ACKing Networking
September 30, 2008 7:45 PM Subscribe
Grokking TCP/IP and other network protocols is hard. Richard Stevens' classic text, TCP/IP Illustrated Volume 1: The Protocols is probably the clearest, and easiest to understand reference you'll find on the topic. Concisely breaking down the protocols at the bit level, this is the place to go if you really want to get your hands dirty in the TCP/IP stack.
If you want extra credit, you can even set up a few Virtual Machines and follow along using Wireshark as a packet sniffer. Once you've got your feet wet, you may also want to delve into these other beautifully rendered protocol diagrams.
If you want extra credit, you can even set up a few Virtual Machines and follow along using Wireshark as a packet sniffer. Once you've got your feet wet, you may also want to delve into these other beautifully rendered protocol diagrams.
This post was deleted for the following reason: Ack. The main link does indeed look like a bit of (however unintentional) piracy, and without it there's not really so much of a post here. Maybe someone can try this again at some point with a focus on some in-the-clear resources? -- cortex
Thanks for the link Blazecock, I was afraid of linking to a merchant, just because this is my first post, and I was being paranoid about making the post non-commercial.
I'd like to add that the hard copy is really worth it, if only for the fact that the online scans are significantly less clear than the originals diagrams.
posted by sp160n at 8:08 PM on September 30, 2008
I'd like to add that the hard copy is really worth it, if only for the fact that the online scans are significantly less clear than the originals diagrams.
posted by sp160n at 8:08 PM on September 30, 2008
I read this book cover to cover when it was new just cause this new internet thing seemed interesting. Some years later I remember being a little saddened that things like source routing had been relegated to history. The internet in the book was a much more co-operative friendly place. Maybe have to print out some of those diagrams from event helix though.. it's aways handy to have a quick glance reference.
posted by adamt at 8:15 PM on September 30, 2008
posted by adamt at 8:15 PM on September 30, 2008
this is the place to go if you really want to get your hands dirty in the TCP/IP stack.
Not be all contrary, but this is where you go if you really want to get your hands dirty.
Stevens' book is an excellent intro, though.
posted by tkolar at 8:40 PM on September 30, 2008 [2 favorites]
Not be all contrary, but this is where you go if you really want to get your hands dirty.
Stevens' book is an excellent intro, though.
posted by tkolar at 8:40 PM on September 30, 2008 [2 favorites]
It's amusing to look at the list of protocols Stevens covers, and notice what's missing...
There's no HTTP.
posted by asterix at 9:03 PM on September 30, 2008 [1 favorite]
There's no HTTP.
posted by asterix at 9:03 PM on September 30, 2008 [1 favorite]
asterix, I couldn't help but snicker myself when I read this quote from the book:
"Studies of TCP traffic, such as [Caceres et al. 1991], usually find that on a packet-count basis about half of all TCP segments contain bulk data (FTP, electronic mail, Usenet news) and the other half contain interactive data (Telnet and Rlogin, for example)."
I guess the students these days aren't taking advantage of their shell accounts.
posted by sp160n at 9:08 PM on September 30, 2008
"Studies of TCP traffic, such as [Caceres et al. 1991], usually find that on a packet-count basis about half of all TCP segments contain bulk data (FTP, electronic mail, Usenet news) and the other half contain interactive data (Telnet and Rlogin, for example)."
I guess the students these days aren't taking advantage of their shell accounts.
posted by sp160n at 9:08 PM on September 30, 2008
Oh, http is there asterix. It's just hidden under "Other TCP/IP Applications", along with Archie, Gopher, WAIS, and Veronica.
Of course, his recommendation is "To access WWW, Telnet to info.cern.ch" ;-)
posted by Pinback at 9:09 PM on September 30, 2008
Of course, his recommendation is "To access WWW, Telnet to info.cern.ch" ;-)
posted by Pinback at 9:09 PM on September 30, 2008
One of my all time favorite books. The section on WWW is priceless:
WWW: World Wide Web
World Wide Web lets us browse a large, worldwide set of services and documents using a tool called hypertext. As information is displayed, certain keywords are highlighted, and we can select more information on those keywords. To access WWW, Telnet to info.cern.ch.
posted by popechunk at 9:12 PM on September 30, 2008 [1 favorite]
WWW: World Wide Web
World Wide Web lets us browse a large, worldwide set of services and documents using a tool called hypertext. As information is displayed, certain keywords are highlighted, and we can select more information on those keywords. To access WWW, Telnet to info.cern.ch.
posted by popechunk at 9:12 PM on September 30, 2008 [1 favorite]
What was the humorously drawn guide to TCP/IP that was floating around the interbutt a few years back? I remember it being quite profane in explaining on networking and webbrowsing worked.
posted by Jonsnews at 9:15 PM on September 30, 2008
posted by Jonsnews at 9:15 PM on September 30, 2008
It forms the basis for what is called the worldwide Internet, or the Internet, a wide area network (WAN) of more than <DrEvil> one million computers </DrEvil> that literally spans the globe.
posted by Samuel Farrow at 9:16 PM on September 30, 2008 [2 favorites]
posted by Samuel Farrow at 9:16 PM on September 30, 2008 [2 favorites]
This "World Wide Web" sounds amazing. Does it contain pictures of cats?
posted by grouse at 9:29 PM on September 30, 2008
posted by grouse at 9:29 PM on September 30, 2008
Thank you for using the word "grokking" in the title.
posted by demon666 at 9:47 PM on September 30, 2008
posted by demon666 at 9:47 PM on September 30, 2008
And this is where you go when you want to get your head dirty.
best RFC ever
posted by Cat Pie Hurts at 10:21 PM on September 30, 2008
best RFC ever
posted by Cat Pie Hurts at 10:21 PM on September 30, 2008
spending a good chunk of my day doing dissections of traces and other things, there are some essential things to know if you want to spend some happy fun time in packetland.
1) wireshark is your friend, but until you know the display filter language and the ins and outs of some of the protocol dissectors like http, you will only be getting about 5% of the functionality. Access to protocol RFCs can also help (e.g. http)
2) looking at individual sessions is fun. pulling apart hundreds of megs or gigs worth of traffic can be skull-crushingly hard to do when dealing with raw pcaps. look at Argus or SANCP for summarizing large traffic dumps.
3) tcpdump -nnqi can be more fun than tshark because it produces minimally decorated ascii output that can be piped through awk/sed/cut/sort stuff.
4) would like to do stuff like pull email attachments from smtp traces and files from ftp/http traces? chaosreader is pretty simple, and usually a pretty good bet. gets lost in some types of traffic, but generally works.
5) daemonlogger is wicked cool if you want to have a rotating ring buffer of network packet storage. As long as you've got access to disk that can keep up with your max burstable bitrates, it is extremely worthwile to throw a few hundred gig at to keep the past N days history of network traffic for those "wtf was that" moments when you wish you could rewind time.
posted by rye bread at 10:21 PM on September 30, 2008 [15 favorites]
1) wireshark is your friend, but until you know the display filter language and the ins and outs of some of the protocol dissectors like http, you will only be getting about 5% of the functionality. Access to protocol RFCs can also help (e.g. http)
2) looking at individual sessions is fun. pulling apart hundreds of megs or gigs worth of traffic can be skull-crushingly hard to do when dealing with raw pcaps. look at Argus or SANCP for summarizing large traffic dumps.
3) tcpdump -nnqi can be more fun than tshark because it produces minimally decorated ascii output that can be piped through awk/sed/cut/sort stuff.
4) would like to do stuff like pull email attachments from smtp traces and files from ftp/http traces? chaosreader is pretty simple, and usually a pretty good bet. gets lost in some types of traffic, but generally works.
5) daemonlogger is wicked cool if you want to have a rotating ring buffer of network packet storage. As long as you've got access to disk that can keep up with your max burstable bitrates, it is extremely worthwile to throw a few hundred gig at to keep the past N days history of network traffic for those "wtf was that" moments when you wish you could rewind time.
posted by rye bread at 10:21 PM on September 30, 2008 [15 favorites]
aw crap - forgot one of the most basic -
6) know the pcap filter syntax also - it is documented in the tcpdump man page. wireshark uses it as a first level of capture filtering.
posted by rye bread at 10:29 PM on September 30, 2008
6) know the pcap filter syntax also - it is documented in the tcpdump man page. wireshark uses it as a first level of capture filtering.
posted by rye bread at 10:29 PM on September 30, 2008
If you're interested in a hard copy
You mean "legitimate copy", right?
As for HTTP, it wasn't really an established protocol when the book was written. The preface is dated "October 1993", which is only a few months after the first version of Mosaic had been released. The first HTTP RFC is from 1996.
posted by effbot at 10:57 PM on September 30, 2008 [1 favorite]
You mean "legitimate copy", right?
As for HTTP, it wasn't really an established protocol when the book was written. The preface is dated "October 1993", which is only a few months after the first version of Mosaic had been released. The first HTTP RFC is from 1996.
posted by effbot at 10:57 PM on September 30, 2008 [1 favorite]
sp160n writes "I was afraid of linking to a merchant, just because this is my first post, and I was being paranoid about making the post non-commercial."
No worries with Amazon. Mefi thows its referral code into Amazon URLs, so the associated purchases go to support mathowie's decadent lifestyle. This link alone could be what pays for mathowie's next tattoo, "COLDFUSION 4 LYFE."
posted by mullingitover at 10:57 PM on September 30, 2008 [1 favorite]
No worries with Amazon. Mefi thows its referral code into Amazon URLs, so the associated purchases go to support mathowie's decadent lifestyle. This link alone could be what pays for mathowie's next tattoo, "COLDFUSION 4 LYFE."
posted by mullingitover at 10:57 PM on September 30, 2008 [1 favorite]
This book is actually propping up a table in the office next to mine. Sort of tragic.
I know it would be an easier read if Scott McCloud did the "illustration" part.
posted by rokusan at 1:33 AM on October 1, 2008
I know it would be an easier read if Scott McCloud did the "illustration" part.
posted by rokusan at 1:33 AM on October 1, 2008
As much as I like this post, the main link seems to be a pirated version of a very worthwhile book. Not cool.
posted by splice at 3:45 AM on October 1, 2008 [2 favorites]
posted by splice at 3:45 AM on October 1, 2008 [2 favorites]
In case you have not hear - it seems that TCP/IP may have a basic flaw. I've spend no time yet listening to this but one can go to slashdot and read the crap here
posted by rough ashlar at 5:30 AM on October 1, 2008
posted by rough ashlar at 5:30 AM on October 1, 2008
As much as it saddens me to say this (since it is my first post), it does look like it is a pirated version, I for some reason thought it was on an edu domain making it more legitimate (I read rsu.ru as rsu.edu).
Perhaps linking straight to amazon, and moving up the event helix link, which is interesting enough all by itself would be a solution.
posted by sp160n at 7:22 AM on October 1, 2008
Perhaps linking straight to amazon, and moving up the event helix link, which is interesting enough all by itself would be a solution.
posted by sp160n at 7:22 AM on October 1, 2008
I sold my copy (actually copies of volume 1, 2, and 3) on eBay a couple moves ago. Was surprised how much it went for.
posted by These Premises Are Alarmed at 8:31 AM on October 1, 2008
posted by These Premises Are Alarmed at 8:31 AM on October 1, 2008
The post would be cool if it wasn't for the link to unauthorized copyrighted material.
Can I now make a movie review post and provide a DivX download link?
posted by mrbill at 8:39 AM on October 1, 2008
Can I now make a movie review post and provide a DivX download link?
posted by mrbill at 8:39 AM on October 1, 2008
you know who else liked the protocols of the elders of tcp/ip?
posted by yonation at 9:37 AM on October 1, 2008 [1 favorite]
posted by yonation at 9:37 AM on October 1, 2008 [1 favorite]
« Older Man saves dog from shark attack | Horror for the casual insomniac Newer »
This thread has been archived and is closed to new comments
My rating: 4 octets up!
posted by Rafaelloello at 7:55 PM on September 30, 2008