Doug Vitale Tech Blog

SamSpade and SamSpade.org

“SamSpade” can refer to either the Sam Spade network scanning and query tool or to the defunct SamSpade.org website that offered various network lookup features.

SamSpade.org bannerSamSpade.org screenshot

SamSpade.org has been offline for quite some time and its functionality has been replicated on many other similar websites. So I will move on to the Sam Spade networking lookup utility.

Although SamSpade.org is offline, you can still download the Sam Spade security tool on Softpedia or on Major Geeks. Version 1.14 was released in December 1999, making SamSpade one of the oldest network security tools. Sam Spade has not been updated since that time.

Like many of the tools described in this blog, Sam Spade is basically a graphical program providing a collection of network query commands, each of which is available individually for command line use (for example, nslookup, whois, tracert/traceroute, etc).

Sam Spade main interface

The SamSpade v1.14 main interface

As you can see, the Sam Spade graphical user interface (GUI) is dated and not entirely intuitive, so each section will be explained.

The address bar in the top left corner is where you type the IP address or domain name to be queried. If you enter an IP address in this field and type ‘Enter’ or click the arrow, SamSpade will attempt to look up the owner of this address. If you enter a domain name, a Whois query on that name will be performed.

The numeric field to the right of the pink arrow lets you specify the quantity of packets to send with each ping.

The drop-down menu to the right of the ping count field lets you choose which server to use for whois queries. If you keep this field as its ‘Magic’ default, Sam Spade will try multiple servers if needed to find the owner of the block.

The next field over (top right corner) lets you specify a DNS server to use.

The last section of the top menu lets you configure Sam Spade to use one window or multiple windows when you use its Web function (described below).

The buttons on the left side of the GUI are more self-explanatory since they are labeled. Here you will find the options for ping, DNS (forward and reverse lookups), whois, IP block lookup, dig, traceroute, finger, SMTP (for email addresses), time (to check the time on a remote host), Web (to view the HTML source code of a webpage), Awake (to keep a dialup connection alive), RBL (to check if an address is listed in a Mail Abuse Prevention System [MAPS] blacklist), and Abuse (to find the abuse email address for a domain). The functions of these buttons can also be accessed in File -> Tools.

To access Sam Spade’s configuration options, select Edit -> Options.

SamSpade configuration options

The SamSpade v1.14 configuration options

In the Advanced tab you can enable DNS zone transfers, active probing (enables port scanning), and relay checking (a way to tell whether an SMTP server allows anyone to relay email by trying to relay an email through it back to your email address).

To read more on Sam Spade, consult the program’s Help file by selecting Help -> Help Topics (to read the Sam Spade Help file on Windows Vista or Windows 7, you must install Microsoft’s WinHLP32.exe manually). Additionally, Windows IT Pro offers its own review of Sam Spade.

Recommended reading

If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book using the links below. Thanks!

Network Security Assessment on Amazon Network Security Assessment Network Security Bible on Amazon Network Security Bible

Network Security Auditing on Amazon Network Security Auditing Security Power Tools on Amazon Security Power Tools

About these ads

Written by Doug Vitale

November 21, 2011 at 12:53 PM

%d bloggers like this: