If so, they respond. If not, they could just ignore it. (Some hosts will use ARP requests to update their knowledge about other hosts on the network, even if the request isn't for them.) Note that packets whose IP address indicates broadcast (e.g. 255.255.255.255 or 128.6.4.255) are also sent with an Ethernet address. Address Resolution Protocol (ARP) table contains the mapping of IP addresses to physical addresses. Physical addresses are sometimes referred to as Media Access Controller (MAC) addresses. The results are shown as a table with the following columns Index Specifies the index of the adapter. MAC Address Specifies the physical address. IP Address Specifies the IP address. Type Specifies the type of ARP entry. This type can have one of the following values: Static, Dynamic, Invalid, and Other.
75
Network Info table contains network parameters for the local computer. The results are shown as a table with the following columns Host Name Specifies the host name for the local computer. Domain Specifies the domain in which the local computer is registered. ScopeId Specifies the DHCP scope name. NetBios Node Type Specifies whether the local computer uses dynamic host configuration protocol (DHCP). Routing Specifies whether routing is enabled on the local computer. Proxy Specifies whether the local computer is acting as an ARP proxy. DNS Specifies whether DNS is enabled on the local computer. Current DNS Server Specifies the current DNS server. DNS Server List Specifies the set of DNS servers used by the local computer.
76
10. Process Monitor
Working with Process Monitor

Process Monitor is a tool that displays the list of processes (applications and services) currently running on your computer. Process Monitor is a useful tool for identifying hidden applications, killing running processes, and managing the usage of your PCs resources more effectively. Toolbar Refresh - allows you to refresh information about the processes running on your PC. Terminate Process - allows you to terminate the selected process. Be careful when ending a process. If you end an application, you will lose unsaved data. If you end a system service, some part of the system may not function properly. Settings - allows you to determine different setting for Process Monitor. View Module Resources - allows you to view any windows executable or resource file. Report - allows you to save a HTML report. Main window of Process Monitor contains 4 tables: Processes, Modules, Drivers and Services (only on Windows NT/2000/XP). Processes Shows all the processes currently running on your PC. Processes frame is present as a table with the following columns: Process (shows the process name), PID (shows the unique process ID), Modules (shows the number of modules used by the selected process), File version (shows the file version of the running process), Path (shows the full path to the programs executable file), Company (shows the name of the file manufacturer), Copyright, Description (displays a short description of the running process). When you click the right mouse button on the string with a particular link, you get the context menu with the following options: Refresh - allows you to refresh the list. Find Target - allows you to open the folder that contains the original file.
77
View Module Resource - allows you to view the resource of the selected module. Terminate Process - allows you to terminate the selected process. Be careful when ending a process. If you end an application, you will lose unsaved data. If you end a system service, some part of the system may not function properly. Set Process Priority - allows you to change the priority of the running process. You can select the following options: Realtime, High, Normal, Idle. Modules Shows all the modules used by the selected process. Modules frame is present as a table with the following columns: Modules (shows the name of the selected module), File version (shows the file version of the running process), Path (shows the full path to the selected module), Company (shows the name of the module manufacturer), Copyright, and Description. If a selected process has no modules, this frame is not available. When you click the right mouse button on the string with a particular module, you get the context menu with the following options: View Module Resource - allows you to display comprehensive information about a module resources including dialogs, icons, strings, etc. Find Target - allows you to open the folder than contains the service binary file. Drivers Shows all the drivers on your computer. The Drivers frame is present as a table with the following columns: Driver (shows the name of the appropriate driver), ID (shows the unique ID of the appropriate driver), File version (shows the file version of the specific driver), Path (shows the full path to the appropriate driver), Company (shows the name of the file manufacturer), Copyright, Description (displays a short description of the specific driver). Services Using Services, you can start, stop, pause, or resume services on remote and local computers, and configure Startup and Recovery options. You can also enable or disable services for a particular hardware profile. Services frame is present as a table with the following columns: Name - shows the name of the appropriate service. Path - shows a fully qualified path to the service binary file. Status - shows the status of the appropriate service: started or stopped. When the service is stopped the appropriate field is blank. Startup Type - shows when to start the service. AUTO START - specifies a device driver or service started by the service control manager automatically during system startup, BOOT START - specifies a device driver started by the system loader, DEMAND START - specifies a device driver or service started by the service control manager, DISABLED - specifies a device driver or service that can no longer be started, SYSTEM START - specifies a device driver started by the IoInitSystem function. Log On As - shows the name of the ordering group this service is a member of.
78
Dependencies - shows names of services or load ordering groups that must start before this service. Dependency on a service means that this service can only run if the service it depends on is running. Dependency on a group means that this service can run if at least one member of the group is running after an attempt to start all members of the group. Description - simply a comment that explains the service purpose. When you click the right mouse button on the string with a particular service, you get the context menu with the following options: Stop Service - allows you to stop the selected service. Start Service - allows you to start the selected service. Find Target - allows you to open the folder that contains the service binary file.
Process Monitor Settings

Color Theme
The color theme option allows a user to customize the color and appearance of Process Monitor interface. When Enable Color Theme option is checked, two-color theme is available. So, you can customize the color of Process Monitor Interface as you like as well as enable or disable grid in the Result window.
79
11. System Info
System Information collects and displays your system configuration information. You can find out what is in your PC, and how it functions. It's a valuable help during installation of new hardware and software, tracing problems, and optimizing your computer. Support technicians require specific information about your computer when they are troubleshooting your configuration. You can use System Information to quickly find the data they need to resolve your system problem. AATools System Info module delivers the most detailed information about your PC: the operating system installed, CPU, memory, display, drives and media, engines, printers, devices, network adaptors and addresses and Advanced Power management system. You can refresh the information manually and print it.
80
12. Resource Viewer
Resource Viewer is intended for viewing the resources of executable files (with the extension .exe and .dll). It displays comprehensive information about program resources including dialogs, icons, strings and more, allows you to open any windows executable or resource file and gain access to the Windows resources that it contains. Resource Viewer can also be used to save resources of any selected modules on your hard disk. Toolbar Open File - allows you to open any windows executable or resource file. Save - allows you to save resources of any selected modules on your hard disk (available only in the registered version). Resource types are displayed in a tree view control. By clicking the mouse on the appropriate node you will have more detailed information displayed in the right hand pane. The report style will vary depending on the node selected in the tree view control. You may extract and save a resource. To save resources, select the appropriate toolbar button. The information displayed in the right hand pane will be saved in the appropriate format. Note that resources often represent copyrighted data, extraction and use of these resources may violate this copyright.
81
13. Registry Cleaner
Registry Cleaner Overview

The registry is a large database that is used by Windows and other applications for storage of hardware and software configurations. During the work it often happens that some data is deleted from the disk but this information is not cleared from the files of the registry. When you install, uninstall, and reinstall programs on your computer, registry keys are created, modified, or deleted. Over time, your computer registry may begin to contain corrupted, unused, and unnecessary registry keys, especially if keys are not removed when you uninstall a program. As a result the registry occupies more space than it's necessary and usage of data from the registry becomes less effective. AATools Registry Cleaner is designed to clean up unnecessary registry entries in your registry. AATools Registry Cleaner scans the registry and finds references that lead to "nowhere". While checking, it is assumed that a wrong reference is one that refers to a nonexistent file or disk catalogue. After scanning, if such references are identified, they are put in the list of invalid references. Before deleting the reference the utility creates the undo file that is put into the Backup. You can simply restore your Registry contents to its previous state or restore your Registry entries one-by-one. AATools Registry Cleaner shows you a list of software that is registered under Run, RunOnce, RunOnceEx and RunService registry keys. So, you can see what programs are started behind your back. You should check these programs to see they are legitimate but no the Trojans programs. Using AATools Registry Cleaner increases your computer performance, speeds up the loading of operation system and reduces the number of failures. Plus, AATools Registry Cleaner has the following features: When the scanning process is finished, the list of invalid references that had been found is formed. Allows you to remove invalid registry entries. Allows you to remove registry entries of start up programs. Semi-automatic (AATools Registry Cleaner will remove the selected Registry entries). Automatic backup.
82
Working with Registry Cleaner

Toolbar Begin Scanning - allows you to begin scanning the Registry. You can select the ROOT_KEY (HKEY_LOCAL_MACHINE, HKEY_CURRENT_USER, HKEY_USERS) and Invalid shared DLL's for searching the invalid entries. If the changes happen mainly in one of the ROOT_KEY, you can scan only the appropriate ROOT_KEY to speed up the scanning. Stop Scanning - allows you to stop the scanning process. Delete - allows you to delete all or selected invalid Registry entries. You can restore your Registry contents to its previous state or restore your Registry entries one-by-one from the Backup Tab. Restore - allows you to restore your Registry contents to its previous state from the Backup Tab. Show/Edit Exclusion List - allows you to view and edit the Exclusion List. Invalid Entries Shows the list of the invalid entries that had been found during the scanning. The list contains the following columns: Registry Key, Key Name, Key Value, Key Date. The program indicates the amount of processed Registry keys as well as the count of the invalid Registry entries. If you select the appropriate Registry key from the list, its parameters will be shown below. By clicking the right mouse button you can bring up the popup menu with the options: Clear Selected, Select All, Invert Selection, Deselect All, Copy to Clipborad. High Speed checkbox is applied for the fast searching of invalid entries in the registries (in this rate the program will fully use the resources of the processor). If you do not want to enable entirely your computer resources, click Low CPU Usage checkbox. In this rate the searching of invalid entries runs slower but the program takes 4 to 15% of the CPU usage only. To protect some registry keys that cannot be removed, you may use the Exclusion List. To add registry entries to the Exclusion List, click the right mouse button on the desired key and select Add to Exclusion List menu item from the popup menu. To edit the Exclusion List, click Exclusion List button on the Toolbar. Startup Shows you the list of software that is registered under the Run and RunServices registry keys. There you can see programs that are automatically started when Windows starts. Note: You should check these programs to see they are legitimate programs but not Trojans. You can also remove the programs that are started behind your back and can dramatically decrease your computer performance. To select software that will not be loaded when the Windows starts, just check the appropriate box. AATools Registry Cleaner automatically removes the appropriate registry entries created by those
Edit
programs. To refresh the Startup information with the actual data, click the right mouse button and select Refresh. Or, just press F5 button on the keyboard. Uninstall Here are listed all the programs that are available for de-installation through Windows. You can also access this list from the Control Panel - > Add/Remove programs. The main idea behind this feature is that you can remove useless uninstalls from the Add/Remove programs list. For example, if you have deleted some programs rather than really uninstalling them, the uninstall stuff is still in that Add/Remove programs list. So, with AATools Registry Cleaner you can remove it from the Add/Remove programs list by selecting a program you want to delete and clicking Delete button on the Toolbar. This option is also available from the popup menu by clicking the right mouse button. You can also uninstall programs with Uninstall button on the Toolbar. To refresh the Uninstall information with the actual data, click the right mouse button and select Refresh. Or, just press F5 button on the keyboard. Backup Displays the deleted invalid entries organized into a tree with two nodes corresponding to Data and Time when the appropriate invalid registry entries were moved to the Backup file. If you select the Data node, all the entries that were saved during the day will be restored. The same thing happens when you select the Time node (the entries that have been saved at the fixed time will be restored). If you select the single key, only the selected entry will be restored. By clicking the right mouse button you can bring up the popup menu with the options: Restore, Expand All, Collapse All, Find, Find Next, Delete From Backup Folder. To find deleted invalid entries in the Backup folder, point to the Find option from the popup menu. Type the word(s) you want to find in the search field and click the Find Next button. Restore option will be also available by clicking the mouse on the appropriate button from the menu.
84

Advanced Administrative Tools Software Manual

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Advanced Administrative Tools Software Manual

Caricato da

Copyright:

Formati disponibili

Reference Guide

Advanced Administrative Tools

10. PROCESS MONITOR

11. SYSTEM INFO ...................................................................................................... 80

12. RESOURCE VIEWER ............................................................................................. 81 13. REGISTRY CLEANER

Port Scanner Settings

Socks Proxy Settings

Port Scanner Main Window

Working with Port Scanner

TCP port (service) on the tested machine.

Working with Profile

Working with Policies

Working with Port Sets

How to Specify Tasks for Scanning

Proxy Analyzer Overview

Proxy Analyzer Settings

Socks Analyzer Settings

Proxy Rating Settings

Environment Variable Scripts

Proxy Analyzer Main Window

Working with Proxy Analyzer

Working With Exclusion List

Working with Profile

Saving HTTP Proxy

Saving Socks Proxy

RBL Locator Overview

RBL Locator Settings

RBL Locator Main Window

Working with RBL Locator

TraceRoute/Ping Main Window

Working with TraceRoute/Ping

E-mail Verifier Settings

Socks Proxy Settings

E-mail Verifier Main Window

Working with E-mail Verifier

Working with Profile

Links Analyzer Overview

Links Analyzer Settings

Links Analyzer Main Window

Working with Links Analyzer

Socks Proxy Settings

Whois Main Window

Working with Whois

Network Monitor Overview

Network Monitor Settings

FIN- WAIT-2 CLOSE- WAIT CLOSING LAST-ACK

CONSTANT RSRE VANJ OTHER

Constant Time-out MIL-STD-1778 Appendix B Van Jacobson's Algorithm Other

REMOTE LOCAL INVALID OTHER

are available: CONNECTED,

Output Queue Length Shows the output queue length.

10. Process Monitor

Working with Process Monitor

Process Monitor Settings

11. System Info

12. Resource Viewer

13. Registry Cleaner

Registry Cleaner Overview

Working with Registry Cleaner

Potrebbero piacerti anche