Syed Jahanzaib Personal Blog to Share Knowledge !

January 13, 2015

SYGIC GPS Navigation System [With Offline Support]

sygic-gps-navigation sygic2


sygic reply

Screenshot_2015-10-02-16-32-51with latest Pakistan map update, many new locations are now easier to locate and navigation is done in 3d style with more smoothness 🙂


Last  Updated:  23 November,  2015

1- Sygic Introduction
2- Download Link
3- Installation Instruction
4- Release (14.7.7) Overview with screenshots [Latest Release as of late January, 2015,  15.x released in July as well but I am not updating it for reasons]
5- 14.3.4 Overview with screenshots [Stable Release of 2014, *** RECOMMENDED *** ]
6- Pakistan MAP Last Updates  [7th JUly 2015 Reply from SYGIC]
7- Pakistan MAP Last Update [1st October, 2015 GOOD NEWS ! MAP UPDATED NOW ]
8- 15.5.9 is so far the best stable version and no issue of GPS NOT FOUND. use this one.  [ 23rd Nov, 2015]
9- Backup Sygic Favorites/POI/Routes etc.



1- Sygic Introduction

I do have to admit that I have a very poor sense of direction and never quite trust myself that I know the best route. I use Google Maps to plan my route before leaving my place, even for around my home town. Google Maps/Navigation is fantastic. It’s easy to use, stays (mostly) up-to-date, and is built into Android’s core. However, it has one major flaw: Offline navigation simply doesn’t exist within Google Maps. Specially If you’re heading into uncharted territory where cell service may be sketchy or non-existent, you’re basically on your own. And getting lost is not a fun experience. (It happened with me frequently in the past. One horrible experience I still remember of getting lost at Karachi board office area, and in north Nazimabad, I spent more then 1 hour just to get on main road 😛 lol )

The solution? A third-party GPS application with offline support, like Sygic’s Maps & GPS Navigation. Sygic works by downloading and storing maps on your smartphone for offline use — so you can have a fully functioning GPS with no internet connection.  Be aware, Note that like any other CPU/resource hungry application or other navigation app m this one does use a heavy amount of battery. Make sure if you are using Sygic for android in car for longer time, you must have car mobile charger with you. I used SAMSUNG Galaxy S3 mobile charger (which coasted 400 Pak Rupees / original but slightly used)



2- Download Link

Download URL: [Pre_Activated]  http://xxxxxxxxxxxxxxxxxxxxxxx [Google Drive Link, ]

3- Installation Instructions

To install Sygic 14.x.x for android, follow instructions as below …

1- Unzip the sygic zip file, it will be extracted to a folder name SYGIC.
2- Now upload this SYGIC folder and sygic_xxxxx.apk file to root of your android (like in main root or in SD Card)
3- Open any File Explorer on your android set, browse to main root folder (or sd card where you uploaded the .apk file and sygic folder)  and execute sygic_xxxxx.apk and follow the on screen instructions and it will install sygic application.
4- By default it will not have map for Pakistan, Make sure you have some good internet connection (wifi)
Open Sygic application, and goto Settings, Manage Map , and download PAKISTAN (or your desired) map from MIDDLE EAST section. Download size would be around 80+ MB.


Example of Folder Structure:


I have included its manual in PDF format as well for some learning purposes.

Note: In my personnel experience, Sygic 14.3.4 is still very much stable release with easier search options and works better then all new releases, I suggest to stick with the 14.3.4 version until some really stable release.

4- 14.7.7 Overview with screenshots

Sygic 14.7.7

Sygic GPS Navigation released 14.7.7 version which have fixed occasional crashing and few minor bugs. using it my Samsung Galaxy S3 working good. For more information on Sygic, visit there web site at







CHANGE Log’s for 14.7.x versions …

Changelog: 14.7.7 r121036
– BT fix
– HTC android 5 fixr us now

Changelog: 14.7.5 r121030
– Fix for search
– Fix for signposts [for android 4.0]
– Some little fixes

Changelog: 14.7.4 r121032
Main change is support for Octa-core devices

Changelog: 14.7.3 -r121023
coming soon

Changelog: 14.7.2 -r121024
just two minor fixes

Changelog: 14.7.1 r121014
Triplog – show on map
New icon [launcher]
Navigate to photo from gallery
Fixed roundabout icon in left side driving countries
crash fixes

Changelog: 14.7.0 r120989
many fixes for crashes that we see in Google developer console and Crashlytics
New maps 2014.06
Poi subcategories are orders alphabetically
New widget manager with new widgets: Navigate to photo + SOS widget + Travel book [travel book – show on map will come little later]
Fixed auto close
optimization of dropbox
Search is enabled while navigating
Fix for internet connection after „log-out“
Route summary – avoiding instruction via overflow icon
Fixed crash after clicking home more times
BlackBox settings
reworked roundabout icon

5- 14.3.4 Overview with screenshots with Sidebar / Dashboard Options

[This is good and stable version in my personnel view]










Searching with GPS coordinates is now possible. (applicable with 14.x versions i guess)




Rudolf Wuscher (Sygic Support)
Jan 15 09:30
Hello Syed, Thank you for contacting Sygic.

The current map version for Pakistan is 2011.02. At the moment, we don’t have an update planned, although we will release an update as soon as we strike a deal from one of our map data providers.

Best regards,

Sygic Customer Support


Rudolf Wuscher (Sygic Support)

Feb 26, 15:17

Hello Syed,

Thank you for contacting Sygic.
Please accept our most sincere apologies for the late reply. Our support is currently tasked to capacity.

We are sorry, we currently don’t have a more actual map available for Pakistan, nor do we have any information available on an update. Unfortunately, we don’t have a release date for the new version of maps for Pakistan, we would therefore like to ask you for your patience.

If you have any other question, or need any further assistance, just reply to this message to open the ticket again.

Best regards,

Sygic Customer Support



Rudolf Wuscher (Sygic Support)

Jul 6, 12:16

Hello Syed,

Thank you for contacting Sygic.
Please accept our most sincere apologies for the late reply. Our support is currently tasked to capacity.

We currently don’t have a map data update for Pakistan available at the moment, though they should be available later this year. We would therefore like to ask you for your patience.

If you have any other question, or need any further assistance, just reply to this message to open the ticket again.

Best regards,

Customer Support Specialist



Its true that SYGIC maps are a bit old (for Pakistan), but still they provide best navigation for general traveling. To overcome this issue, I usually use GOOGLE Map and plan the route according to my requirement, then I save its link and convert it with ITF converter tool. then I import it in SYGIC MAPS , and it works good.

If some is interested to know how to convert Google map route to android Sygic, let me know and I will post an guide for it. or read this link.

Import Route works fine with ver 14.3.x or older , but Not working with 14.7.x


7-  Pakistan MAP Last Update [1st October, 2015 GOOD NEWS ! MAP UPDATED NOW ]

Good news for Pakistan ! Sygic maps have been updated. Last updated map for Pakistan is (as of writing) is Jun 2015. I can see many updated names and places , even many mechanic shop names and others are  there. so its really updated 🙂
today I purchased it online. Cost was 25$ for Pakistan Map license. Purchasing was instant and I got the activation code by Email. I know there are cracks available, but I just purchased it to support the good work !

Here are some Technical details:

app=Sygic GPS Navigation


9- Backup Sygic Favorites / POI / Routes etc

If you need to remove sygic and re install again, then its a good idea to backup your custom POI / Routes and favorites, because creating them again and again can be a real headache :s so here are the folders you should backup , and then can restore them in same location to get back the data 🙂

Howto Backup SYGIC Favorites / Routes / Custom POI / ICONS  =

– Favorites are stored in folder /Sygic/Res/db as items.dat

– Routes are saved in /Sygic/Res/Itinerary (one .itf file is one route).

– Custom POIs are stored in /Sygic/Maps/Rupi/<countries>. Points of Interest are stored for each country separately.
You need to make a backup of all these folders, otherwise they will be lost.

– Custom icons for Points of Interest are stored of in /Sygic/res/icons/rupi.

– Please make a backup of these folders. After a complete re-installation of the navigation, you need to copy them back to the same place.

Note: 15.5.9 is the best stable version as of 23-Nov-2015 / zaib. its stable, have lesser gps signals failure issues, less crashing 😉



Syed Jahanzaib

December 31, 2013

2013 in review

Filed under: General IT Related — Syed Jahanzaib / Pinochio~:) @ 11:51 AM

The stats helper monkeys prepared a 2013 annual report for this blog.

Here’s an excerpt:

The Louvre Museum has 8.5 million visitors per year. This blog was viewed about 990,000 times in 2013. If it were an exhibit at the Louvre Museum, it would take about 43 days for that many people to see it.

Click here to see the complete report.

November 27, 2013

DVR/CCTV & Browser Compatibility issue

Filed under: General IT Related — Tags: , , , , , — Syed Jahanzaib / Pinochio~:) @ 1:19 PM

From past few weeks we were having issues accessing our DVR systems from the Internet. The problem was that only when authentication dialogue appears, and after entering credentials , nothing appears further , no video nothing else, seems like connection going in sink hole.

As showed in the images below . . .

Login screen appear but with no background or complete logo


But after entering credentials, no video or any thing else came except for blank screen or with no video.



First we thought it might be something with the port forwarding , so first we did some investigation and found nothing, so called a Cisco Support personnel, and he also did some checking and found nothing.

Then we suspect our ISP and lounged complain regarding possible content filtering, but they claimed none of any traffic is filtered in corporate networks except VOIP.

We called the DVR support team and they claimed everything is fine at there DVR systems (nooobs :p)
Later on I configured an Mikrotik Routerboard in parallel just to verify that nothing is wrong  with the Cisco ASA firewall.

After searching on Google, I found out that it is something related to browser compatibility issues with the ACTIVEX component of the DVR manufacturer. But I was unable to sort it out completely. Luckily a friend from PORTUGAL (Mr. Rui Oliveria) confirmed me about the browser compatibility issue, and recommended me to run Browser (Internet Explorer 10) in IE9 mode. and ALHAMDOLILLAH it worked without any issue.

As showed in the image below . . .



Alternate way to launch Internet Explorer 10 in IE-9 mode via shortcut

To launch Internet Explorer 10 in IE9 mode, create a HTML file (you can use simple ntoepad to copy paste following code, and save it with IE9.html )

Copy paste the code from following pastebin location (WordPress is not good with pasting html codes)

Now double click this file and IE10 will be launch in IE9 mode. You can modify it as per your requirements.


You can use IETAB for Google Chrome & Firefox to view the DVR system.


Syed Jahanzaib


November 25, 2013

Mikrotik Central VPN Server For Remote Branches Connectivity

Filed under: General IT Related, Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:54 PM




vpn connectivity

Consider following scenario:

An ISP have multiple locations all over the country. Main Mikrotik router at NOC have fixed public IP. Radius Billing system is connected with LAN. All remote locations have Mikrotik Router boards as NAS and have dynamic public IP. All locations have there own internet connectivity with various ISP’s but we want to use our main RADIUS server as a centralized billing solution for all the REMOTE locations. So this is a short guide on howto create central Radius Server and connected all remote branches/nases with it.


Basic Points:

Create PPTP server at your Head Office Mikrotik.
Create user account in secret section, nd assign him fix IP address like
Now at branch office, create a pptp client in mikrotik pptp section, and add head office IP / user id passwd, Dont forget to UNCHECK “add DEFAULT ROUTE” button. because if you do so it will override default route and will route every traffic including internet requests too to head office, which will overload head office internet connection, since we only want to route request for specific IP/subnet, so we will create a route at both end so that request for specific ip subent should go via vpn tunnel .

Head Office Mikrotik Config

LAN subnet =
WAN subnet =
Radius =

First add IP pool for VPN users, like same as LAN series but with specific series.

/ip pool
add name=PPP-Pool ranges=

Now add VPN Profile

/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=default use-encryption=default use-mpls=default use-vj-compression=default
add change-tcp-mss=default dns-server= local-address= name=vpn-profile only-one=default remote-address=PPP-Pool \
use-compression=default use-encryption=default use-mpls=default use-vj-compression=default
set 2 change-tcp-mss=yes name=default-encryption only-one=default use-compression=default use-encryption=yes use-mpls=default use-vj-compression=default

Now enable VPN server

/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=yes keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled

Now add user so that we will be testing from remote location NAS.

/ppp secret
add caller-id=”” disabled=no limit-bytes-in=0 limit-bytes-out=0 name=aa password=aa profile=vpn-profile routes=”” service=any

Now add route for the subnet in IP ROUTE section , via pptp gateway.

Remote Branch Mikrotik Config

LAN subnet =
WAN subnet = DYNAMIC Public IP x.x.x.x

Now we want to connect remote NAS with head office VPN server so that it can use central radius server as a centralized billing system.

In short: Create a pptp dialer , pointing to Head Office Main RB (where vpn is configured) , enter valid user id password, Make sure you remove tick from add default route, after its connect, simply add a route for and its gateway pointing to pptp-out1 (pptp link we created above)

To be continued . . . will write soon about it , while writing guide,an issue in the network popedup . . 00-(

April 30, 2013

Recovery of DMA RM admin account / Howto View MYSQL encrypted password

Filed under: General IT Related, Linux Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:36 PM

Encrypted Password Recovery / Syed Jahanzaib

Last Updated: 8th August, 2015 ,

1) it is recommended to create bash script to detect invalid password login attempts , if a user tries to login more then X times in a minute, then it should be considered as HACKING Attempt and this account should be locked to further prevent any bruteforce attempt. 1) Donot use default ADMIN account.

All user id and passwords are stored in MYSQL database name radius . Manager id’s are stored in rm_manager table and all other normal user id’s used for user login are stored in rm_users table.

Method 1# How to add additional admin account in RM

A workaround is to add another manager with admin privileges . ONce its added, login with this new manager ID, and change the ADMIN account password from the Manager list.

Login to mysql, and use following commands

mysql -uroot -pYOUR_MYSQL_PASS

use radius;

INSERT INTO `radius`.`rm_managers` (`managername`, `password`, `firstname`, `lastname`, `phone`, `mobile`, `address`, `city`, `zip`, `country`, `state`, `comment`, `company`, `vatid`, `email`, `balance`, `perm_listusers`, `perm_createusers`, `perm_editusers`, `perm_edituserspriv`, `perm_deleteusers`, `perm_listmanagers`, `perm_createmanagers`, `perm_editmanagers`, `perm_deletemanagers`, `perm_listservices`, `perm_createservices`, `perm_editservices`, `perm_deleteservices`, `perm_listonlineusers`, `perm_listinvoices`, `perm_trafficreport`, `perm_addcredits`, `perm_negbalance`, `perm_listallinvoices`, `perm_showinvtotals`, `perm_logout`, `perm_cardsys`, `perm_editinvoice`, `perm_allusers`, `perm_allowdiscount`, `perm_enwriteoff`, `perm_accessap`, `perm_cts`, `enablemanager`, `lang`) VALUES ('adminx', 'adminx', 'adminx', 'adminx', '', '', '', '', '', '', '', '', '', '', '', '1000.00', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', 'English');

UPDATE rm_managers SET password = MD5('12345') WHERE managername = 'adminx'

Done. Now login with following |ID and goto Managers and change your old ADMIN account password

id = adminx
pass = adminx

Method 2# Other methods to view old password (only if its simple form of password)

Passwords are stored in encrypted format using SHA1 algorithm.
I used the following method to retrieve the old password (without changing it)

Login to your Linux box using root account and execute following commands

mysql -h localhost -u root -s -pYOURPASSWORD
use radius;
SELECT * FROM `rm_managers`;

It will show you some scattered information of all the admin accounts with there details and Encrypted passwords.

TIP: You can also use PHPMYADMIN to get info via nice GUI 🙂 , but as I am a creature living in the dark, therefore I like to use black screen to perform my functions 😉

As showed in the image below . .


As you can see in above image, First column in Yellow marking are Manager Id’s stored in the DB radius. and second column marked in RED are passwords stored in encrypted format. Select & copy the encrypted password. Now goto (or there are other websites too that can encode hash encrypted passwords) and paste your password here and click crack hashes. and you will see your password in plain text in result window.    :)~

As showed in the image below . . .


How-to view Radius Manager USER’s account password

Login to your Linux box using root account and execute following commands.

mysql -h localhost -u root -s -pyour_password
use radius;
select * from radcheck order by UserName;

It will show you all users Ids’s along with passwords in clear text format.

If you want to view only specific data, use the following script.

OR use the SCRIPT to view all users password in clear text format

First create script and assign it execute rights.

touch /etc/
chmod+x /etc/

Now edit
nano /etc/

and paste the following data

# Script Source:
# Syed Jahanzaib /


if [ -z "$LUSERNAME" ]; then

case $NAME in
MYCMD="mysql -h localhost -u root -s -pYOURPASSWORD -t -e "
$MYCMD "use radius; select * from radcheck order by UserName;"
$MYCMD "use radius; select * from radreply order by UserName;"
MYCMD="mysql -h localhost -u root -s -pYOURPASSWORD -e "
$MYCMD "use radius; select * from radcheck order by UserName;" |grep $LUSERNAME
$MYCMD "use radius; select * from radreply order by UserName;" |grep $LUSERNAME

Source: Make sure to change the password in above script.Save & EXIT.Now to view user list, simply type


it will show you all user list.To view particular user password, simply type its name like

/etc/ testing


Some Useful commands to reset admin / manager password.

Change OLD Admin Password (may not work)

UPDATE rm_managers SET password = MD5('12345') WHERE managername = 'admin';


View Specific Manager Users list with passwords.

To get User Details for specific Manager & store in a file called manager_users.txt

mysql -sN -u root '-pView*pak' -e 'use radius; select username from rm_users where owner = "MANAGER_NAME_HERE" order by UserName;' > /tmp/manager_users.txt

Now create a bash script

# Syed Jahanzaib /
#set -x
cat $TMP | while read users
USR=`echo $users |awk '{print $1}'`
PAS=`mysql -sN -u root -s -p$SQLPASS -e "use radius; select * from radcheck where username = '$USR';" | grep Cleartext-Password | awk '{print $5}'`
#echo "$PAS" '
echo "$USR / $PAS"

Done. now execute the script and it will show you the password for specific managers only.

Change Radius user password in mysql

SET PASSWORD FOR 'conntrack'@'localhost' = PASSWORD('NEWPASSWORD');



December 31, 2012

2012 in review [My Blog Report by WP]

Filed under: General IT Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 8:09 AM

The stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

About 55,000 tourists visit Liechtenstein every year. This blog was viewed about 850,000 times in 2012. If it were Liechtenstein, it would take about 15 years for that many people to see it. Your blog had more visits than a small country in Europe!

Click here to see the complete report.

December 10, 2012

Vritualization: 3 in 1 > Using Mikrotik + Squid Proxy + Radius on single machine to save resources :)

Filed under: General IT Related, Mikrotik Related, VMware Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:12 PM



Its a good idea to virtualize various servers so underutilized hardware can be used more efficiently, as now a days, getting good hardware is not a big deal. It can save considerable amount of power consumption , reduced heat factor , easy to mange multiple VM using various tools like Vcenter / VEEAM (my favorite), VM Explorer , live migrations from one Virtual Server to Another, Backup & Restore becomes very easy and the list goes on . . .

Recently I did an installation of a network where they were low in hardware resources but still they wanted to utilize the benefits of Mikrotik Router OS with external Squid proxy server and also the Radius Billing Server . So in total they required at least 3 physical machines, but I managed to install all of them on single server using Virtualization technology of VMWARE ESXi 5.x (64bit) and it worked so great 🙂
Here is how I did it.

Note: Because of some time shortage, I am just giving you an idea how it can be done, I am not writing in pin point details on how to connect every machine with Virtual/Physical switches. I will write about it soon.

Hardware Used for the Example:

IBM Xseries 3650 XEON Dual Processors with Quad Cores p/p

3.5″ 15krpm SCSI in RAID 10 mode (300GB x 6) (the more Faster drives (like 10-15krpm) you have, the better result you will be able to achieve. Preferably in RAID mode, either 10 or 0, depend on your management and goals, in this example I used 15krpm SCSI HDD’s with dedicated RAID controller. I tested it on IBM xseries with RAID0 and found RAID 0 much more faster with 15krpm but its not redundant, one drive fail and your whole RAID will go down, so if you want redundancy, go with at least RAID 5 or RAID 10 (Recommended) , Raid 1 is also good as it mirrors each drive, but requires additional drives and also for proxy, its useless to use mirroring as it would be requiring more read/write burden on controller, oh GOD, in which argument I got into :p)

16GB RAM (Mikrotik doesn’t requires much RAM in fact it officially supports maximum of 2G, but Radius and Squid do requires some good amount of RAM, I dedicated 8 GB to SQUID, 4GB to Radius, 1 GB to Mikrotik)

4 Network Adapters ( In this article, due-to time shortage, I have only mentioned howto add two network adapters for LAN and WAN link using virtual Switch tech, but you can add more as per your requirements)

Software Used:

1) Vmware ESXi 5.x  64bit as a Virtual Hyper-visor Server

Guest OS installed in this virtual server’s are as following

2) Mikrotik Router-OS 5.22 [1GB Ram +100GB virtual HDD assigned to this VM]
3) Ubuntu 10.4 for SQUID Proxy (2.7) [8GB Ram +500GB virtual HDD assigned to this VM]
4) Ubuntu 10.4 for Radius Manager Billing System [4GB Ram +200GB virtual HDDassigned to this VM]

TIP: You can use the following RAID calculator to evaluate how much space you will be getting various RAID modes.

First install Vmware ESXi. You can get its free edition from  , just register and download the latest version , it would be in .iso format, Simply burn it to CD, and install it on your server , its very simple to install the ESXi, nothing more then just clicking NEXT NEXT 🙂

After ESXi installed, configure IP address on it, so you can manage it using its client called Vsphere client.

To shorten the story I am using only two interfaces for the mikrotik, LAN and WAN. in this example (shorten version) ESXi have two interfaces connected , one with the LAN user switch and other interface connected with the WAN (physically)

Creating Virtual Switch and bind Network Adapters with this switch.

Goto Configuration tab
From the list appear in Hardware section, click on Networking and click on ADD Networking
As showed in the image below , , ,


2- add network wizard

3- add network wizard

4- add network wizard

5- add network wizard

Ok, our virtual switch is created.
Now its time to bind our WAN adapter in this switch. (So it can later be used for WAN for all hosts we will requiring for)

Click on the Properties
6- add network wizard

7- add network wizard


Creating Mikrotik in VM and assigning network adapters.

Now create new Virtual Machine for your Mikrotik.

Select necessary hardware that you required as required per user load. for example
Mikrotik = 1 CPU / 1 GB RAM / 10 GB HDD /

In Network Adapter Section, by default only one adapter is added, You have to add another adapter by selecting the number of adapters in drop down listing.
As showed in the image below . . .

8- adding lan wan in host

Once the configuration is completed. Simply install the Mikrotik in newly created hosts you just created in above steps.
After configuration is complete, review once again the host settings,
As showed in the image below . . .

9- Mikrotik Network Adapters
After the installation is done, Connect to mikrotik with WINBOX  and look for interfaces
As showed in the image below . . .



I will write more on it later.

Syed Jahanzaib

November 22, 2012

Howto Block Adult websites using OPENDNS for free :) (with category base filtering support)

Filed under: General IT Related, Mikrotik Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 10:09 AM

Last day someone asked me howto block Adult websites in mikrotik. There is no builtin way to do it as it involves URL filtering and its not the job of ROUTER to do such task. Dedicated proxy server can do it effectively since they are built for such purposes like caching/URL filtering/redirecting etc.

We are using Microsoft TMG in our organization which filters URL based on category, so its easier for us to just select the required category that we want to block , for example Porn / Gambling / Spywares etc but Microsoft charge for this service on annual basis (Which I guess is about 15$ per user annually) , It does the job perfectly and very efficiently but its not a cost effective solution specially if you dont have much budget to pay Microsoft.

However following is the free, neat and clean method to block almost 99$ of porn web sites using OpenDNS server as your primary DNS server in your router/proxy or even desktop PC.

Use the below DNS server as your primary dns server in mikrotik / isa server / router or even a desktop. If you are using Mikrotik or other Server, make sure clients are using your server ip as there DNS server, because opendns will work only if the client / router is using there dns server. You can also force users to use your DNS server by adding redirect rule so every request for dns should be redirected to your local server.


If you are using mikrotik server, then it would look alike something below image . . .

Now if you will try to open any adult web site , it wont open and will give you the default browser ‘Could not open’ error,  or the request will  will be redirected to OpenDNS block page informing you that your request was blocked by OpenDNS.
As showed in the image below . . .



You can also show your own page explaining that Adult web sites are blocked and with your Advertisement. For this purpose, you have to enable web.proxy and redirect user traffic to local proxy, then in proxy access, block the / and redirect it to local web server page.



Category  Base  Filtering …


If you have fix public ip address , then you can create account at and then you can do category base filtering.

as showed in the image below …

1 2



Howto Enable Web Proxy in Mikrotik and redirect opendns error page to local error page.


/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=yes max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy= \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\

/ip proxy access
add action=deny disabled=no dst-port="" \

/ip proxy access
add action=deny disabled=no dst-port="" \

Replace the and the full path with your local web server.

Now enable NAT rule to redirect user traffic to local proxy.

Now Redirect All User Traffic to Local Proxy

/ip firewall nat
 add action=redirect chain=dstnat disabled=no dst-port=80 protocol=tcp \

Make sure you move this rule in NAT section above the default masquerading rule. so it captures the http traffic & redirect it, before masquerading it to outside world.

As showed in the image below . . .

If you dont want to use proxy for all request, but for only , then use the below rule that will only redirect traffic to local web proxy, all other traffic will go directly.

/ip firewall nat
add action=redirect chain=dstnat disabled=no dst-address= \
dst-port=80 protocol=tcp to-ports=8080

Now when the user will try to open any adult web site, he will be redirected to local proxy, and proxy will (using access rules we defined above) redirect the request to our local web server page showing our info page.
As showed in the image below . . .



How to force users to use specific DNS Server

/ip firewall nat
add chain=dstnat action=dst-nat to-addresses= to-ports=53 protocol=tcp dst-port=53
add chain=dstnat action=dst-nat to-addresses= to-ports=53 protocol=udp dst-port=53

only udp is required i guess



Syed Jahanzaib

July 31, 2012

Howto Add SNMP Service Remotely on Windows 7/xp

I am using Mikrotik’s the DUDE monitoring tool since many years to monitor my Company’s Server’s and devices health, Recently I decided to add users subnet also on the server’s sub map to view online/offline users, there CPU / Memory/ HDD usage, personnel printers health and tons of other info.

As we all knows that for this purpose SNMP service is required on the target Windows OS. The problem was that there were over 120 nodes and I didn’t wanted to visit them each physically or didn’t wanted to take there remote to install SNMP due to some permission issues. After some googling I found one way to install SNMP service right from my admin pc by doing some fine tuning and tweaks of various commands using pstools. It’s not neat and clean , also it requires some manual work to do, but it does the job. Once you get used to it, you will find it relatively easy to deploy snmp using various method, Either its dos base batch file (that I personally use) , OR its VBS file, or running it via GPO or any other method. ! Every method works for sure.

[Remember in this example , I am using this technique in Active directory domain environment, and using domain administrator account to login to my admin pc windows, ]

First download pstools utility from following location

Extract it any any folder, e.g

Now open command prompt , and navigate to pstools directory , e.g
cd \pstools

Adding SNMP Service remotely on Windows 7 

Use the below command to initiate snmp service installation on remote windows 7 client pc.

PsExec.exe \\syedjz -s -i -d ocsetup.exe SNMP

After 2-3 minutes (depending on the remote PC hardware speed), snmp service will be installed with the default public string, and will be available to serve any snmp request, example via dude. You can verify it by login to that PC and open services console and look for SNMP Service. Now the important point is that SNMP service is installed without any community string by default & without defining any string and define allow monitoring hosts section, you will not be able to do any query via snmp.
You can use the following batch file to create public string on the client pc , right from your desktop.

First create a batch file name change_snmp_String.bat , open notepad , and paste the following text.

@echo off
 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMP\Parameters" /v EnableAuthenticationTraps /t REG_DWORD /d 0 /f
 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers" /v 1 /t REG_SZ /d /f
 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers" /v 2 /t REG_SZ /d /f
 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMP\Parameters\ValidCommunities" /v public /t REG_DWORD /d 4 /f

You can change the PUBLIC string to one of your own choice, as public is very common, Also you need to change the IP defined in above batch file script to match your pc from where you want to monitor the clients or where DUDE is installed. I have two monitoring servers , DUDE+LINUX, therefore I added two IP’s

Now save this file with the name of change_snmp_String.bat (Make sure file name ends with .bat, as notepad adds .txt extension, you have to remove it by selecting ALL FILES in file type, or rename it afterward, grrrrrrr)

Save this file in any shared folder of your system, a folder that every one can access easily , preferably file server location.

Now from command prompt and within pstools directory, use the below command to initiate above batch file so that it can change the snmp string from blank to public and allow our monitoring server IP’s to query the snmp service.

PsExec.exe \\syedjz -s -i -d \\fileserver\softwares\TOOLS_RELATED\snmp\change_snmp_String.bat

OR if you get access denied message, then try passing the admin credentials along with the command

PsExec.exe \\syedjz -u mydomain\administrator -p ponka cmd "/c \\fileserver\softwares\TOOLS_RELATED\snmp\change_snmp_String.bat"

All Done, Now lo-gin to that client PC , and check snmp service / security tab and verify that new public string have been added. The benefit of using PUBLIC string is that dude by default use public string, and if you use this string, then dude will auto fetch the snmp data and will show the cpu/mem/hdd on devices.

To install SNMP on local Windows 7 PC using CLI, use the below command

start /w ocsetup.exe SNMP

Adding SNMP Service remotely on Windows XP/2003

Adding snmp service on Remote Windows XP is a bit tricky and require some manual work to do, Once you manage to get it working, you can then wrap all command in one single file and use this file to install SNMP service via single file by monitoring target pc name only.  Ok Let’s Start . . .

Create new file name snmp.inf with the following contents
(This file will be used for ocsetup to instruct that it should install snmp service)



Copy this snmp.inf to any shared folder, preferably any file sharing server.

Now Copy windows CD contents to any shared folder on your file sharing server or local PC. Copy the whole CD, which will be required at the time of snmp service installation.

Now create a registry file name winpath.reg with the following contents [This file will be used on remote xp to update the windows xp registry for XP setup source files , which will be required at the time of snmp service installation.]
Make sure you change the path defined in the below script to match your local location.

Windows Registry Editor Version 5.00


Now copy this winpath.reg file to the target Client Windows XP in root , e.g  C:\

Now execute the following command Which will add the windows source path to the client windows XP registry
(You must have pstools in c:\pstools folder, as explained in windows 7 section above)

PsExec.exe \\syedjz cmd "/c reg import C:\winpath.reg"

Now that the client XP now knows about the windows XP setup CD, its time to hit the road, (remote execution of snmp service installation on remote windows XP). Use the below command to execute the setup.

PsExec.exe \\syedjz -s -i -d sysocmgr /i:%windir%\inf\sysoc.inf /u:\\files-server\softwares\TOOLS_RELATED\snmp\snmp.inf /x /q

After 2-3 minutes (depending on the remote PC hardware speed), snmp service will be installed with the default public string, and will be available to serve any snmp request, usually I used DUDE 🙂

Remember, I only explained the raw method of doing snmp installation on remote pc’s. There are many other fine tuned method to perform this action. You can adopt whatever you like. Following are 2 batch files that do job via batch file, so you don’t’ have to type he whole commands, just type the batch file and the target PC name,

For Windows 7 , We will use two batch file.
1- win7_snmp_install.bat
2- win7_snmp_string.bat
One that will install SNMP Service on remote win 7,

PsExec.exe \\%1 -s -i -d ocsetup.exe SNMP

Second that will change the SNMP String

PsExec.exe \\%1 -s -i -d \\file-server\softwares\TOOLS_RELATED\snmp\change_snmp_String.bat

You can use this file by defining client pc name with the file
e.g: win7_snmp_install.bat clientpcname

For Windows XP, Single Batch file will be enough
1- winXP_snmp_install.bat

@echo off
copy /Y "C:\snmp\winpath.reg" "\\%1\c$"
PsExec.exe \\%1 cmd "/c reg import C:\winpath.reg"
PsExec.exe \\%1 -s -i -d sysocmgr /i:%windir%\inf\sysoc.inf /u:\\file-server\softwares\TOOLS_RELATED\snmp\snmp.inf /x /q
echo All Done, Hopefully. Script by Syed Jahanzaib

You can use this file by defining client pc name with the file
e.g: winxp_snmp_install.bat  clientpcname



Syed Jahanzaib

July 25, 2012

Using snmptools to monitor Disk Read / Write Time [Win2008 64/32 bit]

Filed under: General IT Related, Linux Related, Microsoft Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 9:35 AM


Disk Read Time in %

In the past, I was using erwans snmptool on windows 2003 base server’s to graph mrtg of any instance of remote pc including Windows Performance Monitor Counters, snmptools give the power to query any performance counter and taking that value, you can create nice graphs on mrtg or other monitoring system like Mikrotik base the DUDE
, but unfortunately it didn’t worked out for me on Windows 2008 64 bit base servers. When I try to query the oid tree, I get no results, even after installing snmptools, I found at that I have to manually add the counters myself in the counters.ini file.

I did accomplish this task by using following method. Make sure you install SNMP service & configure it before continuing.

Automatic Installer is available at

The Manual method is as below . . .

Download Erwan SNMPTOOLS from

Unzip it to any folder. Copy snmptools.dll to c:\windows\ folder.
Now run regagentWow6432.reg
Restart SNMP Service.

Now query this box using snmpwalk or any other snmp browser. I usually use Linux [ubuntu] base OS for general purposes.

snmpwalk  -v2c  -c  public

You may see following result.

SNMPv2-SMI::enterprises.15 = STRING: “snmptools by”

Now open c:\counters.ini (If it doesn’t exists, create one) , Remove all lines and add following lines.

;this file is optional
;you can define here the hardcoded oid for specific ms counters

counter=PhysicalDisk\% Disk Read Time\_Total

counter=PhysicalDisk\% Disk Write Time\_Total

counter=PhysicalDisk\Avg. Disk Queue Length\_Total
counter=PhysicalDisk\Avg. Disk Queue Length C:
counter=PhysicalDisk\Avg. Disk Queue Length\1 D:

Save & Exit.
Now use the following Query

For Disk Read in %
snmpwalk -v2c -c agp

For Disk Write Time in %
snmpwalk -v2c -c agp

and likewise.

To show Disk Read/Write time in the DUDE device appearance , use the following code:

Disk Read / Write Time C: & D: [string_substring(oid(“”),0,3)] / [string_substring(oid(“”),0,3)]

You can use same principal and hard code any OID you like, for example other performance counters.
On Windows 32 bit, simply installing will give you whole list under oid tree.

Older Posts »

%d bloggers like this: