|Home » Learning Curve » ACP Guru
Spiking the Network
Finding your way around the system and the net both.
The ACP network utility bundle Spike beats Apple's own hands down; that much is known and accepted. Apple's is based on running command line Unix programs behind the scenes; Spike runs on its own code taken in great part from earlier projects on other platforms, the one exception being 'trace' which requires root access to adjust the 'time to live' values for the packets. But even this code is Spike's own.
Block is part of a common task known as 'fingerprinting': for whatever reason finding out who else is on a subnet. If you want to find out who else is at home you simply tick the box for 'ping'.
Should you feel really ambitious you can scan an entire B-class network with 16,777,216 IP addresses.
You can input either an IP or a domain.
DNS is used to resolve domains, IPs, and LAN machines. But what if it reports back 'connection failed' for a given IP?
All is not lost: simply click on the last tab ('Whois') and try again. Spike is set by default to query the GeekTools service; this service will automatically choose the ARIN service; and you'll get back information from ARIN identifying the IP.
At times you'll get back something like the following.
GeekTools Whois Proxy v5.0.4 Ready.
Final results obtained from whois.arin.net.
AT&T WorldNet Services WORLDNET-MIS3 (NET-209-64-0-0-1)
184.108.40.206 - 220.127.116.11
AT&T WorldNet Services ATTSVCM-209-64-0-0 (NET-209-64-0-0-2)
18.104.22.168 - 22.214.171.124
Notice what's going on: ARIN is telling you who owns what block and who within a given block has a specific IP range. In the above example it's AT&T who own it all; but given within parentheses are the net block owners.
Take the final example (NET-209-64-0-0-2) and feed that back into Whois again.
GeekTools Whois Proxy v5.0.4 Ready.
Checking server [whois.arin.net]
OrgName: AT&T WorldNet Services
Address: 200 S. Laurel AVE.
NetRange: 126.96.36.199 - 188.8.131.52
Get & Head
Get and Head are related; both show you the HTTP headers your browser won't show you; Get fetches the entire page whilst Head settles for the headers. And those headers can tell you a lot. You'll most likely be able to see which software the server's running; you might be able to see when a page was last modified; you'll see attempts to plant cookies and other goodies.
HTTP/1.1 200 OK
You can also set the 'user agent' from a dynamic array storeds in the file agents in the bundle resources directory. Currently 40 user agents are supplied; you're free to add to this array any way you like.
There's also additional functionality for Get and Head behind the 'more' button. You can set the 'accept' data types, insert cookies to send to the remote server, specify the host if the IP is shared, indicate a 'referer' [sic] URL, and set the HTTP access type (1.0 or 1.1).
Ping uses ICMP to poll the responses of remote sites. It's similar in function to Trace but implemented differently. It will also show you the fastest, slowest, and average responses. Set the number of pings to zero for a flood. But be nice.
Apple's Network Utility doesn't work very hard for you on Whois queries, offering servers only at internic.net, networksolutions.com, arin.net, nic.mil, ripe.net, apnic.net, and nic.ad.jp. They're not going to get you far. They're baked into the executable; you can add more servers of your own but you have to do this either with defaults or by editing the preferences file directly.
Spike comes with an array of (currently) 119 whois servers. This array exists as a standalone (and editable) text file. It's updated regularly from the list supplied by the GeekTools proxy; most importantly you can set your default server so that clicking on the 'reset' button returns you in an instant. [The array is stored in whoises in the bundle's resources directory.]
Conclusions & Comparisons
Network Utility has 'Netstat' - a feed from the command line netstat; 'Lookup' - which uses dig and nslookup which you already have on disk too; 'Whois' - which is also a feed from the Unix command line program; a very dreary port scan; and 'Finger' - also a command line feed and worse: it's mostly obsolescent today.
000000000000aab5 Lookup has started ...
000000000001bb48 Lookup has started ...
0000000000009d46 Finger has started ...
000000000001add8 Finger has started ...
00000000000092ae Traceroute has started ...
000000000001a254 Traceroute has started ...
0000000000009a46 Whois has started ...
000000000001aad8 Whois has started ...
For that caliber of functionality you might as well stay on the command line. This is basically no better than Cocktail.
All of Spike's features are widely used today. Block, Get, and Head are not found in Network Utility and Network Utility counterparts to Spike functions generally pale in comparison. Spike only runs one function from the command line - out of necessity - and then uses its own customised and highly optimised code.