Jon Snader's Home Page

Personal Information

• Jon C. Snader
  5302 Rollinsford Ct.
  Tampa, FL 33624
  
• email: jsnader@ix.netcom.com
• PGP Key
• FAQ

Now available from Addison-Wesley: VPNs Illustrated: Tunnels, VPNs, and IPsec VPNs Illustrated is now available from the publisher and other book sellers. Table of Contents Errata (last updated April 8, 2010) Sample Chapter: Chapter 5: Virtual Private Networks. Chapter 5 is a short introduction to virtual private networks. The chapter, along with the rest of Part 2, serves as a transition between the tunneling technology discussed in Part 1 and IPsec, which is discussed in Part 3. Download Chapter 5 (ps, pdf) Source code and configuration files from the book (gzipped tar file) (zip file). Here are some useful security links that point to software mentioned in the book as well as other useful information (last updated Sept. 18, 2006).

Effective TCP/IP Programming

Effective TCP/IP Programming, published by Addison-Wesley, is now available. About the book:  What's in the book and where to get it. Table of Contents Errata (last updated 02/08/10) Two sample tips (Tips 2 and 38) from the book (PostScript). Source code to the example programs, library functions, and skeletons from the book (gzipped tar file) (zip file). Did I forget something? Email me if there are additional areas or tips that you would like to see covered.

Useful TCP/IP Links

Under Permanent Construction:  These are links that I use all the time to find information concerning TCP/IP.

• Rich Stevens's Home Page contains links to his books, the source code described in them, and has copies of many hard to find papers and email messages concerning networking.

• Douglas Comer's Home Page has links to information about his networking books and TCP/IP stack and to the XINU books and source code.

• Craig Partridge's Home Page has links to some of his papers, including "Implementing the Reliable Data Protocol (RDP)." The source code for RDP is also available.

• The IETF Home Page has lots of useful information, including links to the RFCs, Internet Drafts, Mailing Lists, and Working Groups.

• The Internet Assigned Numbers Authority has the most up to date list of assigned numbers. This is the place to look if you want to know what service uses TCP port 25, what the ICMP message type and code parameters are, or any of the many other numbers used by the Internet.

• The Lawrence Berkeley National Laboratory's Networking Research Group has links to many important networking research papers, as well as source code distributions of important networking tools such as tcpdump, traceroute, libpcap, and arpwatch.

• Patches and updates to tcpdump and libpcap are available from the TCPDUMP Group. The latest versions are tcpdump v3.9.5 and libpcap v0.9.5. See the tcpdump change log for the new features added in this release.

• The WinDump Home Page has a version of tcpdump that runs under Microsoft Windows. Also available are Windows versions of BPF and libpcap.

• A reimplementation of Van Jacobson's pathchar utility, pchar, is now available with source code. The pchar utility attempts to characterize such end-to-end characteristics as the latency and bandwidth of a network path.

• The TBIT home page has information on tbit, the TCP Behavior Inference Tool. Using tbit one can test the behavior of a remote TCP stack. The software and papers describing the system are available on the site.

• Geek Tools has some useful software, a list of traceroute servers that allow you to run a traceroute from most parts of the world, and other useful resources.

• The ttcp test tool, as described by Mike Muuss is available from SGI. A version with the enhanced statistics added by John Lin is also available.

• Uri Raz's TCP/IP Resources List is an excellent starting place to find information about TCP/IP. It contains numerous links to web sites, books, FAQs, tutorials, and other information.

• Google Groups has a vast archive of postings from the Usenet News Groups. Google has resurrected the Deja.com archive, after a long period of unavailability. Google has managed to find copies of the early postings, and the archive now goes back to 1981. There's a great story about it in Salon.

• Luigi Rizzo's dummynet is a flexible traffic shaper and protocol testing tool. Although dummynet is a part of FreeBSD, a stand alone version on a bootable floppy is also available. Some folks at HP have ported dummynet to HP-UX 11/11i. Although officially unsupported, you can get a copy from the HP FTP Archive.

• Victor Abell's lsof is a must have tool for UNIX users needing to know what processes have a file or socket open.

• Want to know some of the history of the ping utility, or the real reason for its name? Follow this link for The Story of the PING Program. You'll also find a link to the ping source code there.

• The Usenet Info Center Launch Pad is a great place to get information about Usenet and the newsgroups.

• Intermedia Communications has Looking Glasses for various Public NAPs. These allow you to check the BGP routing table, to run a traceroute or ping from the NAP, and to check various other statistics concerning the NAP.

• For years I've used these pages from Rich Stevens as a handy reference for the layout of IP, TCP, and UDP headers. The problem is I have to keep them in a notebook, so they aren't as portable as I'd like. Recently, I received this pocket guide from the folks at the SANS Institute. The pocket guide format makes it easy to carry around, and to keep copies in my briefcase, laptop carrying case, and other strategic places.

  There were still a few items missing, however. For one thing, the names of the fields themselves were not given. Since I sometimes have to grub around in the headers, it's useful to have the names handy. There were a couple of other things, too. For example, I can never remember the exact layout of the sockaddr_in structure. Therefore, I made up my own pocket guide with the information that I usually need. Perhaps you'll find it useful as well.
  Updated 9/16/02: I added the (BSD) TCP state numbers, which, believe it or not, turns out to be useful.

• The netcat program is an extraordinarily useful tool. It's a Unix utility that can read or write data (hence “cat”) across a network connection using either TCP or UDP. It can perform many of the tasks that I wrote special little programs for in Effective TCP/IP Programming. Among its many uses are scanning ports, file transfers, firewall testing, and network performance testing. It's available as a FreeBSD Port, but a general distribution for other Unix systems can be found here. There's also a GNU version of netcat available at SourceForge, which I haven't used. Finally, there's a project to port netcat to NT on SourceForge. That project appears to be in the early stages.

  There's a nice netcat tutorial on SecurityDocs.com

• The hping utility is another extraordinarily useful test tool. Despite its name, hping can send TCP and UDP as well as ICMP packets, and it allows you to control virtually all the flags and parameters in those packets. For example, if you want see how your TCP/IP stack handles a TCP packet with both the SYN and FIN flags sets, hping makes it easy. It has more capabilities than can be described here, so you should visit its Web site for complete details. Source code for Linux, *BSD, Solaris, and MacOS X can be downloaded from the Web site. It's also available as a FreeBSD Port.

• I recently came across this video of an interesting lecture by Van Jacobson, one of my heroes and surely one of the smartest men in networking. It's well worth watching.