Choosing Which Connection to Use with Windows Routing Table Editor GUI

About 10 years ago when most people are still using dial-up and broadband is only available in Klang valley, I was one of the lucky user that is staying in an area which is within the broadband coverage area. I remembered I was paying a lot monthly for using dial-up connection and was really happy when the broadband package is cheaper than what I paid, faster connection and I can use it 24 hours a day without limit. I had a question in mind which is if I have both dial up and broadband connected, would Windows use the bandwidth simultaneously or only use one of it? If Windows only uses one of it, which connection would it use and why?

I found out that it has something to do with the Windows Routing Table. It is possible to switch between the connections by changing the route and setting the lowest metric value for the default route. To do that, Windows comes with a command line route.exe utility which I would say it may not be easy to use for people who do not understand IP routing table.
Thanks to Nir Sofer, he has recently released a Network Route Utility for Windows called NetRouteView which is a GUI alternative to the standard route utility (Route.exe) of Windows operating system. It displays the list of all routes on your current network, including the destination, mask, gateway, interface IP address, metric value, type, protocol, age (in seconds), interface name, and the MAC address. NetRouteView also allows you to easily add new routes, as well as to remove or modify existing static routes.  Here is an example of the connections on my test computer. I have a wireless broadband (Celcom), WLAN connection (Wi-Fi) and a wired LAN, all 3 connected at the same time. How do we know which connection is being used when all 3 are connected?  Using NetRouteView, we would only need to look for the default route that has the lowest metric, which means that is the connection with the priority of being used. The routes with destination and mask 0.0.0.0 are the default routes so by clicking on the Destination column, it would sort and automatically place all 0.0.0.0 at the top for easy viewing. Next see which metric is the lowest. The interface IP would identify which connection is it.

Go to run by pressing WIN+R and type cmd to open the command prompt. Type ipconfig and it shows all the connection with the IP address. As you can see, the default route with metric 1 is my Celcom 3G wireless broadband, followed by metric 11 with the IP address 192.168.2.2 which is my wired LAN connection and finally metric 20 which is my wireless LAN (wi-fi). If I disconnect my wireless broadband, the next connection that will be automatically used is the wired LAN.

If you want all 3 connections to be connected and wants to use wireless lan, you can either double click on the route and change the metric to a lower number. Metric 1 is the lowest, so if there is already a connection with metric 1, the easiest way is to switch the metric values by pressing and holding the CTRL key while clicking the on the connections. Then you can either press F9 or right click and select “Switch Metric Values”.
If somehow you screwed up the routing tables, a reboot would automatically fix it because the changes that you made with NetRouteView is only temporary and not persistent. By the way, Cain & Able, a password recovery tool for Microsoft Operating Systems also has a GUI for editing the Routing Table called Route Table MAnager. It can be access from Tools menubar and select Route Table or you can use the hotkey Alt+R.

[ Download NetRouteView | Cain & Able ]

Spying Windows Software by Sniffing and Decoding Packets including SSL with oSpy

Sniffing packets of a software is one of the reverse engineering method to find out what data is being sent and received. Packet sniffing is mostly done by more advanced users and most of the time, hackers themselves. Many years ago when I was in the 8th-wonder team, our leader of the clan ad4 used packet sniffer and discovered that anyone can change a person’s ICQ details without logging in to that user account. He created a simple tool which is able to change the details of any ICQ account, unfortunately one of the clan member masta abused the tool and ICQ found out about that exploit and fixed it within 24 hours.

Other than that, it is also useful to check if a program is harvesting any sensitive data from your computer. If you do not have a firewall, you wouldn’t know if the program that you installed is connecting to the Internet or not. The most popular packet sniffer that is free today is Wireshare (last time was called Ethereal), but I’d like to introduce a different one called oSpy which has the capability of even decrypting encrypted SSL packets.

oSpy is a packet sniffing tool which aids in reverse-engineering software running on the Windows platform. The sniffing is done on the API level which allows a much more fine-grained view of what’s going on. Seeing return-addresses for each recv/send call (for example), can prove useful when you want to look at the processing code at that spot in a debugger or static analysis tool. And if an application uses encrypted communication it’s easy to intercept these calls as well. oSpy already intercepts one such API, and is the API used by MSN Messenger, Google Talk, etc. for encrypting/decrypting HTTPS data.
Another neat feature is when wanting to see how an application behaves when in a firewalled environment. Normally you would have to simulate such an environment by configuring firewalls etc., which not only is time-consuming, but might also cripple the rest of the applications you’ve got running. oSpy solves this problem by a feature called softwalling which allows you to set rules based on the type of function-call, the return-address, local/remote address/port, etc., and lets you choose which error to signal back to the application when the rule matches. This way you can make the application think that for example a connect() timed out, connection was refused, there was no route to host, etc.
Here is a simple test on how oSpy decrypts the SSL packet and display it in clear text.
1. I opened Maybank2u login webpage which has SSL.

2. I attached iexplorer.exe process to oSpy and start capturing the packets. Press F5 in oSpy, chose iexplorer.exe and click Start to start capturing packets on Internet Explorer.
3. I typed the username and password on the Maybank2u login page and click the login button.
4. oSpy shows the username and password that I typed in clear text!

I’ve tried capturing the packets using Wireshark but it only shows the encrypted data and nothing about the username and login even though all the protocols are enabled. The above is only one example of what you can do with oSpy and there are many other reasons to use this tool. What I like about oSpy is its portable, you don’t need to install WinPcap like most packet sniffer requires, small and it’s free!
There’s an annoying bug with oSpy which is if you do not terminate the program properly, you won’t be able to use it to capture packets on any process. It will ask you run a few gacutil commands in command prompt to cleanup the left-over .NET assemblies in your system-wide Global Assembly Cache. For gacutil to work, you will need to download and install .NET Framework SDK or Visual Studio. This might be fixed in the future versions…
[ Download oSpy ]

Pingdom Offers Free Account With 20 SMS to Monitor One Website Every Minute

I’ve been using Pingdom for at least 3 years already because they provide really good service and also the 1 minute checks from locations all over the world. I used to have problems sending SMS as notification and Pingdom’s support team fixed the problem really quick plus they even compensated more SMS credits to my account. I’ve always been using the Basic account because that is the cheapest plan they had back then. It’s pretty much a waste since I only have one blog site to monitor when the basic account offers checks on 5 websites.

My Pingdom account has just expired end of February and was billed $119.40 for a new invoice. I’ve just paid few thousand dollars for a years’ dedicated server at NetDepot and is really feeling the pinch for fork out another hundred bucks for a monitoring service. Moreover Adsense has stopped serving ads to this website and the revenue that is generated from other advertising companies is barely enough to cover the cost of this server. So I canceled my Pingdom account temporarily and thought that maybe I will re-sign up again at a later time when I have enough funds. To my surprise I found out that Pingdom has started offering FREE accounts along with 20 SMS but limited to only monitor ONE website. Pingdom Free account is fine with me because I only have 1 website to monitor and can save money.

What I like about Pingdom is the control panel is easy to use and understand and most importantly it does 1 minute checks from different locations around the world. For me, I set Pingdom to check for a certain keyword on my blog site every minute and only notify me via SMS and email if detected 11 consecutive check errors (10 minutes).

Other than checking for downtimes, Pingdom can also check how responsive is your website. Even if you only have FTP or mail server, Pingdom can check TCP ports (21 for FTP) and also SMTP, POP3, IMAP. The TCP port check makes it possible to check nearly everything including a game server such as Counter-Strike that is normally on port 27015.
The important requirement to keep your free Pingdom account alive is to log in to the Pingdom control panel at least once every 90 days. If you’re not good at remembering things, the easiest way is to install a free app by Pingdom called Pingdom Desktop Notifier that runs in the background and notifies you if your website is down. This application connects to your control panel so you can get more information about an outage and access more Pingdom features such as our various reports.

If you think about it, you can register 5 free accounts and you’re able to monitor 5 websites. It’s doable but it’s wrong under Pingdom’s terms of service. One of the terms is “Only one free account per person or legal entity is allowed“. If they catch you using two or more free accounts, you will risk your accounts being terminated. Blacklisting your account is fine because you can always use a new email address and contact information, just don’t blacklist the IP or website that you want to monitor…
So far I can’t find any better free uptime monitoring service than Pingdom. Sign up FREE Pingdom account from this link.

Today Only: Free Zemana AntiLogger License for EVERYONE

I personally think that keylogger is the most scariest threat. Imagine all your passwords being captured and the person who installed the keylogger is able to access all your password protected websites such as your emails, paypal, online banking and etc. One of the most effective method to counter keylogger is by using Zemana AntiLogger.

Zemana AntiLogger is one of the security products that I’ve recommended and will continue to recommend to everyone. The last time I tested Zemana AntiLogger and it was able to block virtually ALL keylogging, webcam capture and screenshot capture methods from different trojans. A year has gone by and again I’ve tested Zemana AntiLogger with 2 keyloggers (one of it uses rootkit method and the other advertises that it is completely invisible bypassing antivirus and firewall) and 1 trojan crypted with incognito which by bypassed many antivirus and internet security products. Zemana AntiLogger was able to detect injection on both of the keyloggers and the trojan while successfully blocking the installation of those dangerous files.

Zemana has collaborated with Softpedia to offer everyone FREE license for Zemana AntiLogger ONLY FOR TODAY. Hurry and grab your license as soon as possible.

To get your free Zemana AntiLogger license worth $39.50:
1. Go to this page http://www.zemana.com/softpedia/
2. Click the FREE Full Version Download Now button to download the installer AntiLogger_SOFTPEDIA_1.9.2.185.exe
3. Install and reboot your computer
4. Activate the program by following the on-screen instructions.

Zemana AntiLogger is easy to use. Just install and let it protect your computer. It is made to protect your computer real-time without relying on virus signatures so you won’t find any Scan button. Most if not all injections are threats, so if you get such warnings, make sure you block them first.

Zemana AntiLogger is easy to use. Just install and let it protect your computer. It is made to protect your computer real-time without relying on virus signatures so you won’t find any Scan button. Most if not all injections are threats, so if you get such warnings, make sure you block them first.

I believe the installer that is custom built for Softpedia which has the license number integrated to activate the program. I am not sure whether is it still possible to continue activate the license using the custom installer when this promo is expired. If the activation is limited to only today, that means if we reformat our hard drive
we wouldn’t be able to use Zemana AntiLogger for free anymore. I’ve did some tracing and found that the activated license information is stored in C:\Program Files\AntiLogger\config.cfg. You can backup the config.cfg and restore it at a later time IF the online activation blocks the SOFTPEDIA-OEM-12809 license number. If you starting to think about piracy using the config.cfg, you will not succeed because the license is hardware dependent and if you transfer the config.cfg on another computer, it won’t work.

One thing I noticed about Zemana AntiLogger is it doesn’t aggressively checks the current process for threats. One example is, I am using Input Director to share keyboard and mouse between computers and it took a while before Zemana found out that Input Director is capturing the screen. Not to worry because I’ve tried turning off Zemana and then install a keylogger that auto uploads captured data but I’ve waited 30 minutes and still didn’t receive any captured data. I assume that although Zemana AntiLogger haven’t detect the threat, but it can block sensitive data from being transferred.
You can install and run Zemana AntiLogger together with your antivirus. Check here for a list of compatible security products. You have no idea how many undetectable threats out there today and relying solely on just antivirus itself is not enough to keep your personal data safe. Go tell your friends and families about this promotion.

Update: Zemana AntiLogger is only compatible with Windows XP with Service Pack 2 or higher, Vista and 7 32 bit ONLY. AntiLogger is not available for 64-bit Windows.

Comparing CPU Speed and Performance from Benchmarks Reports

2 years ago I moved my website from WebhostingBuzz to a dedicated server in SoftLayer and has been using it until today. The server was considered quite powerful then and luckily it has been able to support this blog and forum without giving any major downtime. There are still times when this website gets a surge of visitors and caused the server to crash. Here are my current dedicated hardware specification. Single processor quad core Intel Xeon X3220, 8GB DDR2 RAM, 100Mbps uplink, 2 x 73GB SA-SCSI 15K RPM hard drives WITHOUT RAID and I am paying a whopping $349 every month for the past 2 years.

Recently I found out that the monthly price for X3220 and X3230 is the same except there is an additional one time $49 setup fee. I figured that the X3230 should be faster than the X3220, so I went ahead and ordered the upgrade which was performed last weekend. I didn’t really know what are the differences because I never really performed any benchmark.
Sometimes I do felt like I am paying too much for the server rental in SoftLayer so I searched around and I finally found a datacenter that was offering a much better price with a more powerful server compared to SoftLayer.

My current SoftLayer dedicated server specification:

CPU: Intel Xeon 3230 4×2.66GHz
Memory: 8GB DDR2 RAM
Hard Drive: 2 x 73GB SA-SCSI 15K RPM without RAID
Bandwidth: 2000GB (100Mbps uplink)
Annual Price: $4212

My upcoming new NetDepot dedicated server specification:

CPU: Dual Intel Xeon E5520 Nehalem 8×2.26GHz
Memory: 12GB DDR3 RAM
Hard Drive: 2 x 146GB SA-SCSI 15K RPM with RAID 1
Bandwidth: 3000GB (100Mbps uplink)
First year Annual Price: $3590.2
Second Year Onwards: $1771.2

As you can see I am getting a way more powerful processor with an increased of memory and also RAID 1 for hard drive mirroring. The best part is the price that I get from NetDepot is much cheaper than SoftLayer. The first year price is a bit higher compared to the second year onwards because of the “buydown” option where I pay for the upgrades once and never had to pay for it again. The server migration will be done somewhere end of this month to early of March and the whole process should be transparent.
Anyway, I wanted to share on how to compare CPU speeds and performance based on benchmark reports. Like I said earlier, I didn’t know what are the difference between a X3220 and X3230 or X3230 vs E5520 in numbers so these reports would really help.
1. PassMark CPU Benchmark Charts

PassMark Software has delved into the thousands of benchmark results that PerformanceTest users have posted to its web site and produced five Intel vs AMD CPU charts to help compare the relative speeds of the different processors. Included in this list are CPUs designed for servers and workstations (Intel Xeon and AMD Opteron processors), desktop CPUs (Intel Core2 Quad, Intel Core i7, Intel Core2 Extreme and AMD Phenom II processors), in addition to mobile CPUs.

2. frybench

Frybench is an open public benchmark based on RandomControl’s flagship product, fryrender, to which anyone could submit performance measurements. Fryrender’s core doesn’t let a single CPU cycle be wasted. Its routines have been written to be cache efficient, and to take the maximum advantage possible of the new multi-threading capabilities present in modern CPU architectures.  

3. Futuremark Benchmark Results

Futuremark has public benchmark results but the search form makes it hard to find for the CPU score that you’re looking for. You can search for what kind of processor such as Intel Core 2 Quad but can’t search for the exact processor number such as Q6600, Q6700 or E5520. So far I could only find this 3 sites that are offering up to date CPU benchmark reports. If you know any, do let me know so I can add it to the list.