Books on hacking, cracking, exploiting, and breaking software seem to get all of the attention in the security world. However, we need more works like Mike Schiffman's 'Building Open Source Network Security Tools' (BOSNST). I regret having waited so long to read BOSNST, but I'm glad I did. Schiffman's book is for people who want to build, not break, software, and the way he describes how to create tools is enlightening.



The major theme I captured from BOSNST was the importance of creating useful code libraries. Six of the book's 12 chapters focus on libraries which provide functions for application programmers. While not all have gained the same amount of fame or use, the author's approach remains sound. Libraries are the building blocks around which numerous tools can and should be built.



This theme helped me understand the evolution of RFP's Whisker CGI scanner, released in Oct 1999 and deprecated in May 2003. Whisker lives on as a library, Libwhisker, in the Nikto Web server scanner. Similarly, Schiffman's chapter on Libsf mentions the utility of creating a library offering the functionality of the popular Nmap scanning tool. (Unfortunately, I haven't seen progress on this. Nmap author Fyodor last mentioned 'Libnmap' in his 2003 Nmap features survey, and it's not apparent in the tool's latest version.)



I found the six library chapters to be helpful. Some of the code has stagnated since 2002 (Libnids, Libsf), while some has continued to evolve (Libpcap, Libdnet, OpenSSL). Schiffman provides good explanations of buffer overflow and format string attacks in ch 10, and I thought his state machine-based port scan detector (Descry) in ch 11 was innovative.



One of the strongest sections of BOSNST is ch 12, where the author provides a 25-page code walkthrough of his Firewalk tool. This chapter is the model for anyone seeking to explain tool internals. Schiffman offers flowcharts, context charts, and explanations of code snippets. He doesn't simply dump page after page of C code in front of the reader. (Most chapters of BOSNST do conclude with the full source code for sample tools, however.)



I have no real complaints with BOSNST. I found minor errors in two diagrams (p 220, 223 should show the SYN/ACK or RST reply coming from the target, not to the target). Schiffman's writing style is clear and engaging, which makes a difference when explaining functions in code.



Those who want to learn how to assemble their security expertise in the form code libraries should read BOSNST. Those who wish to use the libraries found in the book, or those with similar functionality, should also read BOSNST. I look forward to Schiffman's next book, where hopefully he will finally update his biography to say 'AFIWC' (for 'Air Force Information Warfare Center') instead of 'AFWIC' (aka the UN's 'AFrican Women In Crisis' program).

Books on hacking, cracking, exploiting, and breaking software seem to get all of the attention in the security world. However, we need more works like Mike Schiffman's 'Building Open Source Network Security Tools' (BOSNST). I regret having waited so long to read BOSNST, but I'm glad I did. Schiffman's book is for people who want to build, not break, software, and the way he describes how to create tools is enlightening.

The major theme I captured from BOSNST was the importance of creating useful code libraries. Six of the book's 12 chapters focus on libraries which provide functions for application programmers. While not all have gained the same amount of fame or use, the author's approach remains sound. Libraries are the building blocks around which numerous tools can and should be built.

This theme helped me understand the evolution of RFP's Whisker CGI scanner, released in Oct 1999 and deprecated in May 2003. Whisker lives on as a library, Libwhisker, in the Nikto Web server scanner. Similarly, Schiffman's chapter on Libsf mentions the utility of creating a library offering the functionality of the popular Nmap scanning tool. (Unfortunately, I haven't seen progress on this. Nmap author Fyodor last mentioned 'Libnmap' in his 2003 Nmap features survey, and it's not apparent in the tool's latest version.)

I found the six library chapters to be helpful. Some of the code has stagnated since 2002 (Libnids, Libsf), while some has continued to evolve (Libpcap, Libdnet, OpenSSL). Schiffman provides good explanations of buffer overflow and format string attacks in ch 10, and I thought his state machine-based port scan detector (Descry) in ch 11 was innovative.

One of the strongest sections of BOSNST is ch 12, where the author provides a 25-page code walkthrough of his Firewalk tool. This chapter is the model for anyone seeking to explain tool internals. Schiffman offers flowcharts, context charts, and explanations of code snippets. He doesn't simply dump page after page of C code in front of the reader. (Most chapters of BOSNST do conclude with the full source code for sample tools, however.)

I have no real complaints with BOSNST. I found minor errors in two diagrams (p 220, 223 should show the SYN/ACK or RST reply coming from the target, not to the target). Schiffman's writing style is clear and engaging, which makes a difference when explaining functions in code.

Those who want to learn how to assemble their security expertise in the form code libraries should read BOSNST. Those who wish to use the libraries found in the book, or those with similar functionality, should also read BOSNST. I look forward to Schiffman's next book, where hopefully he will finally update his biography to say 'AFIWC' (for 'Air Force Information Warfare Center') instead of 'AFWIC' (aka the UN's 'AFrican Women In Crisis' program).

Very well structured book with clear examples. Serves good as a reference and starting point for network programers. Highly recommended book.

This book was the perfect reference manual for the busy network administrator that needs to quickly create powerful tools to enforce and monitor network security. From concept to implementation Schiffman will give you a thorough understanding of why and how to create open-sourced security tools that you can start using immediately. Using this book as a reference I was able to create a customized network sniffer and a few vulnerability analysis tools. Another great addition to my library that I highly recommend.

This book was the perfect reference manual for the busy network administrator that needs to quickly create powerful tools to enforce and monitor network security. From concept to implementation Schiffman will give you a thorough understanding of why and how to create open-sourced security tools that you can start using immediately. Using this book as a reference I was able to create a customized network sniffer and a few vulnerability analysis tools. Another great addition to my library that I highly recommend.

If you don't read the man pages then this book is for you. After reading the glowing reviews I went out to purchase this book. I am extermely dissappointed. The lion-share of the book is merely API description. There are some neat examples in every chapter, but they are available on the internet... The end chapters of the book are well written concise summaries of known techniques and concepts (possibly the only redeeming component of the book)
After using libnet I was expecting something great from the man who wrote such an awesome library. Experienced programmers should use the man pages. If you're new to information security topics then you might find this book useful.
A newbie would be well served by this book.

I found this book to be extrodinarily helpful. Easy to follow, but with very detailed code examples, I came away from this book with a much better understanding of the open source software libraries available to me.

I highly recommend this book to anybody who intends to use libnet, or libpcap, or any of the other open source libraries.

This exclusive book by Mike Schiffman, a recognized security authority, will not make a good bedtime reading even for the majority of hardcore security professionals. However, the value of this book is not in how fun it is to read, but in the amazing depth and breadth of network security material.

Starting from interesting and original security tool taxonomy - attack, active recon, passive recon and defense -, the book takes the steep road uphill towards the descriptions of several popular security libraries (two written by the book author himself). Libnet (packet injection), libpcap (packet capture), libnids (network IDS development), libsf (OS fingerprinting), libdnet (network parameters manipulation) and openssl (crypto) are covered in the excruciating level of detail. Code and API walkthrough, all functions, variables and primitives are covered complete with usage notes for various platforms. Each chapter is topped off by a complete security tool example, designed and developed using the library. Many pages of superbly commented tool source code are included in the chapter end.

Complete code is also provided at the publisher download site. Experimenting with the code is a good part of the fun brought by the book, so download is highly suggested.

The book is most useful for those wishing to gain truly in-depth understanding of network security tools and for aspiring tool builders. After all, the book is much easier to read and understand then just plain source, even if well commented.

Another bonus is a comprehensive description of buffer overflow and format string exploits, provided in the chapter on attacks and vulnerabilities.

The book ends with painfully detailed "firewalk" recon tool description, created by Mike Schiffman. It starts with design (with flowcharts and diagrams) and goes onwards to implementation and code walkthrough. 2200 lines of tool source code conclude this mighty volume.

Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

It is rare to find that such an in depth book on coding is this easy to read and understand It's really encouraging me to get off my [butt] and to start doing some coding again.

If you are a network security programmer this is the right book to read. For shure it helps you with good examples that you can use to test, learn and start building your own network security tools.

It offers you a very good overview about the most known packet contruction, modification and analizys libraries used in most widely network security tools.

Even though, if you are just curious about the way things work, this book still is a very good buy, because in a easy and clear way you will understand the way to use these libraries.

If you have any doubts, you can just send an email to the author, and guess what! He always reply to you!

To finish, I just want to say...Thanks Mike!
Keep up the good work!

After purchasing "Building Open Source Network Security Tools" I was able to write a full featured libnet 1.1.x based utility for a work related project in four days. I had no previous experience with the libnet library and was extremely impressed with how easy it was to build the tcp/udp/icmp/igmp/ip packets that I needed. The sample programs were short enough (and commented well enough) that I was able to hit the ground running.