Avidity Software

I had been wondering if the TCP connection throttling that I mentioned here would have an effect on my current scanning code. Since any probe packets that I'm sending are sneaking by the kernel without it's knowledge, I had a hunch that it would no longer be a concern because without the kernel knowing about the packets, it can't throttle them.

I tested this the other day and it turns out that my hunch was correct! What does this mean for future Yavar users? It means that you won't have to install the "patch" to be able to scan more than 10 hosts. On the other hand, you will need to have WinPCap, (or LibPCap for Linux and other superior OSs), installed to use this functionality, but come on, what hardcore administrator doesn't already have this installed? ;) Seriously though, this is a much better trade off since you don't have to "patch" your TCPIP.sys file with a utility that you may not trust. At this point you may be wondering how you can trust WinPCap or LibPCap. Well, they're open source. Download them, audit them, and compile them yourself if you're concerned about what they may be doing on your system. :)

A while back I'd noticed that if I had VMWare installed on my PC, VNCAdmin scans would take forever. Shortly after that, I realized that if I disabled the two network interfaces that VMWare installs, the scan speed went back to normal. This bothered me, but I assumed that it was just an isolated issue on my machine. However, I asked around and tested on other machines and found that it wasn't just an isolated issue.

Well, after a year or two of wondering, I've finally figured out what the issue is. It has to do with using the gethostbyaddr() function for retrieving hostnames when all you have is an IP address. This function will use several different methods of finding the hostname if it needs to before giving up, (I forget in which order it does these, or even what all the methods are :) ). At some point, this function will try sending NetBIOS name requests to the remote PC. The issue here is that it sends NetBIOS requests on each network interface that is defined on your host. So we're doing a lot more work, for the same result, (If you wonder how I know this, it's because I've sniffed the network traffic that the function generates). However, these VMWare interfaces are configured with 192.168.0.0/24 addresses, so they may not even be communicating with your network. I would assume that this would cause gethostbyaddr() to wait for responses on those interfaces or timeout when it doesn't get one, thus slowing it down even more.

However, now the question is, "How do I get around this?". Do I look for a newer reverse lookup function? Do I just write my own name resolution code by crafting and injecting DNS/NetBIOS packets? Do I ignore this as it's probably a pretty rare occurrence? We'll see I guess...

I can't help but wonder if the NetBIOS name requests being sent to each interface is a protocol spec, or if it's just the way Microsoft decided to implement the function? Perhaps neither I suppose. Either way, it's great to finally know what on earth was causing the slowdown. :)

Yes, that's right, there will be a new VNCAdmin and it's name will be Yavar, (Yet Another VNCAdmin Rewrite)! I've actually been slowly working on this for some time, but I've been taking it slow and thinking it through. I have so many goals for this release, most of which mean lots of learning, which has always been the first and foremost goal of this project in the first place...besides for helping to administer machines running VNC. :)

Some of the goals for this rewrite include:

1. Platform portability. I want Yavar to run the same on either Linux or Windows. I also want to get around Windows XP SP2 TCP/IP connection limiting schenanigans. Way to cripple your OS MS!

2. Zero GUI dependencies. I want to be able to "snap-on" a QT, Gtk or a wxWidgets GUI easily to make sure the application can be used with the look and feel people are used to.

3. I want to offer more sophisticated scanning methods beyond your basic connect scans that VNCAdmin currently does. Why? Mainly because I wanna know how to do it. Knowing stuff rules. :)

4. Clean, modular, object oriented code design. I've long struggled with and have had an interest in code design as a topic, so this time around I want to go slow and write it well and maintainable. Of course, this is easier said than done when you just wanna get something working. :)

5. Oh yea, and get some users! I haven't really pursued this since I've never been comfortable with the 2.x code base. It's really ugly.

Watch this space for updates as I hope to use this as a way to document my ideas, questions, status, etc.