Overview
NetHero is a Windows-native VoIP and network diagnostics platform. Download a scanner, press Scan, and get a plain-English report of every problem found — in about two minutes, with no technical knowledge required.
Every scan automatically saves a detailed report and a diagnostic log file to your computer. If you connect the scanner to the web dashboard, both files upload automatically so your team can view results, history, and logs from any browser.
What NetHero includes
💾 NetHero Scanner
A single Windows application (nethero.exe) that runs a full network and VoIP diagnostic. No installation. Run from a command prompt, read your report. Saves a report and log file next to itself after every scan.
📊 Web Dashboard
A browser-based portal where your team can view scan results from all scanners, review diagnostic logs, analyze packet captures, manage device profiles, and track trends over time.
📄 Report & Log Files
After every scan: a JSON report with all findings, network data, and device quality metrics; and a rotating log file recording every step the scanner took. Both save next to the .exe automatically.
Every finding is backed by direct evidence — a measured value, a response code, a detected device, a failed port check. NetHero does not guess. If evidence is not present, the finding is not reported.
Quick Start
The fastest way to get a diagnosis is to download and run the Portable Scanner. It takes about 30 seconds to set up and about 2 minutes to complete a scan.
Run your first scan in 3 steps
Download the scanner
Download nethero.exe from the link below and save it to any folder on a Windows PC connected to the network you want to test.
Open and scan
Open a command prompt in the folder containing nethero.exe and run: nethero.exe scan. The scanner automatically finds your network and runs all checks — no configuration needed.
Read your report
Results appear in the right panel, ranked by severity. Each finding is explained in plain English with a specific recommended action.
Run the scanner from the same network as your phone system for the most accurate results. Running it from a remote network will only test external reachability, not internal routing or SIP ALG conditions.
NetHero Scanner
The NetHero Scanner (nethero.exe) is a self-contained Windows command-line application. It is a single file — nothing is installed, nothing is left behind. Download it, run it from any folder, and take it with you on a USB drive.
The interface
The application has two panels. The left panel is where you enter scan settings. The right panel displays results after the scan completes.
- Target host — the IP address or hostname to scan. Leave blank to use Quick Scan, which auto-detects your network’s default gateway.
- Profiles — optionally select a device or deployment profile to compare results against a known-good baseline (e.g., Cisco CUCM, Zoom Phone).
- Probe toggles — enable or disable individual checks (SIP ALG detection, DHCP monitoring, RTP port probing, network discovery).
- Evidence box — paste in log snippets, SIP traces, or any other text from the affected system. NetHero extracts facts from it automatically.
What gets checked
| Check | What it tests |
|---|---|
| Gateway reachability | Whether the default gateway responds; baseline latency to the first hop |
| DNS resolution | Whether the target resolves correctly; checks for slow or failed DNS |
| IP reachability | ICMP echo to the target; round-trip latency and packet loss |
| SIP port (5060) | Whether the SIP signaling port is open and responding |
| SIP OPTIONS | Live SIP probe: response code, server banner, round-trip time |
| SIP ALG detection | Detects whether your router is intercepting and modifying SIP packets (common cause of one-way audio) |
| Double NAT detection | Identifies whether your traffic passes through more than one layer of network address translation |
| RTP port reachability | Tests the UDP port range used for audio (typically 10000–20000) to find firewall blocks |
| DHCP rogue detection | Checks for unauthorized DHCP servers on the local network that may redirect traffic |
| Network discovery | Discovers all active devices on the local subnet, classifies them, and flags VoIP risk conditions |
| VoIP quality probe | Measures latency, jitter, and packet loss to the target; reports a call quality verdict (Excellent / Good / Acceptable / Poor) |
Assessment and health score
After all checks complete, the scanner runs an assessment engine that produces:
- Health Score (0–100) — an overall score for the phone system environment
- Grade (A–F) — a letter grade matching the health score
- MOS Estimate — a predicted Mean Opinion Score for call quality (1.0–5.0)
- Top Fix — the single most impactful action to improve the score
Dashboard connection
The Portable Scanner can connect to the web dashboard to automatically upload scan results and diagnostic logs after every scan. Connection is set up once using a one-time authorization code:
- Open NetHero. A short code appears in the top-right corner (e.g.,
BXKP-QZRM). - Your browser opens automatically to the dashboard authorization page. Sign in and enter the code.
- Click Authorize. The scanner shows “Connected” in green.
- From this point, every scan uploads automatically — no further action needed.
The authorization is stored on your PC. You only need to authorize once per machine. If the scanner is moved to a new PC, repeat the process on that machine.
Understanding Results
Every scan produces a list of findings — specific conditions the scanner observed that are problems, risks, or deviations from the expected baseline for your phone system.
Severity levels
Calls are failing now or about to fail. Requires immediate action.
A confirmed misconfiguration or failure. Calls may fail under certain conditions.
A risk or deviation from best practice. May degrade call quality or cause intermittent issues.
An observation worth noting. No immediate action needed, but useful for documentation.
What each finding contains
- Summary — one sentence describing what was found
- What was found — the specific measured value, response, or condition that triggered the finding
- Why it matters — plain-English explanation of how this affects call quality or reliability
- Evidence — the raw probe data, packet result, or device observation that supports the finding
- Fix steps — a numbered list of exactly what to do to resolve the issue
Report & Log Files
Both scanners automatically write two files to the same folder as the .exe after every scan. No configuration is needed.
| File | Contents | Notes |
|---|---|---|
callsentry.log |
Chronological log of every action the scanner took: probes run, facts extracted, findings raised, errors encountered | Rotates at 2 MB; 3 backups kept |
callsentry-report-<id>-<target>.json |
Full structured scan report: all findings, probe results, discovered devices, quality metrics, and assessment | Up to 10 most recent reports kept; older files are removed automatically |
The JSON report and log file are the best things to send to a support technician or vendor when reporting a problem. They contain everything needed to reproduce the diagnosis without being on-site.
Web Dashboard
The web dashboard is a browser-based portal that aggregates scan results from your scanners, shows trends over time, and provides access to all advanced features. It requires an approved account to access.
Signing in
Access requires a Google account. Click Sign In with Google on the login page. New accounts are placed in a pending state and must be approved by an administrator before access is granted.
API access
| Endpoint | Description |
|---|---|
POST /api/v1/scans | Upload a scan result from a scanner |
GET /api/v1/scans | List recent scan summaries |
POST /api/v1/logs | Append a diagnostic log entry |
GET /api/v1/logs | Retrieve recent log entries |
GET /api/v1/status | Platform health summary |
POST /api/v1/device/authorize | Start scanner device authorization |
PCAP Analyzer
The PCAP Analyzer reconstructs VoIP call flows from packet capture files. Upload one or two .pcap or .pcapng files, optionally describe a specific call that had problems, and NetHero identifies the exact failure point and explains what happened.
What gets detected
- SIP failure codes — 401 (auth), 403 (policy block), 404 (not found), 486 (busy), 488 (codec mismatch), 503 (server unavailable)
- One-way audio — RTP flowing only in one direction, typically caused by NAT or a firewall asymmetry
- RTP dropout — audio stream stops mid-call or never starts after the call is answered
- Codec mismatch — the offered codecs and accepted codecs have no overlap
- SIP ALG corruption — SIP headers that have been rewritten by a router in a way that breaks the call
Templates
Templates define what a healthy deployment looks like for a specific type of phone system or device.
Each template ships with a set of Checks — rules that tell the scanner what to test and what
conditions count as a problem. Templates and checks are version-controlled YAML files stored in the
profiles/ directory.
Template structure
profile_id: cisco_spa504g name: Cisco SPA504G vendor: Cisco category: sip_phone recommended_settings: sip_port: 5060 dtmf_mode: rfc2833 compatibility_notes: > SIP ALG must be disabled on the router. Requires G.711 codec support on the trunk.
Checks
Checks are detection rules attached to a template. Each check specifies the field to test, the comparison operator, and the threshold value. When a scan result matches all conditions in a check, the finding is surfaced in the report with the check's severity and recommended action.
- id: sig_sip_auth_fail
name: SIP Auth Failure
severity: error
confidence: high
conditions:
- field: sip_auth_failure
operator: "=="
value: true
plain_english: The phone could not log into the SIP server.
action: Verify the SIP username, password, and server address.
Keep one template per device type and add checks as you discover new problem patterns. View and browse all templates at Templates →
PCAP Analysis
Upload a packet capture on the PCAP page to get an AI-assisted root cause analysis. The PCAP analyzer inspects SIP dialog flow and RTP streams and classifies every finding as VERIFIED, INFERRED, or UNCONFIRMED so you always know how certain the conclusion is.
- VERIFIED — confirmed directly from packet evidence (e.g., 401 Unauthorized with no retry)
- INFERRED — strongly implied by the evidence (e.g., one-way audio with NAT mismatch in SDP)
- UNCONFIRMED — possible based on symptoms but not directly observable in the capture
- NOT_OBSERVABLE — would require evidence not present in this capture to confirm
Common VoIP Problems
| Symptom | Likely Cause | What to Check |
|---|---|---|
| One-way audio | NAT traversal / SIP ALG | Disable SIP ALG; verify STUN/TURN; check SDP IP in INVITE |
| Calls drop after 30s | SIP session timer / firewall | Check re-INVITE handling; confirm firewall allows mid-call SIP |
| No audio at all | Firewall blocking RTP ports | Open UDP 10000–20000; verify NAT hairpin support |
| Calls fail with 401 | SIP auth misconfiguration | Verify username, password, realm; check 401 retry logic |
| Calls fail with 404 | Routing / dial plan | Confirm DID is provisioned; check dial plan and trunk routing |
| Echo / noise | Codec mismatch or jitter | Align codec lists; check QoS/DSCP; measure jitter on the path |
| Calls not ringing | DNS / SIP connectivity | Verify DNS resolves SIP server; check firewall rules for port 5060 |
FAQ
nethero.exe) is a self-contained Windows executable. No installation, no admin rights, and nothing is left on the machine after you delete the file.callsentry.log file and a callsentry-report-*.json file appear next to the application.