Networking optimize

Sam Spade: The Swiss Army Knife of network analysis

For a variety of network analysis and management functions, consider putting Sam Spade to work. As Jason Hiner explains, this free, downloadable utility offers a versatile suite of TCP/IP and internetworking tools.

Every administrator’s computer contains a toolbox full of useful utilities for network management. These can include performance and diagnostic counters, network packet analyzers, remote control programs, administration modules for server software, and a variety of other tools. If your organization’s connected to the Internet 24/7, I would recommend that you consider adding Sam Spade to your toolbox. Sam Spade for Windows offers a suite of tools for protecting against spam on mail servers, analyzing and troubleshooting Web servers, and gathering information on Internet hosts.

Many of these utilities were previously available only on UNIX machines. Most are aimed at stopping and tracking down spammers. Nevertheless, you can also use Sam Spade to gather some great general information about your network. This information will help you identify areas where hackers can gather too much information about your hosts, in addition to helping you keep your mail servers protected from spam.

One of my favorite features of Sam Spade is that it’s free. If you’re a Windows user, simply go to their Web site and download the latest version. On the main page, you’ll also find online versions of many of these networking tools. These are helpful when you are away from your main workstation or at a computer connected to the Internet behind a very restrictive firewall. Otherwise, the Windows version of Sam Spade is preferable because of its fast and easy access to a variety of tools and because you can run a number of different inquiries simultaneously.

Configuration
Once you download Sam Spade and install it on your workstation, you’ll want to configure a few settings. First, open Sam Spade and click Edit | Options, as shown in Figure A. In the Basics tab, enter your default DNS server (or use DHCP), your e-mail address, so that you can do SMTP relay checking, and your ISP’s Web server, so that you can use the Awake feature to have Sam Spade send out periodic packets to keep a dial-up connection from being dropped.

Figure A
Basics tab of the Options dialog box


Using the tools
Sam Spade has a nice user interface, as shown in Figure B. It combines many of the traditional TCP/IP tools with some unique tools that give an administrator a great look at a network. Best of all, these tools are combined in one package. You’ll find versions of ping, nslookup, and traceroute. And the Sam Spade versions are intuitive and flexible, especially when compared to the Windows versions of these TCP/IP tools. For example, with the ping feature, you can set the number of echo requests you prefer on the toolbar; then, every time you use ping, it will use that setting. At the command line, you have to use a switch such as “ping -n 2” each time you want to set the echo number.

Figure B
Example of Sam Spade user interface


The traceroute feature is one of my favorites. You can do a fast traceroute or a slow traceroute. The fast traceroute gives you the quick list of hops your packet makes from your machine to a designated host. The slow traceroute is more like the traditional traceroute utility. However, both traceroute options provide a nice graph to accompany the information, as shown in Figure C.

Figure C
Graph using the fast traceroute function


Sam Spade also includes some traditional UNIX tools, such as whois and finger. Whois is actually the default tool. If you simply enter a domain such as techrepublic.com in the Sam Spade toolbar hostname field and press [Enter], Sam Spade will return the whois information on who owns the domain name, as well as other registration information, such as the technical contact for the domain.

In addition to nslookup, Sam Spade offers a more advanced DNS querying tool called dig, which requests all the DNS records for an individual host and/or a domain. An advanced whois tool, called “IP block whois,” tries to find who owns a block of IP addresses.

Spam is its specialty
The core of Sam Spade is in its spam tools:
  • SMTP VRFY: Checks to see whether an e-mail address is a true address or if it is being forwarded.
  • SMTP relay check: Measures the security of a mail server. It attempts to relay mail externally. If it is successful, the mail server is vulnerable to being exploited by spammers looking for a third-party machine to relay their mail.
  • E-mail header analysis: Allows you to paste an e-mail address from your mail client into the Sam Spade toolbar and analyze it with all of the standard tools.
  • Blacklist lookups and Abuse.net query: Both allow you to interact with Web sites (and organizations) that track down and report known spammers.

In addition to these anti-spamming tools, Sam Spade’s help files contain some good tutorials on tracking down spammers. See Spam-tracking 101 through Spam-tracking 104 in the Manuals and Tutorials category of the help files.

Useful Web site tools
The Sam Spade suite also provides some useful Web site tools. The Crawl Web tool, shown in Figure D, allows you to search a Web site based on specific query parameters you set. It also enables you to download all the documents of an entire Web site. The program includes a Web browser that offers a raw source-code view of a Web site rather than a graphical view. The browser doesn’t send any identifying information to the host Web server. In addition, it doesn’t support any plug-ins, scripting languages, or other browser add-ons, and it doesn’t actually render the HTML into a graphical format. As a result, it allows you to see meta fields, hidden form fields, white-on-white text, and other developer tricks for disguising information.

Figure D
Crawl Web tool


Sam Spade also includes some security tools that could send up some red flags if you decide to use them to look at information on other companies, especially large multinational organizations. These tools include a port scanner, a DNS zone transfer tool, and the SMTP relay checker. The port scanner in Sam Spade is fairly basic, as you can see in Figure E, but it’s functional. For a better port scanner, go to the Eeye Web site, which offers a freeware port scanner for Windows NT and a commercial port scanner for serious hacker prevention. If you use the port scanner on another network, be aware that you can set off hacker detection programs.

Figure E
Port scanner


The SMTP relay checker we discussed above can also set off alerts for companies that carefully guard against spamming. In order to use port scanning, SMTP relay checking, and zone transfers, you have to go to Edit | Options and then click on the Advanced tab, shown in Figure F. Here, you can select any of these tools you want to use.

Figure F
Selecting security tools in the Advanced tab


Zone transfers are extremely useful for testing your own domain to make sure hackers can’t gather valuable information about your systems architecture. Once you have enabled zone transfers, go to the fields at the top of the Sam Spade toolbar and enter your fully qualified domain name in the hostname field (on the left side) and enter the IP address of one of your DNS servers in the name server field (on the right side). Then click Tools | Zone Transfer. If you see Query refused, you’re in good shape. However, if you discover that Zone Transfer has provided a list of your DNS entries, your network is vulnerable. You’ll need to disable zone transfers on your DNS servers if you are managing your own name servers, or you’ll need to call your ISP and request that it disable zone transfers if it’s doing DNS for your Internet servers.

Summary
Sam Spade offers a great suite of TCP/IP and internetworking tools. Although it’s most useful for ISP and security professionals, it can be helpful to network administrators who manage Internet servers and external security. It can also be a handy part of the network consultant’s toolbox when evaluating client sites and making recommendations for improving performance and security.
What other networking tools would you like us to write about? Start a discussion below or send the editor an e-mail.
0 comments