The Three Faces of StEve. Even agree that in focussing so much attention on the 'sockets' question in XP, his credibility will suffer Next wolf-call (although.. we might just see some Interesting new DOS-attacks.. any old time someone has the gumption to exploit all those New places - no?) What was that /. bumper sticker (which I'd almost slap on my own bumper, for a time)

My other computer is your IIS server Cackle\ufffd

Whether the "raw sockets" aspect shall play a role or not [??]

Wish you'd send that exact criticism to Rick at Radsoft. In fact I am annoyed that, in his "Gallery" with icons for all the tools - there seems to be nowhere a comprehensive listing of the capabilities - especially in decoding the Names! to correspond with the tool use. I agree that his'marketing' is deficient.

Since I don't exploit most of them, I can't give much of a useful review. It is a fact that most are indeed small in size; some can generate multiple data tables of related arcanery re network performance - in a few 10s of Kbytes. Dunno of one of their utils ever crashing anything of mine or on a friend's small network.

Here's a sample of the doc. for just one of the more useful utils - "Spike"

Spike/Spike7

Spike offers what most sockets bundles do, even adds a few new functions of its own, yet weighs in not at several hundred kilobytes but at only a fraction of that - leaner and meaner by a factor of thirty or more.

Spike is written to integrate into your desktop and your work on the Internet. It fires up and disappears immediately to your system tray. Its appearance can be toggled at any time. It retains its data from appearance to appearance (very important). It does not require copying and pasting from entry field to entry field to get the job done - all functions share the same fields.

And Spike7, a departure from Spike with many additional features, does not even need a bigger shoe.
Multithreaded

Spike is multithreaded, meaning that while it's working for you, you can make it disappear and go on to something else.

All functions have their own output windows, so while you're waiting for an answer for one query you can go about dealing with the data returned from another. Less clicking in vain, more speed.
Verbose Diagnostics

Spike's utilities - and especially its Block, Ping, and Trace functions - offer the most verbose diagnostics found in any sockets bundle on the market today. All possibilities are accounted for and reported on intelligently, where most Windows sockets bundles will simply print "no response". Almost all functions begin with a DNS resolution, and here again Spike reports on exactly what has transpired and does not just report back "host not found".
Raw IPs

Whenever possible Spike works from raw IPs rather than go through the DNS to retrieve the details of your target, saving time and making many more targets accessible.
Local Machine

The basic info returned by the TCP/IP layer when starting up.
Block

Reports on IP "blocks". Starts at any URL or IP and then resolves away, pinging too if you wish, reporting on the "neighbors" and what they're up to.
Chargen (Spike7 Only)

Tickles the remote server's character generator.
Daytime

Not an NTP function but a standard feature of many Internet servers, which send back the time of day as a readable ASCII string, from their corner of the world, as they see it.
DNS

Authoritative domain name service information on either an IP or a URL. Detours around the local hosts cache, unlike many sockets bundles which simply tell you what your local machine already knows (not exactly the point of it all). This and the other Spike functions also work well in a LAN, whereby the type of address returned can vary.
Finger

Takes an email address, or often just a host. When fingering a remote server, try putting an '@' in front of the name if it doesn't work without. Sometimes the email address is only symbolic - finger InterNIC for an example. Availability is always dependent on the remote host. Some implement it to show you who's online, some implement it for other things, some do not implement it at all. But check your own ISP email address and see what's being broadcast about you.
Get (Spike7 Only)

Gets both the HTTP header block (see below) and the target page. Can handle web pages of up to one megabyte (1MB) in size.
Head

Unique to Spike. Gets the HTTP header block from a host, with info on web server software, operating system, the cookies it's going to try to get your browser to eat, and so forth.

Because Spike parses URLs in strict accordance with the RFCs, any port or relative page on a remote server may be used, although port 80 (HTTP) is the default.
Ping

Attempts to access a remote host and reports back with the IP returned by that host and the "round trip time" (Rtt) taken to bounce back. The number of pings, packet size, timeout, and delay are variable.

Spike only makes a ping attempt once, in contrast to many other bundles, where you never know if your remote host was really accessible on the first attempt or not. Part of the idea with a ping is to find out not just if a remote host is accessible, but exactly how accessible it is.
Quote (Spike7 Only)

Finds you a fortune cookie.
Trace

Traces the route to a remote URL or IP. Attempts access to all hops up to three times.

Spike really tells you if you arrive at your destination. If you do arrive, you might not actually recognize the URL reported back, so Spike prints "Arrived" in its far right status window when the trace completes successfully.

Interpreting trace results takes learning: if you're suffering from a slow connection, and a trace shows that one hop is particularly slow, it's not that hop that's the culprit, it's the one before it.
Whois

Tells you who someone is, given a URL, through the auspices of one of a number of Whois servers.

With the new world order as regards the accredited ICANN registrars the number of whois servers world-wide has risen dramatically. The most important of these are still the same.
whois.apnic.net The Asia Pacific Network Information Center.
whois.arin.net The American Registry for Internet Numbers.
whois.crsnic.net The NSI referral server. Information on com, edu, net and org domains.
whois.geektools.com A sophisticated Perl referral script which by using whois.crsnic.net can find almost any registered domain in the world, obfuscated or otherwise.
whois.networksolutions.com NSI after the metamorphosis.
whois.nic.gov The US government network information center.
whois.nic.mil The US DoD network information center.
whois.ripe.net "Reseaux IP Europeens" - the European Network Coordination Centre.
Copy & Paste

All Spike's output windows are context menu sensitive; all clipboard operations render data in a text editor readable format.
Making Life Easier

The RFC specification for a URL looks something like this:
URL = Prefix + "://" + Domain [+ ':' + Port] [+ '/' + RRL] [+ '?' + Query]

Which is all fine and good when you want to access a web page, but not always so good with other ports. Yet you normally won't have to edit your URL at all - again, Spike makes life easier for you. (Spike7 will also function as a generic port scanner precisely because of its URL parsing capabilities.)

Disk image sizes: 13,824 bytes (Spike, Spike7).

Copyright \ufffd 2002 radsoft.net. All rights reserved.

Alas - these descriptions (except too-abbreviated ones) are not all gathered together. Dunno if they are on the site either!

Worth $100? If I were a Pro, I'd think so. Certainly helped me diagnose a few things which I'd otherwise have been clueless about - but then..



Ashton