Trends in Technology

If you have a VMware ESX cluster running some Windows VMs, you’ve probably noticed very poor mouse response when on the console of your VMs. The fix is actually very simple. You need to bump up the hardware acceleration in the display preferences. You can either do it from the GUI (right click desktop -> properties -> settings -> advanced -> troubleshoot), or you can do it from Powershell:

set-itemproperty -path (((get-itemproperty "hklm:\hardware\devicemap\video")."\Device\Video0") -replace "\\Registry\\Machine","HKLM:") -name "Acceleration.Level" -value 0

What this command does is query the HKLM:\Hardware\Devicemap\Video registry branch to find the true location of your primary video device, and then sets the Acceleration.Level key to a value of 0.

The only problem with editing the registry setting directly is that Windows doesn’t automatically reload the display configuration, so the change doesn’t immediately take effect. Although it is technically possible to do that from Powershell, it isn’t easy (requires p/invoke) and you’re probably better off just rebooting the VM. :)

View/Download Get-Packet.ps1 Script

I’ve posted an updated version of my Get-Packet Powershell packet sniffer script.  It is still completely standalone (it doesn’t require any additional software to run).  New features include:

• Added IP Version field
• TCP flags are now stored in an array
• New switch added to resolve IPs to hostnames
• ESC key will cleanly exit the script
• New switch added to generate statistics

.NET includes a method to resolve IPs to Hostnames in [System.Net.Dns]::GetHostByName(), but if the lookup fails, then there is a 5 second delay that forces the script to pause execution. I instead chose to scrape the output of nslookup since it returns much quicker.  To further decrease processing time, I cache the results in a hashtable so multiple calls to nslookup for the same host are not needed.

Using the -Statistics switch will cause the script to generate statistics after the ESC key is pressed to stop the trace.  Most of the statistics code was borrowed from Jeffery Hicks’s Analyze-Packet script.  A few basic stats will be printed to the screen with write-host, but the bulk of the data will be stored in a global $stats variable that you can access after the script has exited.  This isn’t how features would normally be implemented in cmdlets (they would be separate cmdlets), but I figured it would be ok in a script, and I have found the integration to be pretty convenient.

I had looked at adding IPv6 support, but design limitations in Windows prevented me from being able to access the raw IPv6 header.  See my earlier blog post for more details.  I also looked at adding the ability to save the capture in libpcap format, but I’m not getting the raw IP frame, so the data wouldn’t be as complete as a capture done in something like Wireshark.

Anyway, I hope you enjoy the new features!  Let me know in the comments if you would like to see any other features added.

• EDIT: If you’re on Vista, you might need to disable the firewall to see TCP packets.  Not sure why yet. :)
• EDIT #2: Found out why.  Add powershell.exe as an allowed application. (duh) :)

- Robbie