Sunday, March 30, 2008
DirectX explained
Ever wondered just what that enigmatic name means?
Gaming and multimedia applications are some of the most satisfying programs you can get for your PC, but getting them to run properly isn抰 always as easy as it could be. First, the PC architecture was never designed as a gaming platform. Second, the wide-ranging nature of the PC means that one person抯 machine can be different from another. While games consoles all contain the same hardware, PCs don抰: the massive range of difference can make gaming a headache.
To alleviate as much of the pain as possible, Microsoft needed to introduce a common standard which all games and multimedia applications could follow ?a common interface between the OS and whatever hardware is installed in the PC, if you like. This common interface is DirectX, something which can be the source of much confusion.
DirectX is an interface designed to make certain programming tasks much easier, for both the game developer and the rest of us who just want to sit down and play the latest blockbuster. Before we can explain what DirectX is and how it works though, we need a little history lesson.
DirectX history
Any game needs to perform certain tasks again and again. It needs to watch for your input from mouse, joystick or keyboard, and it needs to be able to display screen images and play sounds or music. That抯 pretty much any game at the most simplistic level.
Imagine how incredibly complex this was for programmers developing on the early pre-Windows PC architecture, then. Each programmer needed to develop their own way of reading the keyboard or detecting whether a joystick was even attached, let alone being used to play the game. Specific routines were needed even to display the simplest of images on the screen or play a simple sound.
Essentially, the game programmers were talking directly to your PC抯 hardware at a fundamental level. When Microsoft introduced Windows, it was imperative for the stability and success of the PC platform that things were made easier for both the developer and the player. After all, who would bother writing games for a machine when they had to reinvent the wheel every time they began work on a new game? Microsoft抯 idea was simple: stop programmers talking directly to the hardware, and build a common toolkit which they could use instead. DirectX was born.
How it works
At the most basic level, DirectX is an interface between the hardware in your PC and Windows itself, part of the Windows API or Application Programming Interface. Let抯 look at a practical example. When a game developer wants to play a sound file, it抯 simply a case of using the correct library function. When the game runs, this calls the DirectX API, which in turn plays the sound file. The developer doesn抰 need to know what type of sound card he抯 dealing with, what it抯 capable of, or how to talk to it. Microsoft has provided DirectX, and the sound card manufacturer has provided a DirectX-capable driver. He asks for the sound to be played, and it is ?whichever machine it runs on.
From our point of view as gamers, DirectX also makes things incredibly easy ?at least in theory. You install a new sound card in place of your old one, and it comes with a DirectX driver. Next time you play your favourite game you can still hear sounds and music, and you haven抰 had to make any complex configuration changes.
Originally, DirectX began life as a simple toolkit: early hardware was limited and only the most basic graphical functions were required. As hardware and software has evolved in complexity, so has DirectX. It抯 now much more than a graphical toolkit, and the term has come to encompass a massive selection of routines which deal with all sorts of hardware communication. For example, the DirectInput routines can deal with all sorts of input devices, from simple two-button mice to complex flight joysticks. Other parts include DirectSound for audio devices and DirectPlay provides a toolkit for online or multiplayer gaming.
DirectX versions
The current version of DirectX at time of writing is DirectX 9.0. This runs on all versions of Windows from Windows 98 up to and including Windows Server 2003 along with every revision in between. It doesn抰 run on Windows 95 though: if you have a machine with Windows 95 installed, you抮e stuck with the older and less capable 8.0a. Windows NT 4 also requires a specific version ?in this case, it抯 DirectX 3.0a.
With so many versions of DirectX available over the years, it becomes difficult to keep track of which version you need. In all but the most rare cases, all versions of DirectX are backwardly compatible ?games which say they require DirectX 7 will happily run with more recent versions, but not with older copies. Many current titles explicitly state that they require DirectX 9, and won抰 run without the latest version installed. This is because they make use of new features introduced with this version, although it has been known for lazy developers to specify the very latest version as a requirement when the game in question doesn抰 use any of the new enhancements. Generally speaking though, if a title is version locked like this, you will need to upgrade before you can play. Improvements to the core DirectX code mean you may even see improvements in many titles when you upgrade to the latest build of DirectX. Downloading and installing DirectX need not be complex, either.
Upgrading DirectX
All available versions of Windows come with DirectX in one form or another as a core system component which cannot be removed, so you should always have at least a basic implementation of the system installed on your PC. However, many new games require the very latest version before they work properly, or even at all.
Generally, the best place to install the latest version of DirectX from is the dedicated section of the Microsoft Web site, which is found at www.microsoft.com/windows/directx. As we went to press, the most recent build available for general download was DirectX 9.0b. You can download either a simple installer which will in turn download the components your system requires as it installs, or download the complete distribution package in one go for later offline installation.
Another good source for DirectX is games themselves. If a game requires a specific version, it抣l be on the installation CD and may even be installed automatically by the game抯 installer itself. You won抰 find it on magazine cover discs though, thanks to Microsoft抯 licensing terms.
Diagnosing problems
Diagnosing problems with a DirectX installation can be problematic, especially if you don抰 know which one of the many components is causing your newly purchased game to fall over. Thankfully, Microsoft provides a useful utility called the DirectX Diagnostic Tool, although this isn抰 made obvious. You won抰 find this tool in the Start Menu with any version of Windows, and each tends to install it in a different place.
The easiest way to use it is to open the Start Menu抯 Run dialog, type in dxdiag and then click OK. When the application first loads, it takes a few seconds to interrogate your DirectX installation and find any problems. First, the DirectX Files tab displays version information on each one of the files your installation uses. The Notes section at the bottom is worth checking, as missing or corrupted files will be flagged here.
The tabs marked Display, Sound, Music, Input and Network all relate to specific areas of DirectX, and all but the Input tab provide tools to test the correct functioning on your hardware. Finally, the More Help tab provides a useful way to start the DirectX Troubleshooter, Microsoft抯 simple linear problem solving tool for many common DirectX issues
Gaming and multimedia applications are some of the most satisfying programs you can get for your PC, but getting them to run properly isn抰 always as easy as it could be. First, the PC architecture was never designed as a gaming platform. Second, the wide-ranging nature of the PC means that one person抯 machine can be different from another. While games consoles all contain the same hardware, PCs don抰: the massive range of difference can make gaming a headache.
To alleviate as much of the pain as possible, Microsoft needed to introduce a common standard which all games and multimedia applications could follow ?a common interface between the OS and whatever hardware is installed in the PC, if you like. This common interface is DirectX, something which can be the source of much confusion.
DirectX is an interface designed to make certain programming tasks much easier, for both the game developer and the rest of us who just want to sit down and play the latest blockbuster. Before we can explain what DirectX is and how it works though, we need a little history lesson.
DirectX history
Any game needs to perform certain tasks again and again. It needs to watch for your input from mouse, joystick or keyboard, and it needs to be able to display screen images and play sounds or music. That抯 pretty much any game at the most simplistic level.
Imagine how incredibly complex this was for programmers developing on the early pre-Windows PC architecture, then. Each programmer needed to develop their own way of reading the keyboard or detecting whether a joystick was even attached, let alone being used to play the game. Specific routines were needed even to display the simplest of images on the screen or play a simple sound.
Essentially, the game programmers were talking directly to your PC抯 hardware at a fundamental level. When Microsoft introduced Windows, it was imperative for the stability and success of the PC platform that things were made easier for both the developer and the player. After all, who would bother writing games for a machine when they had to reinvent the wheel every time they began work on a new game? Microsoft抯 idea was simple: stop programmers talking directly to the hardware, and build a common toolkit which they could use instead. DirectX was born.
How it works
At the most basic level, DirectX is an interface between the hardware in your PC and Windows itself, part of the Windows API or Application Programming Interface. Let抯 look at a practical example. When a game developer wants to play a sound file, it抯 simply a case of using the correct library function. When the game runs, this calls the DirectX API, which in turn plays the sound file. The developer doesn抰 need to know what type of sound card he抯 dealing with, what it抯 capable of, or how to talk to it. Microsoft has provided DirectX, and the sound card manufacturer has provided a DirectX-capable driver. He asks for the sound to be played, and it is ?whichever machine it runs on.
From our point of view as gamers, DirectX also makes things incredibly easy ?at least in theory. You install a new sound card in place of your old one, and it comes with a DirectX driver. Next time you play your favourite game you can still hear sounds and music, and you haven抰 had to make any complex configuration changes.
Originally, DirectX began life as a simple toolkit: early hardware was limited and only the most basic graphical functions were required. As hardware and software has evolved in complexity, so has DirectX. It抯 now much more than a graphical toolkit, and the term has come to encompass a massive selection of routines which deal with all sorts of hardware communication. For example, the DirectInput routines can deal with all sorts of input devices, from simple two-button mice to complex flight joysticks. Other parts include DirectSound for audio devices and DirectPlay provides a toolkit for online or multiplayer gaming.
DirectX versions
The current version of DirectX at time of writing is DirectX 9.0. This runs on all versions of Windows from Windows 98 up to and including Windows Server 2003 along with every revision in between. It doesn抰 run on Windows 95 though: if you have a machine with Windows 95 installed, you抮e stuck with the older and less capable 8.0a. Windows NT 4 also requires a specific version ?in this case, it抯 DirectX 3.0a.
With so many versions of DirectX available over the years, it becomes difficult to keep track of which version you need. In all but the most rare cases, all versions of DirectX are backwardly compatible ?games which say they require DirectX 7 will happily run with more recent versions, but not with older copies. Many current titles explicitly state that they require DirectX 9, and won抰 run without the latest version installed. This is because they make use of new features introduced with this version, although it has been known for lazy developers to specify the very latest version as a requirement when the game in question doesn抰 use any of the new enhancements. Generally speaking though, if a title is version locked like this, you will need to upgrade before you can play. Improvements to the core DirectX code mean you may even see improvements in many titles when you upgrade to the latest build of DirectX. Downloading and installing DirectX need not be complex, either.
Upgrading DirectX
All available versions of Windows come with DirectX in one form or another as a core system component which cannot be removed, so you should always have at least a basic implementation of the system installed on your PC. However, many new games require the very latest version before they work properly, or even at all.
Generally, the best place to install the latest version of DirectX from is the dedicated section of the Microsoft Web site, which is found at www.microsoft.com/windows/directx. As we went to press, the most recent build available for general download was DirectX 9.0b. You can download either a simple installer which will in turn download the components your system requires as it installs, or download the complete distribution package in one go for later offline installation.
Another good source for DirectX is games themselves. If a game requires a specific version, it抣l be on the installation CD and may even be installed automatically by the game抯 installer itself. You won抰 find it on magazine cover discs though, thanks to Microsoft抯 licensing terms.
Diagnosing problems
Diagnosing problems with a DirectX installation can be problematic, especially if you don抰 know which one of the many components is causing your newly purchased game to fall over. Thankfully, Microsoft provides a useful utility called the DirectX Diagnostic Tool, although this isn抰 made obvious. You won抰 find this tool in the Start Menu with any version of Windows, and each tends to install it in a different place.
The easiest way to use it is to open the Start Menu抯 Run dialog, type in dxdiag and then click OK. When the application first loads, it takes a few seconds to interrogate your DirectX installation and find any problems. First, the DirectX Files tab displays version information on each one of the files your installation uses. The Notes section at the bottom is worth checking, as missing or corrupted files will be flagged here.
The tabs marked Display, Sound, Music, Input and Network all relate to specific areas of DirectX, and all but the Input tab provide tools to test the correct functioning on your hardware. Finally, the More Help tab provides a useful way to start the DirectX Troubleshooter, Microsoft抯 simple linear problem solving tool for many common DirectX issues
TCP\IP
A Mammoth Description By Ankit Fadia ankit@bol.net.in
TCP\IP or Transmission Control Protocol \ Internet Protocol is a stack or collection of various protocols. A
protocol is basically the commands or instructions using which two computers within a local network or the
Internet can exchange data or information and resources.
Transmission Control Protocol \ Internet Protocol or the TCP\IP was developed around the time of the
ARPAnet. It is also known as the Protocol Suite. It consists of various protocols but as the TCP
(Transmission Control Protocol) and the IP (Internet Protocol) are the most, well known of the suite of
protocols, the entire family or suite is called the TCP\IP suite.
The TCP\ IP Suite is a stacked suite with various layers stacked on each other, each layer looking after one
aspect of the data transfer. Data is transferred from one layer to the other. The Entire TCP\ IP suite can be
broken down into the below layers-:
Layer Name Protocol
Link Layer (Hardware, Ethernet) ARP, RARP, PPP, Ether
Network Layer(The Invisible Layer) IP, ICMP
Transport Layer UDP, TCP
Application Layer(The Visible Layer) The Actual running Applications like-: FTP client, Browser
Physical Layer (Not part of TCP \IP) Physical Data Cables, Telephone wires
Data travels from the Link Layer down to the Physical Layer at the source and at the destination it travels
from the Physical Layer to the Link Layer. We will later discuss what each layer and each protocol does.
The TCP\IP suite not only helps to transfer data but also has to correct various problems that might occur
during the data transfer. There are basically two types of most common errors that might occur during the
process of data transfer. They are-:
Data Corruption -: In this kind of error, the data reaches the destination after getting corrupted.
Data Loss -: In this kind of error, the entire collection of packets which constitute the data to be transferred
does not reach the destination.
TCP\IP expects such errors to take place and has certain features which prevent, such error which might
occur.
Checksums-: A checksum is a value (Normally, a 16 Bit Value) that is formed by summing up the Binary
Data in the used program for a given data block. The program being used is responsible for the calculation
of the Checksum value. The data being sent by the program sends this calculated checksum value, along
with the data packets to the destination. When the program running at the destination receives the data
packets, it re-calculates the Checksum value. If the Checksum value calculated by the Destination program
matches with the Checksum Value attached to the Data Packets by the Source Program match, then the data
transfer is said to be valid and error free. Checksum is calculated by adding up all the octets in a datagram.
Packet Sequencing-: All data being transferred on the net is broken down into packets at the source and
joined together at the destination. The data is broken down into packets in a particular sequence at the
source. This means that, for example, the first byte has the first sequence number and the second byte the
second sequence number and so on. These packets are free to travel independently on the net, so
sometimes, when the data packets reach the destination they arrive, out of sequence, which means that the
packet which had the first sequence number attached to it does not reach the destination first. Sequencing
defines the order in which the hosts receive the data packets or messages. The application or the layer
running at the destination automatically builds up the data from the sequence number in each packet.
The source system breaks the data to be transferred into smaller packets and assigns each packet a unique
sequence number. When the destination gets the packets, it's starts rearranging the packets by reading the
sequence numbers of each packet to make the data received usable.
For example, say you want to transfer a 18000 octet file. Not all networks can handle the entire 18000
octet packets at a time. So the huge file is broken down into smaller say 300 octet packets. Each packet has
been assigned a unique sequence number. Now when the packets reach the destination the packets are put
back together to get the usable data. Now during the transportation process, as the packets can move
independently on the net, it is possible that the packet 5 will arrive at the destination before packet 4
arrives. In such a situation, the sequence numbers are used by the destination to rearrange the data packets
in such a way that even if Data packet 5 arrived earlier, Packet 4 will always precede Packet 5.
A data can easily be corrupted while it is being transferred from the source to the destination. Now if a
error control service is running then if it detects data corruption, then it asks the source to re-send the
packets of data. Thus only non corrupted data reaches the destination. An error control service detects and
controls the same two types of errors-:
1.) Data Loss
2.) Data Corruption
The Checksum values are used to detect if the data has been modified or corrupted during the transfer from
source to destination or any corruption in the communication channel which may have caused data loss.
Data Corruption is detected by the Checksum Values and by performing Cyclic Redundancy Checks
(CRC 's). CRC 's too like the Checksums are integer values but require intensely advanced calculation and
hence are rarely used.
There is yet another way of detecting data corruption-: Handshaking.
This feature ensures demands that both the source and destination must transmit and receive
acknowledgement messages, that confirm transfer of uncorrupted data. Such acknowledgement messages
are known as ACK messages.
Let's take an example of a typical scenario of data transfer between two systems.
Source Sends MSG1 to Destination. It will not send MSG2 to Destination unless and until it gets the MSG
ACK and destination will not send more requests for data or the next request message (MSG2) unless it
gets the ACK from Source confirming that the MSG1 ACK was received by it. If the source does not get a
ACK message from the destination, then something which is called a timed-out occurs and the source will
re send the data to destination.
So this means that if A sends a data packet to B and B checksums the data packet and finds the data
corrupted, then it can simply delete for a time out to take place. Once the time out takes place, A will re
send the data packet to B. But this kind of system of deleting corrupt data is not used as it is inefficient and
time consuming.
Instead of deleting the corrupt data and waiting for a time out to take place, the destination (B) sends a not
acknowledged or NACK message to source(A). When A gets the NACK message, instead of waiting for a
time out to take place, it straightaway resends the data packet.
An ACK message of 1000 would mean that all data up to 1000 octets has been received till now.
TCP/ IP is a layered suite of protocols. All layers are equally important and with the absence of even a
single layer, data transfer would not have been possible. Each TCP/ IP layer contributes to the entire
process of data transfer. An excellent example, is when you send an email. For sending mail there is a
separate protocol, the SMTP protocol which belongs to the Application layer. The SMTP Application
protocol like all other application layer protocols assumes that there is a reliable connection existing
between the two computers. For the SMTP application protocol to do what it is designed for, i.e. to send
mail, it requires the existence of all other Layers as well. The Physical Layer i.e. cables and wires is
required to transport the data physically. The Transmission Control Protocol or the TCP protocol which
belongs to the Transport Layer is needed to keep track of the number of packets sent and for error
correction. It is this protocol that makes sure that the data reaches the other end. The TCP protocol is called
by the Application Protocol to ensure error free communication between the source and destination. For the
TCP layer to do its work properly i.e. to ensure that the data packets reach the destination, it requires the
existence of the Internet Protocol or IP. The IP protocol contains the Checksum and Source and
Destination IP address.
You may wonder why do we need different protocols like TCP and IP and why not bundle them into the
same Application protocol.? The TCP protocol contains commands or functions which are needed by
various application protocols like FTP, SMTP and also HTTP. The TCP protocol also calls on the IP
protocol, which in turn contains commands or functions which some application protocols require while
others don?t. So rather than bundling the entire TCP and IP protocol set into specific application protocols,
it is better to have different protocols which are called whenever required.
The Link Layer which is the Hardware or Ethernet layer is also needed for transportation of the data
packets. The PPP or the Point to Point Protocol belongs to this layer. Before we go on let's get accustomed
with certain TCP\IP terms. Most people get confused between datagrams and packets and think that they
are one and the same thing . You see, a datagram is a unit of data which is used by various protocols and a
packet is a physical object or thing which moves on a physical medium like a wire. There is a remarkable
difference between a Packet and a Datagram, but it is beyond the scope of this book. To make things easier
I will use only the term datagram (Actually this is the official term.)while discussing various protocols.
Two different main protocols are involved in transporting packets from source to destination.
1.) The Transmission Control Protocol or the TCP Protocol
2.) The Internet Protocol or the IP protocol.
Besides these two main protocols, the Physical Layer and the Ethernet Layer are also indispensable to data
transfer.
THE TRANSPORT LAYER
The TCP protocol
The Transmission Control Protocol is responsible for breaking up the data into smaller datagrams and
putting the datagrams back to form usable data at the destination. It also resends the lost datagrams to
destination where the received datagrams are reassembled in the right order. The TCP protocol does the
bulk of work but without the IP protocol, it cannot transfer data.
Let's take an example to make things more clearer. Let's say your Internet Protocol Address or IP address is
xxx.xxx.xxx.xxx or simply x and the destination's IP is yyy.yyy.yyy.yyy or simply y. Now As soon as the
three-way connection is established between x and y, x knows the destination IP address and also the Port
to which it is connected to. Both x and y are in different networks which can handle different sized packets.
So in order to send datagrams which are in receivable size, x must know what is the maximum datagram
size which y can handle. This too is determined by both x and y during connection time.
So once x knows the maximum size of the datagram which y can handle, it breaks down the data into
smaller chunks or datagrams. Each datagram has it's own TCP header which too is put by TCP.
A TCP Header contains a lot of information, but the most important of it is the Source and Destination IP
and Port numbers and yes also the sequence number.
**************
HACKING TRUTH: Learn more about Ports, IP's, Sockets in the Net Tools Manual
**************
The source which is your computer(x) now knows what the IP Addresses and Port Numbers of the
Destination and Source computers are. It now calculates the Checksum value by adding up all the octets of
the datagram and puts the final checksum value to the TCP Header. The different octets and not the
datagrams are then numbered. An octet would be a smaller broken down form of the entire data. TCP then
puts all this information into the TCP header of each datagram. A TCP Header of a datagram would finally
look like -:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Source Port | Destination Port |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Sequence Number |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Acknowledgment Number |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Checksum | Urgent Pointer |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| The Actual Data form the next 500 octets |
| |
There are certain new fields in the TCP header which you may not know off. Let's see what these new
fields signify. The Windows field specifies the octets of new data which is ready to be processed. You see
not all computers connected to the Internet run at the same speed and to ensure that a faster system does not
send datagrams to a slow system at a rate which is faster than it can handle, we use the Window field. As
the computer receives data , the space in the Window field gets decreased indicating that the receiver has
received the data. When it reaches zero the sender stops sending further packets. Once the receiver finishes
processing the received data, it increases the Window field, which in turn indicates that the receiver has
processed the earlier sent data and is ready to receive more chunks of data.
The Urgent Field tells the remote computer to stop processing the last octet and instead receive the new
octet. This is normally not commonly used.
The TCP protocol is a reliable protocol, which means that we have a guarantee that the data will arrive at
the destination properly and without any errors. It ensures that the data being received by the receiving end
is arranged in the same correct order in which it was sent.
The TCP Protocol relies on a virtual circuit between the client and the host. The circuit is opened via a 3
part process known as the three part handshake. It supports full duplex transportation of data which means
that it provides a path for two way data transfer. Hence using the TCP protocol, a computer can send and
receive datagrams at the same time.
Some common flags of TCP are-:
RST [RESET]- Resets the connection.
PSH [PUSH] - Tells receiver to pass all queued data to the application running.
FIN [FINISH] - Closes connection following the 4 step process.
SYN Flag - means that the machine sending this flag wants to establish a three way handshake i.e.
a TCP connection. The receiver of a SYN flag usually responds with an ACK message.
So now we are in a position to represent a three way TCP Handshake:
A <---SYN---> B
A <---SYN/ACK? B
A <---ACK---> B
A sends a SYN flag to B saying " I want to establish a TCP connection", B responds to the SYN with the
ACK to the SYN flag. A again responds to the ACK sent by B with another ACK.
Read RFC 793 for further in depth details about the TCP protocol.
The User Datagram Protocol or the UDP Protocol
The User Data protocol or the UDP is yet another protocol which is a member of the Transport Layer. TCP
is the standard protocol used by all systems for communications. TCP is used to break down the data to be
transported into smaller datagrams, before they (the datagrams) are sent across a network. Thus we can say
that TCP is used where more than a single or multiple datagrams are involved.
Sometimes, the data to be transported is able to fit into a single datagram. We do not need to break the data
into smaller datagrams as the size of the data is pretty small. The perfect example of such data is the DNS
system. To send out the query for a particular domain name, a single datagram is more than enough. Also
the IP that is returned by the Domain Name Server does not require more than one datagram for
transportation. So in such cases instead of making use of the complex TCP protocol, applications fall back
to the UDP protocol.
The UDP protocol works almost the way TCP works. But the only differences being that TCP breaks the
data to be transferred into smaller chunks, does sequencing by inserting a sequence number in the header
and no error control. Thus we can conclude by saying that the UDP protocol is an unreliable protocol with
no way to confirm that the data has reached the destination.
The UDP protocol does insert a USP header to the single datagram it is transporting. The UDP header
contains the Source and Destination IP Addresses and Port Numbers and also the Checksum value. The
UDP header is comparatively smaller than the TCP Header.
It is used by those applications where small chunks of data are involved. It offers services to the User's
Network Applications like NFS(Network File Sharing) and SNMP.
Read RFC 768 for further in depth details about the UDP protocol.
THE NETWORK LAYER
The IP Protocol
Both the TCP and the UDP protocols, after inserting the headers to the datagram(s) given to them pass
them to the Internet Protocol or the IP Protocol. The main job of the IP protocol is to find a way of
transporting the datagrams to the destination receiver. It does not do any kind of error checking.
The IP protocol too adds it's own IP Header to each datagram. The IP header contains the source and
destination IP addresses, the protocol number and yet another checksum. The IP header of a particular
datagram looks like-:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|Version| IHL |Type of Service| Total Length |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Identification |Flags| Fragment Offset |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Time to Live | Protocol | Header Checksum |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Source Address |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Destination Address |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| TCP header info followed by the actual data being transferred|
| |
The Source and destination IP addresses and needed so that?well it is obvious isn't it? The Protocol
number is added so that the IP protocol knows to which Transport Protocol the datagram has to be passed.
You see various Transport Protocols are used like for example TCP or UDP. So this protocol number is
inserted to tell IP the protocol to which the datagram has to be passed.
It too inserts it's own Checksum value which is different from the Checksum Value inserted by the
Transport Protocols. This Checksum has to be inserted as without it the Internet Protocol will not be able to
verify if the Header has been damaged in the transfer process and hence the datagram might reach a wrong
destination. The Time to Live field specifies a value which is decreased each time the datagram passes
through a network. Remember Tracert?
The Internet Protocol Header contains other fields as well, but they are quite advanced and cannot be
included in a manual which gives an introduction to the TCP\IP protocol. To learn more about the IP
protocol read RFC 791.
The Internet Control Message Protocol or the ICMP
The ICMP protocol allows hosts to transfer information on errors that might have occurred during the data
transfer between two hosts. It is basically used to display error messages about errors that might occur
during the data transfer. The ICMP is a very simple protocol without any headers. It is most commonly
used to diagnose Network Problems. The famous utility PING is a part of the ICMP protocol. ICMP
requests do not require the user or application to mention any port number as all ICMP requests are
answered by the Network Software itself. The ICMP protocol too handles only a single datagram. That's
why we say in PING only a single datagram is sent to the remote computer. This protocol can remote many
network problems like Host Down, Congested Network etc
Read RFC 792 for further in depth details about the ICMP protocol.
The Link Layer
Almost all networks use Ethernet. Each machine in a network has it's own IP address and it's Ether
Address. The Ether Address of a computer is different than it's IP address. An Ether Address is a 42 bit
address while the IP address is only a 32 bit address. A Network must know which computer to deliver the
datagram to. Right? For this the Ether Header is used.
The Ether Header is a 14 octet header that contains the Source and Destination Ethernet address, and a type
code. Ether too calculates it's own Checksum value. The Type code relates to the protocol families to be
used within the Network. The Ether Layer passes the datagram to the protocol specified by this field after
inserting the Ether Header. There is simply no connection between the Ethernet Address and the IP address
of a machine. Each machine needs to have a Ethernet to IP address translation table on its hard disk.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Ethernet destination address (first 32 bits) |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Ethernet dest (last 16 bits) |Ethernet source (first 16 bits) |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Ethernet source address (last 32 bits) |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Type code |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| IP header, then TCP header, then your data |
| |
| |
| |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Ethernet Checksum |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Address Resolution Protocol or ARP
Data before being transmitted across the Internet or across a local network is broken down into smaller
Packets which are suitable for transfer over the net. These packets have the Source and Destination IP's but
for the transfer to take place the suitable Hardware Addresses or the MAC addresses must also be known.
That is where ARP comes in.
To get the Hardware MAC addresses, ARP or Address Resolution Protocol sends a request message. The
Router replies with the Hardware Address. It is similar to the DNS and it too has a cache. This cache can be
a bit vulnerable as a Hacker could forge a connection from a remote machine claiming to be one of the
cached locations. So we can conclude that ARP translates IP's into Ethernet Addresses. One thing to
remember about ARP is that it only translates outgoing packets.
There is also something called the RARP which is an abbreviation for Reverse Address Resolution
Protocol, which like the name says does exactly reverse of what ARP does.
There is simply no algorithm to get the Ethernet Address from the IP Address. To carry out such
translations, each computer has a file which has a table with rows for each computer and two columns for
their corresponding IP address and Ethernet Address. The File is somewhat like the following-:
Internet Protocol Address Ethernet Address
Computer Name xxx.xy.yy.yx 08-00-39-00-2F-C3
Say there are a system in a Network (A) and an unidentified system (B) contacts it. Now A only knows the
IP address of B. Now A will first try to identify whether B is the same network so that it can directly
communicate via Ethernet. So it will first check the IP to MAC address translation table which it has. If it
finds the IP in the table then well and good and A will establish a connection with B via Ethernet.
On the Other hand if A does not find any match for the specific IP, it will send out a request in the form of
a 'Broadcast'. All computers within the Network will receive this broadcast and will search their own IP to
MAC translation table and will reply with the necessary MAC address. A basic difference between an Ip
address and MAC address is that an IP is the form xxx.xxx.xxx.xxx and a MAC address is in the form
xx:xx:xx:xx:xx:xx and one is 32 bit while the other is 40 bit.
Read RFC 826 for further in depth details about the ARP protocol.
Application Layer
Till now you have learnt how data is broken down into smaller chunks, and transferred to the destination,
where the chunks are rearranged. But there is yet another aspect to a successful data transfer process, which
we have not discussed yet: The Application Protocols and the Application Layer itself. A host which
receives datagrams has many applications or services (daemons) running which are ready to establish a
TCP connection and accept a message. Datagrams travelling on the Internet must know which application
they have to establish connection with, which application they have to send the message to. A typical web
server will have the FTP daemon, the HTTP daemon, the POP daemon, and the SMTP daemon running.
Wouldn't the datagrams get confused as to which daemon to send the message to.
For the datagrams to know which computer to send the message to, we have IP addresses. The datagram
knows what daemon or application to send the message to by the Port Number attached to the IP address of
the Destination. A TCP address is actually fully described by 4 numbers; The IP address of the Source and
Destination and the TCP Port Numbers of each end to which data is to be sent. These numbers are found in
the TCP Header.
To make it simpler to understand I have included an excerpt from the Net Tools Chapter:
What is all the hype about socket programming? What exactly are sockets?
TCP\IP or Transmission Control Protocol\ Internet Protocol is the language or the protocol used by
computers to communicate with each other over the Internet. Say a computer whose IP address is
99.99.99.99 wants to communicate with another machine whose IP address is 98.98.98.98 then would will
happen?
The machine whose IP is 99.99.99.99 sends a packet addressed to another machine whose IP is
98.98.98.98. When 98.98.98.98 receives the packet then it verifies that it got the message by sending a
signal back to 99.99.99.99.But say the person who is using 99.99.99.99 wants to have simultaneously more
than one connections to 98.98.98.98.....then what will happen? Say 99.99.99.99 wants to connect to
the FTP daemon and download a file by FTP and at the same time it wants to connect to 98.98.98.98's
website i.e. The HTTP daemon. Then 98.98.98.98. will have 2 connects with 99.99.99.99 simultaneously.
Now how can 98.98.98.98.distinguish between the two connections...how does 98.98.98.98. know which
is for the FTP daemon and which for the HTTP daemon? If there was no way to distinguish between the
two connections then they would both get mixed up and there would be a lot of chaos with the message
meant for the HTTP daemon going to the FTP daemon. To avoid such confusion we have ports. At each
port a particular service or daemon is running by default. So now that the 99.99.99.99 computers knows
which port to connect to, to download a FTP file and which port to connect to, to download the web page,
it will communicate with the 98.98.98.98 machine using what is known as the socket pair which is a
combination of an IP address and a Port. So in the above case the message which is meant for the FTP
daemon will be addressed to 98.98.98.98 : 21 (Notice the colon and the default FTP port suceeding it.).
So that the receiving machine i.e. 98.98.98.98 will know for which service this message is meant for and to
which port it should be directed to.
In TCP\IP or over the Internet all communication is done using the Socket pair i.e. the combination of the
IP address and the port.
*****************
HACKING TRUTH: Learn More about Ports, IP addresses and Sockets by reading the Net Tools Chapter.
*****************
The Application Layers basically consists of the Applications running on your computer and the
Applications running on the host to which you are connected. Say you are viewing the Hotmail Site, then
the application layer comprises of the Web Browser running on your computer and the HTTP daemon
running at Hotmail's server and the Application Protocol being used to communicate is HyperText Transfer
Protocol.
As soon as a TCP connection is established the Applications running on Each end decide the language or
protocol to be used to communicate and send datagrams.
IP Spoofing Torn Apart
IP spoofing is the most exciting topic you will hear wannabe hackers talking about. It is also a subject
about which no one knows much. Before we continue I would like to tell you that IP Spoofing is quite
difficult to understand and a lot of people have trouble understanding how it is done. The other downside it
has is the fact that it can almost not be done using a Windows system and a system administrator can easily
protect his system from IP spoofing
So what is IP Spoofing? IP Spoofing is a trick played on servers to fool the target computer into thinking
that it is receiving data from a source other than you. This in turn basically means to send data to a remote
host so that it believes that the data is coming from a computer whose IP address is something other than
yours. Let's take an example to make it clear:
Your IP is : 203.45.98.01 (REAL)
IP of Victim computer is: 202.14.12.1 (VICTIM)
IP you want data to be sent from: 173.23.45.89 (FAKE)
Normally sitting on the computer whose IP is REAL, the datagrams you send to VICTIM will appear to
have come from REAL. Now consider a situation in which you want to send a datagram to VICTIM and
make him believe that it came from a computer whose IP is FAKE. This is when you perform IP Spoofing.
The Main problem with IP Spoofing is that even if you are able to send a spoofed datagram to the remote
host, the remote host will reply not to your real IP but to the Fake IP you made your datagram seem to have
come from. Getting confused? Read the following example to clear up your mind.
Taking the same IP's as in the last example, consider the following scenario. Now, if REAL connects to
VICTIM, after the standard three way handshake has taken place, and VICTIM sends an ACK message to
REAL. Now if you spoof you IP, to say FAKE, then VICTIM will try to establish a TCP connection and
will send an ACK message to FAKE. Now lets assume that FAKE is alive, then as it had not requested the
ACK message (sent by VICTIM to FAKE) it will reply with a NACK message which would basically end
the connection and no further communication between FAKE and VICTIM would take place. Now if
FAKE doesn't exist then the ACK message sent by VICTIM will not get any reply and in the end the
connection times out.
Due to this FAKE and REAL IP reasons, when a person is trying to perform an IP Spoof, he does not get
any response from the remote host and has no clue whether he has been successful or not. If he has made
any progress or not. You are as good as blind, with no medium through which you could get feedback.
IP Spoofing can be successful only if the computer with the FAKE IP does not reply to the victim and not
interrupt the spoofed connection. Take the example of a telephone conversation, you can call up a person
' x ' and pretend to be ' y ' as long as ' y ' does not interrupt the conversation and give the game away.
So why would you need to perform IP Spoofing-:
1.) To Pretend that you are some other computer whose IP address is amongst the trusted list of computers
on the victim's disk. This way you are exploit the 'r' services and gain access to the network as you are
then believed to be from a trusted source.
2.) To Disguise or Mask your IP address so that the victim does not know who you really are and where
the data is coming from.
If you ever read the alt.2600 or the alt.hacking newsgroup, you would probably find many postings like "I
have Win98, how do I Spoof my IP" or even " I do not know TCP/IP. tell me how to perform IP spoofing".
You see the very fact that they are posting such questions and expect to learn how to spoof their IP without
even knowing a bit about TCP\IP, confirms the fact that they would not be able to perform IP Spoofing. No
I am not saying that asking questions is bad, but you see not knowing something is not so bad, but not
knowing something and showing ignorance towards learning it is really, really bad.
You see IP spoofing is a very complex and difficult to perform subject. You need to hog entire TCP/IP and
Networking Protocols manuals and need to be able to write C programs which will help you in the
Spoofing process. It is amazing how people even think that they can spoof their IP without even knowing
what TCP/IP stands for.
You see all packets travelling across the Internet have headers which contain the source and destination IP
addresses and port numbers, so that the packet knows where to go and the destination knows where the
packet has come from and where to respond. Now the process of Spoofing means to change the source IP
address contains by the Header of the packet, in turn fooling the receiver of the Packets into believing that
the packet came from somewhere else, which is a fake IP. Now let's again look at the IP Header of a
datagram.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|Version| IHL |Type of Service| Total Length |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Identification |Flags| Fragment Offset |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Time to Live | Protocol | Header Checksum |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Source Address |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Destination Address |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| TCP header info followed by the actual data being transferred |
|
Now basically to perform IP spoofing we need to be able to change the value of the field, Source Address.
Now to this you need to be able to guess sequence numbers which is quite a sophisticated process and I will
try to explain it as clearly as possible. Before we go on, you need to understand the fact the IP spoofing is
not the entire process, it is just a stepping stop in the entire process of fooling the remote host and
establishing a trust relationship with the remote host.
So how do these trust relationships take place? Well all of you are encountered with some form of
authentication process or the other. Now the Username-Password pair is the most commonly used form of
authentication, with which we are very much familiar. Now what happens in the Username-Password form
of authentication is that the remote host to which the client is connected to challenges the client by asking
the User to type in the Username and Password. So in this form of authentication, the User needs to
intervened and the remote host challenges the user to enter the Username and Password which act as a from
of authentication.
Now other than the Password-Username form of authentication there is yet another form of authentication
most users do not know of. This is the Client IP. In this form of authentication, what happens is that the
remote host gets or find out the IP address of the client and compares it with a predefined list of IP's. If the
IP of the client who is trying to establish a connection with the remote host is found in the list of IP's
maintained by the host, then it allows the client access to the shell 'without a password' as the identity of
the client has already been authenticated.
Such kind of rust relationships are common in Unix Systems which have certain 'R services' like rsh ,
rlogin , rcp which have certain security problems and should be avoided. Despite the threat involved most
ISP's in India still keep the ports of the R services open to be exploited by Hackers. You normally establish
a Rlogin trust relationship by using the Unix command,
$>rlogin IP address
**************
HACKING TRUTH: Well there is definitely a cooler way of establishing a trust relationship with a remote
host, using Telnet. The default port numbers at which the R services run are 512, 513,514
**************
So how do I spoof my IP? Well in short, to spoof your IP, you need to be able to predict sequence numbers,
this will clearer after reading then next few paragraphs.
To understand Sequence Numbers you need to go back to, how the TCP protocol works. You already
know that TCP is a reliable protocol and has certain in-built features which have the ability to rearrange, re-
send lost, duplicated or out of sequence data. To make sure that the destination is able to rearrange the
datagrams in the correct order, TCP inserts two sequence numbers into each TCP datagram. One Sequence
number tells the receiving computer where a particular datagram belongs while the second sequence
number says how much data has been received by the sender. Anyway, let's move on, TCP also relies on
ACK and NACK messages to ensure that all datagrams have reached the destination error free.
Now we need to reanalyze the TCP Header to understand certain other aspects of sequence numbers and
the ACK Number.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Source Port | Destination Port |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Sequence Number |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Acknowledgment Number |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Checksum | Urgent Pointer |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| The Actual Data form the next 500 octets |
| |
You see the TCP Header contains a Sequence Number which actually represents the sequence number of
the first byte of that particular TCP segment. A sequence number is a 32 Bit number which is attached to
all bytes (data) being exchanged across a Network. The ACK Number Field in the TCP header, actually
contains the value of the sequence number which it expects to be the next. Not only that, it also does what
it was meant to do, acknowledge data received. Confused? Read it again till you get the hang of it.
When a connection is established, the initial sequence number or ISN is initialized to 1. This ISN number
is then incremented by 128,000 every second. There is a certain patter according to which the sequence
numbers increment or change which makes then easy to predict.
To successfully perform IP spoofing or in order to predict Sequence Numbers, you need to be running a
form of UNIX, as Windows does not provide the users with access to really advanced system stuff.
Without a form of Unix IP Spoofing is almost impossible to do.
This text is not the ultimate guide to IP Spoofing and was aimed at only giving you a general outline of the
whole process. Sequence number Prediction is really, really sophisticated and difficult to understand, but
not impossible to do. However a system administrator can easily save his systems from IP spoofing and this
actually makes it quite useless, nonetheless truly exciting. If You really want to learn IP Spoofing I suggest
you read IP Spoofing Demystified by daemon9/route/infinity which was a part of Issue 48 of PHRACK
magazine, File 14 of 18. Go to the Archive Section of their site, http://www.phrack.com and click on Issue
48.
This brings me to the other purpose people use IP Spoofing, IP Masking. Now to something as simple as
mask or hide your IP you do not need to go through the complex procedure of guessing sequence numbers
and performing IP Spoofing. There are proxy servers to do that for you. Read the Net Tools chapter for
further details.
Port Scanning in Networking Terms
Earlier we learnt what a Port scan is why it is considered to be such a important tool of getting information
about the remote host, which in turn can be used to exploit any vulnerabilities and break into the system.
We all know how a manual Port Scan works. You launch Telnet and manually Telnet to each Port jotting
down information that you think is important. In a manual Port Scan, when you telnet to a port of a remote
host, a full three way handshake takes place, which means that a complete TCP connection opens.
The earliest and the oldest version of Port Scanners used the same technique. They connected to each port
and established a full three way handshake for a complete TCP connection. The downside of such port
scanners was the fact that as a full TCP connection was being established, the system administrator could
easily detect that someone is trying to port scan his systems to find a vulnerability. However such port
scanning methods also had a bright side, as an actual TCP connection was being established, the port
scanning software did not have to build a Fake Internet Protocol Packet. (This IP Packet is used to scan the
remote systems.) Such TCP scanners too relied on the three-way TCP handshake to detect if a port is open
or not. The Basic process of detecting whether a port is open or not has been described below:
1.) You send a TCP Packet containing the SYN flag to remote host.
2.) Now the remote host checks whether the port is open or not. If the port is open then it replies with a
TCP packet containing both an ACK message confirming that the port is open and a SYN flag. On the
other hand if the port is closed then the remote host sends the RST flag which resets the connection, in
short closes the connection.
3.) This third phase is optional and involves the sending of an ACK message by the client.
As TCP Scanners were detectable, programmers around the world developed a new kind of port scanner,
the SYN Scanner, which did not establish a complete TCP connection. These kinds of port scanners remain
undetectable by only sending the first single TCP Packet containing the SYN flag and establishing a half
TCP Connection. T understand the working of a SYN or Half SYN Port Scanner simply read its 4 step
working-:
1. SYN Port Scanner sends the first TCP packet containing the SYN flag to the remote host.
2. The remote system replies with, either a SYN plus ACK or a RST.
3. When the SYN Port scanner receives one of the above responses, it knows whether the respective port
is open or not and whether a daemon is ready listening for connections.
The SYN Port Scanners were undetectable by most normal system port scan detectors, however newer post
scan detectors like netstat and also some firewalls can filter out such scans. Another downside to such
scanning is that the method in which the scanner makes the IP packet varies from system to system.
UDP Scanning
It is yet another port scanning technique which can be used to scan a UDP port to see if it is listening. To
detect an open UDP port, simply send a single UDP Packet to the port. If it is listening, you will get the
response, if it is not, then ICMP takes over and displays the error message, " Destination Port
Unreachable".
FIN Port Scanners
FIN Port Scanners are my favorite type of port scanners. They send a single packet containg the FIN flag. If
the remote host returns a RST flag then the port is closed, if no RST flag is returned, then it is open and
listening.
Some port scanners also use the technique of sending a ACK packet and if the Time To Live or ttl of the
returning packets is lower than the RST packets received (earlier), or if the windows size is greater than
zero, then the port is probably open and listening.
The Following is the code of a supposedly Stealth Port Scanner which appeared in the Phrack Magazine.
/*
* scantcp.c
*
* version 1.32
*
* Scans for listening TCP ports by sending packets to them and waiting for
* replies. Relys upon the TCP specs and some TCP implementation bugs found
* when viewing tcpdump logs.
*
* As always, portions recycled (eventually, with some stops) from n00k.c
* (Wow, that little piece of code I wrote long ago still serves as the base
* interface for newer tools)
*
* Technique:
* 1. Active scanning: not supported - why bother.
*
* 2. Half-open scanning:
* a. send SYN
* b. if reply is SYN|ACK send RST, port is listening
* c. if reply is RST, port is not listening
*
* 3. Stealth scanning: (works on nearly all systems tested)
* a. sends FIN
* b. if RST is returned, not listening.
* c. otherwise, port is probably listening.
*
* (This bug in many TCP implementations is not limited to FIN only; in fact
* many other flag combinations will have similar effects. FIN alone was
* selected because always returns a plain RST when not listening, and the
* code here was fit to handle RSTs already so it took me like 2 minutes
* to add this scanning method)
*
* 4. Stealth scanning: (may not work on all systems)
* a. sends ACK
* b. waits for RST
* c. if TTL is low or window is not 0, port is probably listening.
*
* (stealth scanning was created after I watched some tcpdump logs with
* these symptoms. The low-TTL implementation bug is currently believed
* to appear on Linux only, the non-zero window on ACK seems to exists on
* all BSDs.)
*
* CHANGES:
* --------
* 0. (v1.0)
* - First code, worked but was put aside since I didn't have time nor
* need to continue developing it.
* 1. (v1.1)
* - BASE CODE MOSTLY REWRITTEN (the old code wasn't that maintainable)
* - Added code to actually enforce the usecond-delay without usleep()
* (replies might be lost if usleep()ing)
* 2. (v1.2)
* - Added another stealth scanning method (FIN).
* Tested and passed on:
* AIX 3
* AIX 4
* IRIX 5.3
* SunOS 4.1.3
* System V 4.0
* Linux
* FreeBSD
* Solaris
*
* Tested and failed on:
* Cisco router with services on ( IOS 11.0)
*
* 3. (v1.21)
* - Code commented since I intend on abandoning this for a while.
*
* 4. (v1.3)
* - Resending for ports that weren't replied for.
* (took some modifications in the internal structures. this also
* makes it possible to use non-linear port ranges
* (say 1-1024 and 6000))
*
* 5. (v1.31)
* - Flood detection - will slow up the sending rate if not replies are
* recieved for STCP_THRESHOLD consecutive sends. Saves alot of resends
* on easily-flooded networks.
*
* 6. (v1.32)
* - Multiple port ranges support.
* The format is: |[,|,...]
*
* Examples: 20-26,113
* 20-100,113-150,6000,6660-6669
*
* PLANNED: (when I have time for this)
* ------------------------------------
* (v2.x) - Multiple flag combination selections, smart algorithm to point
* out uncommon replies and cross-check them with another flag
*
*/
#define RESOLVE_QUIET
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "resolve.c"
#include "tcppkt03.c"
#define STCP_VERSION "1.32"
#define STCP_PORT 1234 /* Our local port. */
#define STCP_SENDS 3
#define STCP_THRESHOLD 8
#define STCP_SLOWFACTOR 10
/* GENERAL ROUTINES ------------------------------------------- */
void banner(void)
{
printf("\nscantcp\n");
printf("version %s\n",STCP_VERSION);
}
void usage(const char *progname)
{
printf("\nusage: \n");
printf("%s [sf]\n\n",progname);
printf("\t : 0: half-open scanning (type 0, SYN)\n");
printf("\t 1: stealth scanning (type 1, FIN)\n");
printf("\t 2: stealth scanning (type 2, ACK)\n");
printf("\t : source address (this host)\n");
printf("\t : target to scan\n");
printf("\t : ports/and or ranges to scan - eg: 21-30,113,6000\n");
printf("\t : microseconds to wait between TCP sends\n");
printf("\t : seconds to wait for TCP replies\n");
printf("\t[sf] : slow-factor in case sends are dectected to be too fast\n\n");
}
/* OPTION PARSING etc ---------------------------------------- */
unsigned char *dest_name;
unsigned char *spoof_name;
struct sockaddr_in destaddr;
unsigned long dest_addr;
unsigned long spoof_addr;
unsigned long usecdelay;
unsigned waitdelay;
int slowfactor = STCP_SLOWFACTOR;
struct portrec /* the port-data structure */
{
unsigned n;
int state;
unsigned char ttl;
unsigned short int window;
unsigned long int seq;
char sends;
} *ports;
char *portstr;
unsigned char scanflags;
int done;
int rawsock; /* socket descriptors */
int tcpsock;
int lastidx = 0; /* last sent index */
int maxports; /* total number of ports */
void timeout(int signum) /* timeout handler */
TCP\IP or Transmission Control Protocol \ Internet Protocol is a stack or collection of various protocols. A
protocol is basically the commands or instructions using which two computers within a local network or the
Internet can exchange data or information and resources.
Transmission Control Protocol \ Internet Protocol or the TCP\IP was developed around the time of the
ARPAnet. It is also known as the Protocol Suite. It consists of various protocols but as the TCP
(Transmission Control Protocol) and the IP (Internet Protocol) are the most, well known of the suite of
protocols, the entire family or suite is called the TCP\IP suite.
The TCP\ IP Suite is a stacked suite with various layers stacked on each other, each layer looking after one
aspect of the data transfer. Data is transferred from one layer to the other. The Entire TCP\ IP suite can be
broken down into the below layers-:
Layer Name Protocol
Link Layer (Hardware, Ethernet) ARP, RARP, PPP, Ether
Network Layer(The Invisible Layer) IP, ICMP
Transport Layer UDP, TCP
Application Layer(The Visible Layer) The Actual running Applications like-: FTP client, Browser
Physical Layer (Not part of TCP \IP) Physical Data Cables, Telephone wires
Data travels from the Link Layer down to the Physical Layer at the source and at the destination it travels
from the Physical Layer to the Link Layer. We will later discuss what each layer and each protocol does.
The TCP\IP suite not only helps to transfer data but also has to correct various problems that might occur
during the data transfer. There are basically two types of most common errors that might occur during the
process of data transfer. They are-:
Data Corruption -: In this kind of error, the data reaches the destination after getting corrupted.
Data Loss -: In this kind of error, the entire collection of packets which constitute the data to be transferred
does not reach the destination.
TCP\IP expects such errors to take place and has certain features which prevent, such error which might
occur.
Checksums-: A checksum is a value (Normally, a 16 Bit Value) that is formed by summing up the Binary
Data in the used program for a given data block. The program being used is responsible for the calculation
of the Checksum value. The data being sent by the program sends this calculated checksum value, along
with the data packets to the destination. When the program running at the destination receives the data
packets, it re-calculates the Checksum value. If the Checksum value calculated by the Destination program
matches with the Checksum Value attached to the Data Packets by the Source Program match, then the data
transfer is said to be valid and error free. Checksum is calculated by adding up all the octets in a datagram.
Packet Sequencing-: All data being transferred on the net is broken down into packets at the source and
joined together at the destination. The data is broken down into packets in a particular sequence at the
source. This means that, for example, the first byte has the first sequence number and the second byte the
second sequence number and so on. These packets are free to travel independently on the net, so
sometimes, when the data packets reach the destination they arrive, out of sequence, which means that the
packet which had the first sequence number attached to it does not reach the destination first. Sequencing
defines the order in which the hosts receive the data packets or messages. The application or the layer
running at the destination automatically builds up the data from the sequence number in each packet.
The source system breaks the data to be transferred into smaller packets and assigns each packet a unique
sequence number. When the destination gets the packets, it's starts rearranging the packets by reading the
sequence numbers of each packet to make the data received usable.
For example, say you want to transfer a 18000 octet file. Not all networks can handle the entire 18000
octet packets at a time. So the huge file is broken down into smaller say 300 octet packets. Each packet has
been assigned a unique sequence number. Now when the packets reach the destination the packets are put
back together to get the usable data. Now during the transportation process, as the packets can move
independently on the net, it is possible that the packet 5 will arrive at the destination before packet 4
arrives. In such a situation, the sequence numbers are used by the destination to rearrange the data packets
in such a way that even if Data packet 5 arrived earlier, Packet 4 will always precede Packet 5.
A data can easily be corrupted while it is being transferred from the source to the destination. Now if a
error control service is running then if it detects data corruption, then it asks the source to re-send the
packets of data. Thus only non corrupted data reaches the destination. An error control service detects and
controls the same two types of errors-:
1.) Data Loss
2.) Data Corruption
The Checksum values are used to detect if the data has been modified or corrupted during the transfer from
source to destination or any corruption in the communication channel which may have caused data loss.
Data Corruption is detected by the Checksum Values and by performing Cyclic Redundancy Checks
(CRC 's). CRC 's too like the Checksums are integer values but require intensely advanced calculation and
hence are rarely used.
There is yet another way of detecting data corruption-: Handshaking.
This feature ensures demands that both the source and destination must transmit and receive
acknowledgement messages, that confirm transfer of uncorrupted data. Such acknowledgement messages
are known as ACK messages.
Let's take an example of a typical scenario of data transfer between two systems.
Source Sends MSG1 to Destination. It will not send MSG2 to Destination unless and until it gets the MSG
ACK and destination will not send more requests for data or the next request message (MSG2) unless it
gets the ACK from Source confirming that the MSG1 ACK was received by it. If the source does not get a
ACK message from the destination, then something which is called a timed-out occurs and the source will
re send the data to destination.
So this means that if A sends a data packet to B and B checksums the data packet and finds the data
corrupted, then it can simply delete for a time out to take place. Once the time out takes place, A will re
send the data packet to B. But this kind of system of deleting corrupt data is not used as it is inefficient and
time consuming.
Instead of deleting the corrupt data and waiting for a time out to take place, the destination (B) sends a not
acknowledged or NACK message to source(A). When A gets the NACK message, instead of waiting for a
time out to take place, it straightaway resends the data packet.
An ACK message of 1000 would mean that all data up to 1000 octets has been received till now.
TCP/ IP is a layered suite of protocols. All layers are equally important and with the absence of even a
single layer, data transfer would not have been possible. Each TCP/ IP layer contributes to the entire
process of data transfer. An excellent example, is when you send an email. For sending mail there is a
separate protocol, the SMTP protocol which belongs to the Application layer. The SMTP Application
protocol like all other application layer protocols assumes that there is a reliable connection existing
between the two computers. For the SMTP application protocol to do what it is designed for, i.e. to send
mail, it requires the existence of all other Layers as well. The Physical Layer i.e. cables and wires is
required to transport the data physically. The Transmission Control Protocol or the TCP protocol which
belongs to the Transport Layer is needed to keep track of the number of packets sent and for error
correction. It is this protocol that makes sure that the data reaches the other end. The TCP protocol is called
by the Application Protocol to ensure error free communication between the source and destination. For the
TCP layer to do its work properly i.e. to ensure that the data packets reach the destination, it requires the
existence of the Internet Protocol or IP. The IP protocol contains the Checksum and Source and
Destination IP address.
You may wonder why do we need different protocols like TCP and IP and why not bundle them into the
same Application protocol.? The TCP protocol contains commands or functions which are needed by
various application protocols like FTP, SMTP and also HTTP. The TCP protocol also calls on the IP
protocol, which in turn contains commands or functions which some application protocols require while
others don?t. So rather than bundling the entire TCP and IP protocol set into specific application protocols,
it is better to have different protocols which are called whenever required.
The Link Layer which is the Hardware or Ethernet layer is also needed for transportation of the data
packets. The PPP or the Point to Point Protocol belongs to this layer. Before we go on let's get accustomed
with certain TCP\IP terms. Most people get confused between datagrams and packets and think that they
are one and the same thing . You see, a datagram is a unit of data which is used by various protocols and a
packet is a physical object or thing which moves on a physical medium like a wire. There is a remarkable
difference between a Packet and a Datagram, but it is beyond the scope of this book. To make things easier
I will use only the term datagram (Actually this is the official term.)while discussing various protocols.
Two different main protocols are involved in transporting packets from source to destination.
1.) The Transmission Control Protocol or the TCP Protocol
2.) The Internet Protocol or the IP protocol.
Besides these two main protocols, the Physical Layer and the Ethernet Layer are also indispensable to data
transfer.
THE TRANSPORT LAYER
The TCP protocol
The Transmission Control Protocol is responsible for breaking up the data into smaller datagrams and
putting the datagrams back to form usable data at the destination. It also resends the lost datagrams to
destination where the received datagrams are reassembled in the right order. The TCP protocol does the
bulk of work but without the IP protocol, it cannot transfer data.
Let's take an example to make things more clearer. Let's say your Internet Protocol Address or IP address is
xxx.xxx.xxx.xxx or simply x and the destination's IP is yyy.yyy.yyy.yyy or simply y. Now As soon as the
three-way connection is established between x and y, x knows the destination IP address and also the Port
to which it is connected to. Both x and y are in different networks which can handle different sized packets.
So in order to send datagrams which are in receivable size, x must know what is the maximum datagram
size which y can handle. This too is determined by both x and y during connection time.
So once x knows the maximum size of the datagram which y can handle, it breaks down the data into
smaller chunks or datagrams. Each datagram has it's own TCP header which too is put by TCP.
A TCP Header contains a lot of information, but the most important of it is the Source and Destination IP
and Port numbers and yes also the sequence number.
**************
HACKING TRUTH: Learn more about Ports, IP's, Sockets in the Net Tools Manual
**************
The source which is your computer(x) now knows what the IP Addresses and Port Numbers of the
Destination and Source computers are. It now calculates the Checksum value by adding up all the octets of
the datagram and puts the final checksum value to the TCP Header. The different octets and not the
datagrams are then numbered. An octet would be a smaller broken down form of the entire data. TCP then
puts all this information into the TCP header of each datagram. A TCP Header of a datagram would finally
look like -:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Source Port | Destination Port |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Sequence Number |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Acknowledgment Number |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Checksum | Urgent Pointer |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| The Actual Data form the next 500 octets |
| |
There are certain new fields in the TCP header which you may not know off. Let's see what these new
fields signify. The Windows field specifies the octets of new data which is ready to be processed. You see
not all computers connected to the Internet run at the same speed and to ensure that a faster system does not
send datagrams to a slow system at a rate which is faster than it can handle, we use the Window field. As
the computer receives data , the space in the Window field gets decreased indicating that the receiver has
received the data. When it reaches zero the sender stops sending further packets. Once the receiver finishes
processing the received data, it increases the Window field, which in turn indicates that the receiver has
processed the earlier sent data and is ready to receive more chunks of data.
The Urgent Field tells the remote computer to stop processing the last octet and instead receive the new
octet. This is normally not commonly used.
The TCP protocol is a reliable protocol, which means that we have a guarantee that the data will arrive at
the destination properly and without any errors. It ensures that the data being received by the receiving end
is arranged in the same correct order in which it was sent.
The TCP Protocol relies on a virtual circuit between the client and the host. The circuit is opened via a 3
part process known as the three part handshake. It supports full duplex transportation of data which means
that it provides a path for two way data transfer. Hence using the TCP protocol, a computer can send and
receive datagrams at the same time.
Some common flags of TCP are-:
RST [RESET]- Resets the connection.
PSH [PUSH] - Tells receiver to pass all queued data to the application running.
FIN [FINISH] - Closes connection following the 4 step process.
SYN Flag - means that the machine sending this flag wants to establish a three way handshake i.e.
a TCP connection. The receiver of a SYN flag usually responds with an ACK message.
So now we are in a position to represent a three way TCP Handshake:
A <---SYN---> B
A <---SYN/ACK? B
A <---ACK---> B
A sends a SYN flag to B saying " I want to establish a TCP connection", B responds to the SYN with the
ACK to the SYN flag. A again responds to the ACK sent by B with another ACK.
Read RFC 793 for further in depth details about the TCP protocol.
The User Datagram Protocol or the UDP Protocol
The User Data protocol or the UDP is yet another protocol which is a member of the Transport Layer. TCP
is the standard protocol used by all systems for communications. TCP is used to break down the data to be
transported into smaller datagrams, before they (the datagrams) are sent across a network. Thus we can say
that TCP is used where more than a single or multiple datagrams are involved.
Sometimes, the data to be transported is able to fit into a single datagram. We do not need to break the data
into smaller datagrams as the size of the data is pretty small. The perfect example of such data is the DNS
system. To send out the query for a particular domain name, a single datagram is more than enough. Also
the IP that is returned by the Domain Name Server does not require more than one datagram for
transportation. So in such cases instead of making use of the complex TCP protocol, applications fall back
to the UDP protocol.
The UDP protocol works almost the way TCP works. But the only differences being that TCP breaks the
data to be transferred into smaller chunks, does sequencing by inserting a sequence number in the header
and no error control. Thus we can conclude by saying that the UDP protocol is an unreliable protocol with
no way to confirm that the data has reached the destination.
The UDP protocol does insert a USP header to the single datagram it is transporting. The UDP header
contains the Source and Destination IP Addresses and Port Numbers and also the Checksum value. The
UDP header is comparatively smaller than the TCP Header.
It is used by those applications where small chunks of data are involved. It offers services to the User's
Network Applications like NFS(Network File Sharing) and SNMP.
Read RFC 768 for further in depth details about the UDP protocol.
THE NETWORK LAYER
The IP Protocol
Both the TCP and the UDP protocols, after inserting the headers to the datagram(s) given to them pass
them to the Internet Protocol or the IP Protocol. The main job of the IP protocol is to find a way of
transporting the datagrams to the destination receiver. It does not do any kind of error checking.
The IP protocol too adds it's own IP Header to each datagram. The IP header contains the source and
destination IP addresses, the protocol number and yet another checksum. The IP header of a particular
datagram looks like-:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|Version| IHL |Type of Service| Total Length |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Identification |Flags| Fragment Offset |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Time to Live | Protocol | Header Checksum |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Source Address |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Destination Address |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| TCP header info followed by the actual data being transferred|
| |
The Source and destination IP addresses and needed so that?well it is obvious isn't it? The Protocol
number is added so that the IP protocol knows to which Transport Protocol the datagram has to be passed.
You see various Transport Protocols are used like for example TCP or UDP. So this protocol number is
inserted to tell IP the protocol to which the datagram has to be passed.
It too inserts it's own Checksum value which is different from the Checksum Value inserted by the
Transport Protocols. This Checksum has to be inserted as without it the Internet Protocol will not be able to
verify if the Header has been damaged in the transfer process and hence the datagram might reach a wrong
destination. The Time to Live field specifies a value which is decreased each time the datagram passes
through a network. Remember Tracert?
The Internet Protocol Header contains other fields as well, but they are quite advanced and cannot be
included in a manual which gives an introduction to the TCP\IP protocol. To learn more about the IP
protocol read RFC 791.
The Internet Control Message Protocol or the ICMP
The ICMP protocol allows hosts to transfer information on errors that might have occurred during the data
transfer between two hosts. It is basically used to display error messages about errors that might occur
during the data transfer. The ICMP is a very simple protocol without any headers. It is most commonly
used to diagnose Network Problems. The famous utility PING is a part of the ICMP protocol. ICMP
requests do not require the user or application to mention any port number as all ICMP requests are
answered by the Network Software itself. The ICMP protocol too handles only a single datagram. That's
why we say in PING only a single datagram is sent to the remote computer. This protocol can remote many
network problems like Host Down, Congested Network etc
Read RFC 792 for further in depth details about the ICMP protocol.
The Link Layer
Almost all networks use Ethernet. Each machine in a network has it's own IP address and it's Ether
Address. The Ether Address of a computer is different than it's IP address. An Ether Address is a 42 bit
address while the IP address is only a 32 bit address. A Network must know which computer to deliver the
datagram to. Right? For this the Ether Header is used.
The Ether Header is a 14 octet header that contains the Source and Destination Ethernet address, and a type
code. Ether too calculates it's own Checksum value. The Type code relates to the protocol families to be
used within the Network. The Ether Layer passes the datagram to the protocol specified by this field after
inserting the Ether Header. There is simply no connection between the Ethernet Address and the IP address
of a machine. Each machine needs to have a Ethernet to IP address translation table on its hard disk.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Ethernet destination address (first 32 bits) |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Ethernet dest (last 16 bits) |Ethernet source (first 16 bits) |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Ethernet source address (last 32 bits) |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Type code |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| IP header, then TCP header, then your data |
| |
| |
| |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Ethernet Checksum |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Address Resolution Protocol or ARP
Data before being transmitted across the Internet or across a local network is broken down into smaller
Packets which are suitable for transfer over the net. These packets have the Source and Destination IP's but
for the transfer to take place the suitable Hardware Addresses or the MAC addresses must also be known.
That is where ARP comes in.
To get the Hardware MAC addresses, ARP or Address Resolution Protocol sends a request message. The
Router replies with the Hardware Address. It is similar to the DNS and it too has a cache. This cache can be
a bit vulnerable as a Hacker could forge a connection from a remote machine claiming to be one of the
cached locations. So we can conclude that ARP translates IP's into Ethernet Addresses. One thing to
remember about ARP is that it only translates outgoing packets.
There is also something called the RARP which is an abbreviation for Reverse Address Resolution
Protocol, which like the name says does exactly reverse of what ARP does.
There is simply no algorithm to get the Ethernet Address from the IP Address. To carry out such
translations, each computer has a file which has a table with rows for each computer and two columns for
their corresponding IP address and Ethernet Address. The File is somewhat like the following-:
Internet Protocol Address Ethernet Address
Computer Name xxx.xy.yy.yx 08-00-39-00-2F-C3
Say there are a system in a Network (A) and an unidentified system (B) contacts it. Now A only knows the
IP address of B. Now A will first try to identify whether B is the same network so that it can directly
communicate via Ethernet. So it will first check the IP to MAC address translation table which it has. If it
finds the IP in the table then well and good and A will establish a connection with B via Ethernet.
On the Other hand if A does not find any match for the specific IP, it will send out a request in the form of
a 'Broadcast'. All computers within the Network will receive this broadcast and will search their own IP to
MAC translation table and will reply with the necessary MAC address. A basic difference between an Ip
address and MAC address is that an IP is the form xxx.xxx.xxx.xxx and a MAC address is in the form
xx:xx:xx:xx:xx:xx and one is 32 bit while the other is 40 bit.
Read RFC 826 for further in depth details about the ARP protocol.
Application Layer
Till now you have learnt how data is broken down into smaller chunks, and transferred to the destination,
where the chunks are rearranged. But there is yet another aspect to a successful data transfer process, which
we have not discussed yet: The Application Protocols and the Application Layer itself. A host which
receives datagrams has many applications or services (daemons) running which are ready to establish a
TCP connection and accept a message. Datagrams travelling on the Internet must know which application
they have to establish connection with, which application they have to send the message to. A typical web
server will have the FTP daemon, the HTTP daemon, the POP daemon, and the SMTP daemon running.
Wouldn't the datagrams get confused as to which daemon to send the message to.
For the datagrams to know which computer to send the message to, we have IP addresses. The datagram
knows what daemon or application to send the message to by the Port Number attached to the IP address of
the Destination. A TCP address is actually fully described by 4 numbers; The IP address of the Source and
Destination and the TCP Port Numbers of each end to which data is to be sent. These numbers are found in
the TCP Header.
To make it simpler to understand I have included an excerpt from the Net Tools Chapter:
What is all the hype about socket programming? What exactly are sockets?
TCP\IP or Transmission Control Protocol\ Internet Protocol is the language or the protocol used by
computers to communicate with each other over the Internet. Say a computer whose IP address is
99.99.99.99 wants to communicate with another machine whose IP address is 98.98.98.98 then would will
happen?
The machine whose IP is 99.99.99.99 sends a packet addressed to another machine whose IP is
98.98.98.98. When 98.98.98.98 receives the packet then it verifies that it got the message by sending a
signal back to 99.99.99.99.But say the person who is using 99.99.99.99 wants to have simultaneously more
than one connections to 98.98.98.98.....then what will happen? Say 99.99.99.99 wants to connect to
the FTP daemon and download a file by FTP and at the same time it wants to connect to 98.98.98.98's
website i.e. The HTTP daemon. Then 98.98.98.98. will have 2 connects with 99.99.99.99 simultaneously.
Now how can 98.98.98.98.distinguish between the two connections...how does 98.98.98.98. know which
is for the FTP daemon and which for the HTTP daemon? If there was no way to distinguish between the
two connections then they would both get mixed up and there would be a lot of chaos with the message
meant for the HTTP daemon going to the FTP daemon. To avoid such confusion we have ports. At each
port a particular service or daemon is running by default. So now that the 99.99.99.99 computers knows
which port to connect to, to download a FTP file and which port to connect to, to download the web page,
it will communicate with the 98.98.98.98 machine using what is known as the socket pair which is a
combination of an IP address and a Port. So in the above case the message which is meant for the FTP
daemon will be addressed to 98.98.98.98 : 21 (Notice the colon and the default FTP port suceeding it.).
So that the receiving machine i.e. 98.98.98.98 will know for which service this message is meant for and to
which port it should be directed to.
In TCP\IP or over the Internet all communication is done using the Socket pair i.e. the combination of the
IP address and the port.
*****************
HACKING TRUTH: Learn More about Ports, IP addresses and Sockets by reading the Net Tools Chapter.
*****************
The Application Layers basically consists of the Applications running on your computer and the
Applications running on the host to which you are connected. Say you are viewing the Hotmail Site, then
the application layer comprises of the Web Browser running on your computer and the HTTP daemon
running at Hotmail's server and the Application Protocol being used to communicate is HyperText Transfer
Protocol.
As soon as a TCP connection is established the Applications running on Each end decide the language or
protocol to be used to communicate and send datagrams.
IP Spoofing Torn Apart
IP spoofing is the most exciting topic you will hear wannabe hackers talking about. It is also a subject
about which no one knows much. Before we continue I would like to tell you that IP Spoofing is quite
difficult to understand and a lot of people have trouble understanding how it is done. The other downside it
has is the fact that it can almost not be done using a Windows system and a system administrator can easily
protect his system from IP spoofing
So what is IP Spoofing? IP Spoofing is a trick played on servers to fool the target computer into thinking
that it is receiving data from a source other than you. This in turn basically means to send data to a remote
host so that it believes that the data is coming from a computer whose IP address is something other than
yours. Let's take an example to make it clear:
Your IP is : 203.45.98.01 (REAL)
IP of Victim computer is: 202.14.12.1 (VICTIM)
IP you want data to be sent from: 173.23.45.89 (FAKE)
Normally sitting on the computer whose IP is REAL, the datagrams you send to VICTIM will appear to
have come from REAL. Now consider a situation in which you want to send a datagram to VICTIM and
make him believe that it came from a computer whose IP is FAKE. This is when you perform IP Spoofing.
The Main problem with IP Spoofing is that even if you are able to send a spoofed datagram to the remote
host, the remote host will reply not to your real IP but to the Fake IP you made your datagram seem to have
come from. Getting confused? Read the following example to clear up your mind.
Taking the same IP's as in the last example, consider the following scenario. Now, if REAL connects to
VICTIM, after the standard three way handshake has taken place, and VICTIM sends an ACK message to
REAL. Now if you spoof you IP, to say FAKE, then VICTIM will try to establish a TCP connection and
will send an ACK message to FAKE. Now lets assume that FAKE is alive, then as it had not requested the
ACK message (sent by VICTIM to FAKE) it will reply with a NACK message which would basically end
the connection and no further communication between FAKE and VICTIM would take place. Now if
FAKE doesn't exist then the ACK message sent by VICTIM will not get any reply and in the end the
connection times out.
Due to this FAKE and REAL IP reasons, when a person is trying to perform an IP Spoof, he does not get
any response from the remote host and has no clue whether he has been successful or not. If he has made
any progress or not. You are as good as blind, with no medium through which you could get feedback.
IP Spoofing can be successful only if the computer with the FAKE IP does not reply to the victim and not
interrupt the spoofed connection. Take the example of a telephone conversation, you can call up a person
' x ' and pretend to be ' y ' as long as ' y ' does not interrupt the conversation and give the game away.
So why would you need to perform IP Spoofing-:
1.) To Pretend that you are some other computer whose IP address is amongst the trusted list of computers
on the victim's disk. This way you are exploit the 'r' services and gain access to the network as you are
then believed to be from a trusted source.
2.) To Disguise or Mask your IP address so that the victim does not know who you really are and where
the data is coming from.
If you ever read the alt.2600 or the alt.hacking newsgroup, you would probably find many postings like "I
have Win98, how do I Spoof my IP" or even " I do not know TCP/IP. tell me how to perform IP spoofing".
You see the very fact that they are posting such questions and expect to learn how to spoof their IP without
even knowing a bit about TCP\IP, confirms the fact that they would not be able to perform IP Spoofing. No
I am not saying that asking questions is bad, but you see not knowing something is not so bad, but not
knowing something and showing ignorance towards learning it is really, really bad.
You see IP spoofing is a very complex and difficult to perform subject. You need to hog entire TCP/IP and
Networking Protocols manuals and need to be able to write C programs which will help you in the
Spoofing process. It is amazing how people even think that they can spoof their IP without even knowing
what TCP/IP stands for.
You see all packets travelling across the Internet have headers which contain the source and destination IP
addresses and port numbers, so that the packet knows where to go and the destination knows where the
packet has come from and where to respond. Now the process of Spoofing means to change the source IP
address contains by the Header of the packet, in turn fooling the receiver of the Packets into believing that
the packet came from somewhere else, which is a fake IP. Now let's again look at the IP Header of a
datagram.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|Version| IHL |Type of Service| Total Length |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Identification |Flags| Fragment Offset |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Time to Live | Protocol | Header Checksum |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Source Address |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Destination Address |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| TCP header info followed by the actual data being transferred |
|
Now basically to perform IP spoofing we need to be able to change the value of the field, Source Address.
Now to this you need to be able to guess sequence numbers which is quite a sophisticated process and I will
try to explain it as clearly as possible. Before we go on, you need to understand the fact the IP spoofing is
not the entire process, it is just a stepping stop in the entire process of fooling the remote host and
establishing a trust relationship with the remote host.
So how do these trust relationships take place? Well all of you are encountered with some form of
authentication process or the other. Now the Username-Password pair is the most commonly used form of
authentication, with which we are very much familiar. Now what happens in the Username-Password form
of authentication is that the remote host to which the client is connected to challenges the client by asking
the User to type in the Username and Password. So in this form of authentication, the User needs to
intervened and the remote host challenges the user to enter the Username and Password which act as a from
of authentication.
Now other than the Password-Username form of authentication there is yet another form of authentication
most users do not know of. This is the Client IP. In this form of authentication, what happens is that the
remote host gets or find out the IP address of the client and compares it with a predefined list of IP's. If the
IP of the client who is trying to establish a connection with the remote host is found in the list of IP's
maintained by the host, then it allows the client access to the shell 'without a password' as the identity of
the client has already been authenticated.
Such kind of rust relationships are common in Unix Systems which have certain 'R services' like rsh ,
rlogin , rcp which have certain security problems and should be avoided. Despite the threat involved most
ISP's in India still keep the ports of the R services open to be exploited by Hackers. You normally establish
a Rlogin trust relationship by using the Unix command,
$>rlogin IP address
**************
HACKING TRUTH: Well there is definitely a cooler way of establishing a trust relationship with a remote
host, using Telnet. The default port numbers at which the R services run are 512, 513,514
**************
So how do I spoof my IP? Well in short, to spoof your IP, you need to be able to predict sequence numbers,
this will clearer after reading then next few paragraphs.
To understand Sequence Numbers you need to go back to, how the TCP protocol works. You already
know that TCP is a reliable protocol and has certain in-built features which have the ability to rearrange, re-
send lost, duplicated or out of sequence data. To make sure that the destination is able to rearrange the
datagrams in the correct order, TCP inserts two sequence numbers into each TCP datagram. One Sequence
number tells the receiving computer where a particular datagram belongs while the second sequence
number says how much data has been received by the sender. Anyway, let's move on, TCP also relies on
ACK and NACK messages to ensure that all datagrams have reached the destination error free.
Now we need to reanalyze the TCP Header to understand certain other aspects of sequence numbers and
the ACK Number.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Source Port | Destination Port |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Sequence Number |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Acknowledgment Number |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Checksum | Urgent Pointer |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| The Actual Data form the next 500 octets |
| |
You see the TCP Header contains a Sequence Number which actually represents the sequence number of
the first byte of that particular TCP segment. A sequence number is a 32 Bit number which is attached to
all bytes (data) being exchanged across a Network. The ACK Number Field in the TCP header, actually
contains the value of the sequence number which it expects to be the next. Not only that, it also does what
it was meant to do, acknowledge data received. Confused? Read it again till you get the hang of it.
When a connection is established, the initial sequence number or ISN is initialized to 1. This ISN number
is then incremented by 128,000 every second. There is a certain patter according to which the sequence
numbers increment or change which makes then easy to predict.
To successfully perform IP spoofing or in order to predict Sequence Numbers, you need to be running a
form of UNIX, as Windows does not provide the users with access to really advanced system stuff.
Without a form of Unix IP Spoofing is almost impossible to do.
This text is not the ultimate guide to IP Spoofing and was aimed at only giving you a general outline of the
whole process. Sequence number Prediction is really, really sophisticated and difficult to understand, but
not impossible to do. However a system administrator can easily save his systems from IP spoofing and this
actually makes it quite useless, nonetheless truly exciting. If You really want to learn IP Spoofing I suggest
you read IP Spoofing Demystified by daemon9/route/infinity which was a part of Issue 48 of PHRACK
magazine, File 14 of 18. Go to the Archive Section of their site, http://www.phrack.com and click on Issue
48.
This brings me to the other purpose people use IP Spoofing, IP Masking. Now to something as simple as
mask or hide your IP you do not need to go through the complex procedure of guessing sequence numbers
and performing IP Spoofing. There are proxy servers to do that for you. Read the Net Tools chapter for
further details.
Port Scanning in Networking Terms
Earlier we learnt what a Port scan is why it is considered to be such a important tool of getting information
about the remote host, which in turn can be used to exploit any vulnerabilities and break into the system.
We all know how a manual Port Scan works. You launch Telnet and manually Telnet to each Port jotting
down information that you think is important. In a manual Port Scan, when you telnet to a port of a remote
host, a full three way handshake takes place, which means that a complete TCP connection opens.
The earliest and the oldest version of Port Scanners used the same technique. They connected to each port
and established a full three way handshake for a complete TCP connection. The downside of such port
scanners was the fact that as a full TCP connection was being established, the system administrator could
easily detect that someone is trying to port scan his systems to find a vulnerability. However such port
scanning methods also had a bright side, as an actual TCP connection was being established, the port
scanning software did not have to build a Fake Internet Protocol Packet. (This IP Packet is used to scan the
remote systems.) Such TCP scanners too relied on the three-way TCP handshake to detect if a port is open
or not. The Basic process of detecting whether a port is open or not has been described below:
1.) You send a TCP Packet containing the SYN flag to remote host.
2.) Now the remote host checks whether the port is open or not. If the port is open then it replies with a
TCP packet containing both an ACK message confirming that the port is open and a SYN flag. On the
other hand if the port is closed then the remote host sends the RST flag which resets the connection, in
short closes the connection.
3.) This third phase is optional and involves the sending of an ACK message by the client.
As TCP Scanners were detectable, programmers around the world developed a new kind of port scanner,
the SYN Scanner, which did not establish a complete TCP connection. These kinds of port scanners remain
undetectable by only sending the first single TCP Packet containing the SYN flag and establishing a half
TCP Connection. T understand the working of a SYN or Half SYN Port Scanner simply read its 4 step
working-:
1. SYN Port Scanner sends the first TCP packet containing the SYN flag to the remote host.
2. The remote system replies with, either a SYN plus ACK or a RST.
3. When the SYN Port scanner receives one of the above responses, it knows whether the respective port
is open or not and whether a daemon is ready listening for connections.
The SYN Port Scanners were undetectable by most normal system port scan detectors, however newer post
scan detectors like netstat and also some firewalls can filter out such scans. Another downside to such
scanning is that the method in which the scanner makes the IP packet varies from system to system.
UDP Scanning
It is yet another port scanning technique which can be used to scan a UDP port to see if it is listening. To
detect an open UDP port, simply send a single UDP Packet to the port. If it is listening, you will get the
response, if it is not, then ICMP takes over and displays the error message, " Destination Port
Unreachable".
FIN Port Scanners
FIN Port Scanners are my favorite type of port scanners. They send a single packet containg the FIN flag. If
the remote host returns a RST flag then the port is closed, if no RST flag is returned, then it is open and
listening.
Some port scanners also use the technique of sending a ACK packet and if the Time To Live or ttl of the
returning packets is lower than the RST packets received (earlier), or if the windows size is greater than
zero, then the port is probably open and listening.
The Following is the code of a supposedly Stealth Port Scanner which appeared in the Phrack Magazine.
/*
* scantcp.c
*
* version 1.32
*
* Scans for listening TCP ports by sending packets to them and waiting for
* replies. Relys upon the TCP specs and some TCP implementation bugs found
* when viewing tcpdump logs.
*
* As always, portions recycled (eventually, with some stops) from n00k.c
* (Wow, that little piece of code I wrote long ago still serves as the base
* interface for newer tools)
*
* Technique:
* 1. Active scanning: not supported - why bother.
*
* 2. Half-open scanning:
* a. send SYN
* b. if reply is SYN|ACK send RST, port is listening
* c. if reply is RST, port is not listening
*
* 3. Stealth scanning: (works on nearly all systems tested)
* a. sends FIN
* b. if RST is returned, not listening.
* c. otherwise, port is probably listening.
*
* (This bug in many TCP implementations is not limited to FIN only; in fact
* many other flag combinations will have similar effects. FIN alone was
* selected because always returns a plain RST when not listening, and the
* code here was fit to handle RSTs already so it took me like 2 minutes
* to add this scanning method)
*
* 4. Stealth scanning: (may not work on all systems)
* a. sends ACK
* b. waits for RST
* c. if TTL is low or window is not 0, port is probably listening.
*
* (stealth scanning was created after I watched some tcpdump logs with
* these symptoms. The low-TTL implementation bug is currently believed
* to appear on Linux only, the non-zero window on ACK seems to exists on
* all BSDs.)
*
* CHANGES:
* --------
* 0. (v1.0)
* - First code, worked but was put aside since I didn't have time nor
* need to continue developing it.
* 1. (v1.1)
* - BASE CODE MOSTLY REWRITTEN (the old code wasn't that maintainable)
* - Added code to actually enforce the usecond-delay without usleep()
* (replies might be lost if usleep()ing)
* 2. (v1.2)
* - Added another stealth scanning method (FIN).
* Tested and passed on:
* AIX 3
* AIX 4
* IRIX 5.3
* SunOS 4.1.3
* System V 4.0
* Linux
* FreeBSD
* Solaris
*
* Tested and failed on:
* Cisco router with services on ( IOS 11.0)
*
* 3. (v1.21)
* - Code commented since I intend on abandoning this for a while.
*
* 4. (v1.3)
* - Resending for ports that weren't replied for.
* (took some modifications in the internal structures. this also
* makes it possible to use non-linear port ranges
* (say 1-1024 and 6000))
*
* 5. (v1.31)
* - Flood detection - will slow up the sending rate if not replies are
* recieved for STCP_THRESHOLD consecutive sends. Saves alot of resends
* on easily-flooded networks.
*
* 6. (v1.32)
* - Multiple port ranges support.
* The format is: |[,|,...]
*
* Examples: 20-26,113
* 20-100,113-150,6000,6660-6669
*
* PLANNED: (when I have time for this)
* ------------------------------------
* (v2.x) - Multiple flag combination selections, smart algorithm to point
* out uncommon replies and cross-check them with another flag
*
*/
#define RESOLVE_QUIET
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "resolve.c"
#include "tcppkt03.c"
#define STCP_VERSION "1.32"
#define STCP_PORT 1234 /* Our local port. */
#define STCP_SENDS 3
#define STCP_THRESHOLD 8
#define STCP_SLOWFACTOR 10
/* GENERAL ROUTINES ------------------------------------------- */
void banner(void)
{
printf("\nscantcp\n");
printf("version %s\n",STCP_VERSION);
}
void usage(const char *progname)
{
printf("\nusage: \n");
printf("%s [sf]\n\n",progname);
printf("\t : 0: half-open scanning (type 0, SYN)\n");
printf("\t 1: stealth scanning (type 1, FIN)\n");
printf("\t 2: stealth scanning (type 2, ACK)\n");
printf("\t : source address (this host)\n");
printf("\t : target to scan\n");
printf("\t : ports/and or ranges to scan - eg: 21-30,113,6000\n");
printf("\t : microseconds to wait between TCP sends\n");
printf("\t : seconds to wait for TCP replies\n");
printf("\t[sf] : slow-factor in case sends are dectected to be too fast\n\n");
}
/* OPTION PARSING etc ---------------------------------------- */
unsigned char *dest_name;
unsigned char *spoof_name;
struct sockaddr_in destaddr;
unsigned long dest_addr;
unsigned long spoof_addr;
unsigned long usecdelay;
unsigned waitdelay;
int slowfactor = STCP_SLOWFACTOR;
struct portrec /* the port-data structure */
{
unsigned n;
int state;
unsigned char ttl;
unsigned short int window;
unsigned long int seq;
char sends;
} *ports;
char *portstr;
unsigned char scanflags;
int done;
int rawsock; /* socket descriptors */
int tcpsock;
int lastidx = 0; /* last sent index */
int maxports; /* total number of ports */
void timeout(int signum) /* timeout handler */
Interview tips
What Not to Say in the Interview
1) Negative comments about your current or past employers and co-workers.
No good can come from talking down your past employers. You run the risk of seeming like an employee that may be a "management problem."
2) Requests for special hours or equipment unless you have a handicap that necessitates special accommodations.
3) Avoid initiating salary discussions or making demands in the early interview stages.
Let the prospective employer initiate salary discussions. It is OK to give a range, or to ask what they feel the range is for the position. However, it can be a turnoff if you are the one to initiate the subject of salary.
4) Asking about vacation days, sick days or holidays.
This can be a turnoff because you may seem more interested in time off rather than the job itself. Would a hardworking, dedicated employee be more focused on days off or doing a good job?
5) Don't give a list of the things you won't do.
Telling an interviewer that you don't answer phones, or file, or work overtime is another alarm. Make sure you apply for positions that are appropriate for you, and understand that there will always be tasks that are not enjoyable.
6) Asking, "What is it your company does again?"
Take the time to know about the company before you interview.
7) "I don't know, I just saw your ad and I thought I'd give this a try."
Yes, candidates really say this. Always prepare yourself. If you don't know why you are there, or how this position fits in with your goals, maybe you should not be there.
"I don't have any negative points."
In an interview, you may be asked to list your negative qualities. Have at least one ready, and more importantly explain how you are working to improve it. Another angle is to explain how it is negative and also positive. For example, "Once I start a project I throw myself into it and sometimes neglect personal obligations. I have to keep myself in check to avoid burnout."
9) Avoid argumentative statements.
Remember you want to be liked and fit in. If you are hired you will have plenty of time to learn their business and make suggestions. The interview is not the time to argue and force your opinions.
10) No whining or complaining.
Leave your personal problems at home. Present yourself as a strong, capable person that can overcome setbacks and challenges.
How to Find Your Dream Career
If You find the work you love...
When I was a little kid, I had a crazy dream of traveling to the Moon, because I found this golden glowing orb in the night sky so alluring. This childish dream materialized in a hard grueling career as an Electrical Engineer.
Fifteen long years later, my changing circumstances and the instinct for survival turned me into a 'Do-it-all' office administrator. Another three long and hard years passed before I knew I could not take it any longer. Another career change was in order...
My secret innermost longings of becoming a writer beckoned very strongly. And that's what I am today with another crazy dream of turning out a best seller some day...
Do You even Know What Your Dream Career is?
Here is a 7 Step Exercise to Help You Find Your True Career Path...
Take a notepad and pen, sit in a quiet peaceful and inspiring spot and pour out your no-holds-barred answers to the following questions...
1. Can You imagine a day at your Dream career? Describe it.
2. Do You know how much you earn at Your Dream Job?
3. Do You know where your office is located for Your dream Career? Describe the decor and set up of your work space.
4. Do You know how much time you devote to your dream work? Write about the hours you work, the time you spend and the commute time, and how do you get to your dream work place?
5. Do You know what industry you would like to work in or service you would love to provide? Who benefits from your service or product? What do they love about it most?
6. Can you see yourself interacting with your co-workers / family in your dream career? How does your family respond to it?
7. Imagine you have just met your long lost friend, and you are excitedly telling him/her about your career. What would you say? Write it down.
TARGET EVERYTHING
Everything that is a part of the job search process is used to target the right job for you.
How do you target your career path? First, read this article titled, "Career Philosophy". It helps explain the importance of choosing a career that fits with your values and goals. Knowing who you are and what means the most to you is a true benefit when determining what career to choose. Next, read: Career Planning Choices. It will provide you with a clear understanding of what you are looking for in an employer. A variety of questions will help you clarify the importance of certain ideas and concepts and how they relate to your happiness on the job. Employers are not created equal after all.
Applying this kind of valuable information to your situation can make a huge difference in how you approach the future – YOUR future.
The reason that articles such as these offer such wonderful benefits is that they are based on YOU, YOUR NEEDS and YOUR GOALS. If you are going to be able to recognize which career path best suits your needs and goals, then you have to put some thought into it. The same holds true for selecting the best employer(s) to target with your resume.
5 Ingredients Of The Perfect Job
There are as many concepts and definitions of what should a perfect job look like as there are adult men and women. For some, it could well be the one which takes little or no commuting while many would rate a high paying job a perfect one. There is also a good deal of majority that rates less of bossism as uppermost when it comes to choosing a perfect job? Well, the big question on hand is whether your current job is a perfect one or not.
Defining the Basics of a Perfect Job
An ideal job has many attributes. But practically speaking, an ideal job never exists at all. So how do we define a perfect job?
A perfect job is one in which you excel, have the aptitude for and that you are very much comfortable with. Here are few more key points that define a perfect job:
1. Growth opportunity:
Jobs that provide great growth opportunity, regardless of whether you joined at a lower or middle level, stands out as the top characteristic of a perfect job. Most employers offer a structured career growth plan, as in the case of government jobs, while some others provide out-of-turn growth opportunity as a reward for performance. Small, up-and-coming companies, unlike large, lean & mean corporations will not have too many organizational ranks. So you have fewer rungs to climb up to the top.
2. Adequate Salary:
This could well have made it to the top of the list. Your salary package may include a car, insurance, or paid vacations. Before you accept the offer, you should compare salaries across the industry for your career level.
3. A Great Boss:
Many people would like to believe that it is the boss who makes your job hell. Whether there is truth in this or not, the fact of the matter is that a great boss can also make your career flourish. Just as companies like to say that good help is hard to find, it is equally as hard to find a good boss!
4. Job Duties:
Your responsibilities, along with your working environment, are what hold the key to your success. Even any additional responsibilities offered, as you move up the ladder, can be enjoyable if it doesn’t push you into doing grunt work. You must understand that in every job, you will have to do at least some pencil pushing. But those should not become your primary duties.
5. The Working Environment:
A perfect job will provide a motivating environment in which to work. Everything about such an environment is conducive to working comfortably and will help you to perform at your peak. De-motivating environments may be caused by any number of reasons. But before you begin to complain, look inwards first. Certain things can be corrected by you, too.
Fear of Interviewing
Your heart is beating faster than usual, your hands feel clammy, your mouth is so dry it feels like you have cotton inside – and your supposed to feel confident. Are you going to an interview or a torture session? The answer is – “it’s all in your perspective.”
Ideally you would sit poised thumbing through a magazine, feeling relaxed as you wait your turn to have a conversation with the interviewer for the company. Think about it - what do you have to lose here? What’s the worst thing that can happen? What if you don’t get this job - is the world going to stop turning? I realize of course, that bills must be paid, but you are taking the wrong approach if you are going to come across as desperate – “Please, please, hire me.” Interviewers smell fear.
A change in thinking
The first, and most important step is to change the way that you view the interview. This is not an appointment with the dentist who may inflict pain. It is a conversation with another person. What is the worst thing that can happen as a result of the interview? You won’t get the job, which may not have been the right job for you anyway.
Secondly, this is a conversation - a two-way process. You will be interviewing them as much as they are interviewing you. Is there a good fit here – both ways? What looks good on paper may not be what it appears – for either party. It will be part of your job during the interview to investigate whether this a good place for you, and whether you want to invest a significant part of your life here. When you are not checking them out and what they have to offer you are missing an opportunity that you may regret later.
Calming techniques
One of the best techniques to handle stress is through breathing. Take deliberate, shallow breaths. Take air in through the nostrils and exhale quietly through your mouth. This is a technique that should be practiced as a relaxation technique before the interview so that your body gets used to slowing down the breathing process and relaxing.
Relaxation techniques such as yoga, and meditation classes, are recommended for anyone who has an extreme case of “interview fright.” The interview can cause panic attacks if the fear is strong enough. Pre-conditioning will do wonders for this type of anxiety.
Preparation before the interview
These are competitive times and you should steel yourself to expect some rejection. Think about it this way, “Did you get a marriage proposal after every date?” Well, you probably aren’t going to get a job offer after every interview.
For every job you apply for there are more than likely three to four equally qualified candidates in line for the same job. Whether you stand out from “the crowd” will depend on your preparation and ability to show confidence in yourself – believing that you are the “best candidate for this job.” How can you possibly sell anyone anything if you don’t believe in it yourself?
Preparation will make you feel more confident and less anxious. Can you imagine giving a performance without some practice and preparation? “Winging” the interview in today’s market is a big mistake.
Fear of Rejection
You may have had a number of interviews with no offer. You may be feeling defeated, and it’s beginning to affect your-self esteem.
This would be true of anyone. But it is a mistake to take it personally. There are so many factors that could be affecting the offer that it is impossible to say what is happening. There may be internal candidates, relatives promised jobs, a competitor who is a perfect match for the job, a lack of chemistry between you and the new boss, a mismatch in salary needs, etc., etc.
Let it go
Give yourself credit for getting an interview – only a small percentage of people get this far in the process. Give yourself credit for going out there and putting yourself on the line, even though it is painful for you. Give yourself permission to not get job offers. Believe that an offer will come through when it is the right offer – the right fit for the company and for you. Take the control back and reject the feeling of fear.
When you have done everything to prepare for the interview, and you are satisfied that you can present yourself in the best light possible, the next step is for you to let it go. You can learn something from each interview. Learn to enjoy meeting new people and having new experiences. Who knows you may even grow to like interviewing.
Top 6 Tax Tips for Self-employed
1. Keep good records – save all your receipts and use some simple software to keep track of your credits and debits.
2. Get a good help- whether this is an accountant or somebody familiar with the subject.
3. Deduct child care costs and medical expenses.
4. Set up an RRSP – the allowance you contribute is tax free.
5. The RRSP allowance you can contribute is deductible form your income and can put you in a lower tax bracket.
6. If you have separate office or you are using part of your house as an office, deduct this percentage off your monthly payments.
10 WAYS TO BELIEVE IN YOURSELF
Throughout recorded history personal worth was often measured by an individual's willingness to take risks. Perhaps Englishman John Heywood best summed up risk taking when he wrote in 1546, "Not venture nought have."
However there is an inherent difference between reckless risk and calculated risk. An old American proverb counsels against rashness: "Swift risks are often attended by precipitate falls."
So in today's unpredictable job market, how can ensure that any risk you take is worth any potential gain? One of the best ways I know is to believe in yourself. Easier said then done, you say. Then, let my Top Ten List of Ways To Believe In Yourself be your guide:
1. Think of ways you can be your best.
2. Focus on your strengths not your weaknesses.
3. Remind yourself of who you are becoming.
4. Like Magellan, have faith in yourself and know it will happen.
5. Challenge yourself to be all you can be, more so than you've ever been.
6. Encourage yourself to keep going, keep building this new you.
7. Acknowledge your successes.
8. Be unconditionally constructive.
9. Allow yourself to achieve greatness.
10.Take a stand for the success you deserve.
As your belief in yourself expands, any problems and challenges you face will lose their sense of power
How to Find Work You'll Love
Stuck in a job you can't stand? Feeling burned out and bored?
With unemployment at persistently high levels, many people today are doing work they hate, simply to make ends meet.
That's a short-term choice that could cost you dearly in the long run, according to Henry Neils, President of Edina, Minn.-based Assessment.com, a career advisory firm (special link - http://www.gresumes.com/MAPP)
"Michael Jordan doesn't go to work in the morning, and neither do any really successful people. Instead, they get paid for work they love," says Neils.
Want to get paid to do what you love?
Here are three ways to do just that .
1. Discover what you are designed to do
Did you know that Babe Ruth started out as a pitcher? But he chose to stop pitching so he could focus on hitting. He took a lot of heat for this, because he was a good pitcher. Yet Babe stuck with his decision because he knew he was a GREAT hitter. Success followed.
What about you?
"If you want to go from 'good' to 'great,' know what your talents and motivations are, then use them as a foundation for growth," advises Neils.
To find out what motivates you, answer this question: if you won a million dollars in the lottery tomorrow and could quit working, what 3 things would you still do every day?
Would it be writing? Public speaking? Gardening? Teaching or healing others? Travel? Restoring classic cars?
"These are your strengths and they're yours for life. You can build on them, and they won't let you down," says Neils.
2. Do it
Once you discover what you love to do, make adjustments that let you do more of it. Some changes will be minor . and some radical.
"The idea is to spend more of your time using your strengths. That is where your performance and satisfaction both peak," advises Neils.
At this point, it's time to tell your boss. Include examples or stories to illustrate your true talents.
"Every piece of equipment in any company comes with an owner's manual, except the most important assets of all -- employees. So, by letting your boss know what makes you tick, he can put you in a position to get the best results for both the company and you. It's a win-win situation," says Neils.
3. Minimize everything else
You are designed to do something, but not everything. So don't try to do it all.
"A spoon is designed to help us eat and will last a lifetime in that role. But if you use a spoon to drive nails, it will wear out in about an hour," says Neils.
That means, to avoid burnout on the job, you should delegate or automate tasks you don't enjoy or do well.
But what if you're forced to do work that doesn't challenge or interest you?
"First, try to create a system to streamline what you're doing. For instance, a man with low talent for time management found that it helped to use a Palm Pilot. Or, simply partner with someone who has high talent in
the area you dislike," advises Neils.
Now. This does not give you the right to shrug off any workplace task that doesn't thrill you. We all have to do things we don't enjoy -- the trash won't walk itself to the curb, for example.
But you don't have to spend your best years in a job that chokes off your passion and stifles your creativity. You certainly can align your work with your talents.
The most successful people throughout human history have one thing in common: they saw work as play. That's how they were able to put in the long hours of practice and toil that took them to the top. From Michelangelo to Michael Jordan, from Caesar to Clinton, these workplace wonders did what they loved to do, what they were born to do.
You can, too.
If you know what you do well, do more of it, and minimize the rest, you could find yourself in that most enviable position of all, getting paid to do what you love.
skills neccessary for a career
From the 1950's to the late 1980's, the concept of lifetime employment was considered one's ideal career path, where seniority determined career success.
Beginning in the 1990's to the present, technological advances have sped up market cycles, where companies started to go out of business, reorganize, and re-emerge as new companies to meet new demands in a shorter period of time. In response, the labor market had to become more flexible, providing their talents where they were needed. Workers were thus rewarded based on performance rather than seniority.
The ability to develop proficiency in transferable workplace skills has replaced seniority as a measure of employability. They are necessary for career success at all levels of employment.
21st Century Employability
Employability refers to possessing a set of core skill groups that are transferable from job-to-job and from industry-to-industry. To address what these skills are, the U.S. Department of Labor established a Commission on Achieving Necessary Skills (SCANS) in 1990.
In their 1991 report, What Work Requires of Schools, the commission's primary objective is to help teachers understand how curriculum and instruction must change to enable students to develop the specific foundation skills and competencies necessary for employment.
In their 1999 report, Skills and Tasks for Jobs: A SCANS Report for America 2000, the commission's primary objective is to expand on proposing acceptable levels of these core foundation skills and competencies. You can access full text versions of these reports from the Resources section for this course.
SCANS Foundation Skills and Competencies
SCANS determined that workplace skills from job-to-job and industry-to-industry consist of a core group of foundation skills and competencies.
Foundation skills are basic academic and behavioral characteristics from which to build competencies. The three SCANS foundation skill categories were identified as Basic Literacy Skills, Thinking Skills, and Personal Qualities.
Competencies are a combination of skills, abilities, and knowledge needed to accomplish a specific task; they are more closely related to what people actually do at work. The five SCANS competencies were identified as Resources, Information, Interpersonal, Systems, and Technology.
SCANS foundation skills and competencies are being integrated into industry skill standards, educational learning standards, and hiring/evaluation procedures throughout the U.S.
What is missing is the integration of these skills and competencies into the job search, resume writing, and career development processes. A lot of what you read and do on this site will focus on how you focus on your core skills; this is the foundation for achieving resiliency in your career
6 Factors of Career Success
What do employers look for in potential employees? That was the question that was posted recently on a career discussion forum online. Naturally, for each different position, the particular answers to that question would be different. However, there are some common skills that employers look for in all employees, whether the employee happens to be a network engineer or a fry cook.
In-Demand Skills for Success
1. BASIC SKILLS ‚ Reading, writing and arithmetic! Believe it or not, a good portion of high school graduates (and some college grads) do not read at an 8th grade level and cannot do multiplication in their head. Employers are seeking employees who can read well, can write coherently, and who can calculate mathematics in a business environment (fractions, percentages, etc.) Add to that the modern basic skills of keyboarding skill, basic computer knowledge, and ability to use most computerized tools (e.g. fax machine, basic word processing program, etc.) to round out the basic skill sets needed for employment success.
2. PERSONAL SKILLS‚ Can a potential employee speak well? Can he/she answer questions of customers in a positive, informative manner? Can the prospect provide good customer service? While not everyone has an outgoing sales' personality, successful employees can communicate in a non-confrontational, positive manner with their coworkers, team members, subordinates, management, and customers. Being able to work well with others is a vital skill for success in all jobs.
3. JOB ATTAINMENT‚ Job search is a process that requires a great deal of dedication and attention to be conducted successfully. It follows the old principal that many veteran programmers refer to as GIGO ‚ Garbage In, Garbage Out. If you put lousy effort in, you will receive lousy results. Employers are seeking employees who know how to present themselves in a positive manner and who display enthusiasm and knowledge about the companies they approach. Not only do candidates get evaluated on their skills and experience, but also on how they are approaching the job search. Enthusiastic candidates with fewer skills have an even chance of getting the job as dull candidates with better skills.
4. JOB SURVIVAL‚ Now there's a hot topic in this period of layoffs. Who gets the ax and who doesn't is often a matter of numbers, but it is also often a matter of performance. Employees who have consistently demonstrated their worth, taken initiative, and made themselves a valuable asset to the company have lower incidences of being downsized than employees who put forth mediocre or average effort in their jobs. Surviving within a company through layoffs or moving up the career ladder is a success skill that is learned and is consciously cultivated among successful professionals.
5. PROFESSIONAL DEVELOPMENT‚ As all high tech and engineering pros know‚ it's learn or burn in today's work environment. Attaining new skills, applying new concepts, updating established skills is an absolute necessity to succeed in today's work force. The successful individual is constantly attending seminars, taking classes, attaining training on new products or releases, and otherwise learning new skills that will keep them marketable in their careers. Successful people are lifelong learners. Employers are looking for people who have the training necessary to fulfill their needs.
6. CAREER DEVELOPMENT‚ Career Development differs from Professional Development. Professional Development is learning while Career Development is a planning and goal setting process. Successful individuals design a career plan with written goals for short term and long term. They lay out the steps needed to move their careers from Point A to Point B within Time Frame C and plan how they are going to achieve those steps. Successful people have someone to whom they are accountable for their progress and who will monitor their success in achieving their goals. Employers are seeking individuals who (believe it or not) wish to commit to the company for a long period of time. Good career progression is a high selling point of candidates to prospective employers.
Career Planning for Professionals
Do you have a career plan? Do you know where you want to be 10 years from now? 5 years? 1 year?
The reason for making decisions today about where you want to be tomorrow is so that you have the ability to actually get there.
If you don't know exactly where you want to be, you will be wandering aimlessly from position to position hoping that somehow it will all work out. Unfortunately, that isn’t how it works.
Think of it this way:
If you want to visit a friend who has moved out of state, you have to map it out or get directions. If you just start taking one street because it looks like the right way or another street because it seems to be pointing in the right direction, you will never get to where you want to go.
The great news is that Career Planning isn't some mystical smoke and mirrors experience. It's not hard at all. Just give yourself a little time and ask yourself a few questions and you'll be on the right track. As you have more time in the months and years to come, revisit your Career Plan and determine if it still makes sense for you or if you need to tweak it.
Yes, this is another task you have to do yourself. You can ask friends, family members and others who know you well if they can provide clues as to what they believe are your strengths and abilities, but only YOU know where your passion lies.
You are the only one who can create your destiny. You choose.
Take the time NOW to set the course for your future.
If you take the time to set your career goals, you will be ahead of 90% of the rest of the people out there who don’t bother to plan ahead. You will be more successful than your peers in the same field because you know where you are going and how you intend to get there. You will make more money and you will be much happier. Why? Because you didn't wait for destiny to step in. You took control of your life and made things happen.
The fact that you are looking on this website proves that you are so far above your peers. You want more information. You want to:
Plan ahead.
Be successful.
Work hard.
Make good, sound decisions.
Live with integrity.
Below are some additional links to career planning articles which will provide you with more information on career planning. Absorb everything you can. If it doesn't benefit you right now, it will definitely make a difference down the road.
Find out how to network you way to your next job in this amazing article Networking Your Way to a Great Job. The information in this article will blow you away.
Taking Career Tests can help you determine which career paths are best suited for you. If you want to be successful, you need to enjoy what you do and you will enjoy it much more if you are working in a field that is right for you.
Assessing your Career Strengths is a very important part of the job search process. When you follow the concepts outlined here, you will have a huge advantage over your competitors.
Would you like to see the Employer's Perspective in the job search process? Understanding how an employer thinks can provide insight and shed light on what you need to do to be successful.
If you are considering a career change, you will have to revamp your resume among other things. Follow this link Changing Careers to find out how to make your career change more successful. Planning is essential.
One of the most valuable pieces of information you will ever need can be found here:Your Personal and Professional Traits Take a few moments to familiarize yourself with something that employers REALLY want you to know.
What Do You Want to Be When You Grow Up? This is an excellent start for those who are not quite sure where their interests lie. Learn some techniques for clarifying your interests and goals. This is the essence of Career Planning.
Do you have Goals, Objectives and Tasks defined for the next month, year, or 5 years? Find out how you can achieve your goals. Then, when you have read that article, you can utilize the Goal Setting Template to simplify the process even more. Take your career planning to the next level.
Make your Career Planning Choices point YOU down the road to SUCCESS.
Common Job Search Misconceptions
Contrary to what you may think as you mop the sweat from your brow while contemplating your upcoming interviews, the recruiter who'll be sitting across the table from you wasn't born in a pinstriped suit with the keys to a Beamer in one hand and a Palm Pilot in the other.
In fact, at one point she was probably in the same position that you're in right now as you begin your search: Sitting in a one-room apartment eating ramen noodles and wondering if she'd ever find a job. Thinking that interviewers are genetically superior beings is one of the misconceptions that many job seekers seem to have as they prepare themselves for the interviews that will pull them out of their MSG-saturated college days and into the lightning pace of the business world.
Quite a few misconceptions seem to be floating around out there; WetFeet would like to explode some of them and, we hope, ease your pain.
Misconception Number One: My Resume Is a Comedy Routine
A lot of job seekers try to add panache to their resume by making them unconventional. Take it from us: Your resume is not the best forum for your dry wit.
It might seem like a great idea at the time to paste macaroni to your resume or describe your work experience in iambic pentameter. You're trying to prove your creativity and individuality, as well as give the recruiter a little taste of who you are. Trust us when we tell you that this isn't the you the recruiter wants to know. The you the recruiter wants to know would not create and submit a document called "The Resume Rap" that tries to rhyme the phrases "job experience" and "I think you'll dig this."
Truth: The Recruiters' Point of View
Recruiters want resumes that let them know what you will bring to the company and how you'll be a good addition to the team. They want this information in a format that is easily comparable to other resumes, a format that won't give them a headache. Your job is to make the recruiter's job easier so that he or she will want to hire you. Your job is not to show off your origami skills by folding your resume into a swan.
Misconception Number Two: The Recruiter Is Out to Get Me
One of the most popular fallacies among inexperienced job hunters is that the recruiter is out to get them. The fresh-faced grads coming out of college and heading to their first real job interviews seem to have a mental picture of the recruiter as a mustache-twirling Snidely Whiplash (from the "Dudley Do-Right" segments of Rocky and Bullwinkle) whose only goal is to mystify, humiliate, befuddle, and ding prospective job seekers, or at least tie them to some train tracks somewhere.
Truth: Bad Recruiters Don't Last
In fact, the interviewer isn't going to be hiding behind the door with a baseball bat waiting to ambush you when you show up in your freshly pressed new suit. Recruiters who dismiss everyone they interview probably aren't going to be recruiting for very long. They're supposed to be separating the wheat from the chaff, not just whacking everything they see with their scythe.
This isn't to say that you shouldn't be on top of your game when you're sitting across the table from your interviewer. Even though it isn't a recruiter's job to Shaq everybody who tries to get to the hoop, they do have to make sure that you've got game. The recruiter's job is to put you through your paces, making sure that you have the proper skills, education, and attitude to make it in the business world.
Even if it seems like malice when he puts the pressure on, he's just doing it to make sure that you can take the heat once he signs you on. If you've got your game with you, don't sweat it; your antiperspirant will hold up just fine—so will you, kid.
Misconception Number Three: I'll Fit in Anywhere
Say it's your first day at your new job. You made it past the interviews and won a cubicle of your very own. You arrive at 8:58 a.m. with the required first-day-on-the-job gear: A picture of your significant other or your cat, a couple of knickknacks to ensure that your desk has character, and the W-2 forms from the guys in HR.
You lay out your bric-a-brac, check your breath by blowing into your hand, and start asking around if there's any free coffee in the office. Suddenly, everyone around you stands up and gives a three-count. At three, your coworkers break into an a cappella version of "Wannabe" by the Spice Girls. There is dancing and high kicks, and Larry from accounting flips the lights on and off to simulate a strobe. You look around for Allen Funt but realize to your horror that you're not on Candid Camera. Even though the guy over by the copy machine looks like he phoned in that split, for the most part your fellow employees are getting into it.
Truths: Do your Homework
If you'd done a little research on the company before you signed on, you would have found out that it's a subsidiary of Sporty Spice enterprises and that the dance routine is a mandatory morning icebreaking exercise. You'll be expected to participate in full tomorrow and for the rest of your life at the company.
http://Corporate Culture Is Top Priority
So, when you're sitting in front of your computer at three a.m. trying to get your resume to print after you spilled coffee on the keyboard, corporate culture might not rate high on your list of concerns. But once you get the job, it can become priority number one no matter how many times you tell yourself that you'll make do.
If you don't fit in with the culture of your company, it will affect your happiness, your ability to work, and possibly your long-term health. Find out a little about what you're getting into before you sign on. If you don't, you might regret it in the morning. Oh, and look—here comes Larry with a Scary Spice wig and a tube top for you!
A Dream Job Is Waiting For Everyone
You know your workplace is just not where you want to be, so what's next? Are you ready to start the race to your dream job? Hey, you know, it's not the most difficult thing to do.
Your work place is past its sell by date and you get no sense of valued from your boss – or the organization. Your colleagues are ready and waiting to do anything to beat you.
Life isn't about a routine of day in, day out in some job you didn't really want. It's awful to feel stuck, when you realize you've still got the rest of your working life to come.
Life is about living and feeling alive, so make some changes and realize your full potential! No one is forcing you to stay in a job you hate and no one is holding you back from your dreams – except yourself, that is.
And the fact, the honest truth that it's all down to you is often the bitterest pill to swallow.
So, what do you really enjoy in life. Is it a hobby or a passion? Whatever it is you love doing is a huge hint! Have you ever thought of turning that hobby into a dream job that you'll look forward to every day? You could turn your hobby into a real, exciting, successful job with a little determination and some close attention.
That's right – it's all about focus. Decide what it is you'd rather be doing, and then find out all you can about how you need to get there. Do your homework on whether you need credentials or qualifications to turn your hobby into employment. Find out the steps you need to make that will bring you to where you want to be and lay down a plan.
Remember, you're not going to get anywhere over night. Miracles don't happen and hard work, effort, and the right choices to move you forward will have amazing results.
If you need training, part time courses or night school can let you keep your day job and work towards a new career in your spare time. Hey, you might even find them in your current workplace, so you can get them for free
Volunteer. Network. Apprentice under someone who excels at what you want to do. Offering free services in exchange for the learning experience can be a great way to break into a new industry or career.
Talk to everyone you know about your plans; the more contacts and support you have, the more it will help you stay focused on your goals and provide opportunities.
Don't give up. Making life changes takes time and isn't always easy. You may face some stumbling blocks along the way to a dream job. If you remember your goals and you've taken the time to lay down your steps and plans, you'll be better prepared to find a way around the obstacle.
Obstacles are valuable opportunities for lessons in achieving what you want. Be prepared to face them and accept the challenge of resolving them. You'll also gain plenty of wisdom and experience while you work towards securing your dream job and a life of happiness and satisfaction.
If you truly believe you can, with no 'glass ceilings' to hold you back you'll release potential and show the world what you can do.
YOU are the ONLY person in charge of your life.
So, go on, take that risk, believe in your own talents and abilities to make good things happen. With the right focus attitude and belief, you are already half-way there!
Want to Work From Home?
The concept of working from home is becoming immensely popular today. A lot of men and women prefer to work in the comforts of their own home rather than joining an office on a full time basis.
The opportunities are large and very promising -
SOHO - Small Office Home Office
If you are enterprising, resourceful and business minded, you can always setup your own small office right at home. The SOHO concept has caught the attention of many individuals who have started working from their home office with very little investment. Depending on your line of business, you can hire and work with a small staff of people, each of whom are proficient in their own field.
Work for Others
If you are looking for lucrative job opportunities that can be pursued from home, here are a few options that you can look into -
Data Entry & Typing Jobs - good typing speed - error free typing.
Market Research exercises including Telemarketing - good communication skills, a pleasant voice and an ability to carry out a goal driven conversation.
Customer Care
Translation Work - excellent command over written and spoken English as well as other languages. An ability to translate and reproduce content while maintaining relevance and focus.
Web Design - Knowledge of designing softwares
Online Writing - An ability to put thoughts, facts and concepts into words keeping in mind the specific target audience.
There are many option available for individuals who want to work from home.
Remember to -
Always look for genuine projects.
Stick to your terms and conditions.
Look for transparency.
Multiple Offers – So What’s Your Problem?
In a tight job market, multiple offers sounds too good to be true. So what's the problem? Choose the one that pays the most and move on, right? Wrong. If you don't take time to evaluate the offers, you could find yourself searching for a job again in no time.
Assess Your Wants and Needs
First thing that you will need to do is to evaluate your needs and which of these offers fits your situation the best. It may be time well spent to plan out a strategy to evaluate the offers.
Exercise
Put together a spreadsheet with the company names across the top. Down the left side of the page list your values and needs. Under each company's name assign a score from one to 10 for each of the following as appropriate for you:
1. Security: Have you been laid off? Are you looking for a home with a solid company?
2. Balance: If you have a family or outside life, you may not be interested in working 60 hours a week. Rank the importance of job and your personal situation.
3. Job Satisfaction: You probably want to feel your work means something in the bigger picture, that you are contributing and making a difference.
4. Location: This goes hand-in-hand with balance. If you have to spend three to four hours a day commuting, it will mean time spent away from your interests or family. Telecommuting a couple of days a week may be a possibility.
5. Salary and Benefits: These are certainly important considerations but are they as important as some of the other values? You want to be paid what you are worth, but would you be willing to negotiate to get some of your other needs met?
After totaling the columns compare total scores. The totals may reveal that although one of the companies offers more money, the risks are higher and the time away from your “life” may not be worth the extra dollars. Your priorities will affect your decision. The decision will be about priorities and values – and where you are in your career and life.
There are always variables that cannot be predicted when accepting an offer, but using an analytical approach the decision can be more objective. Making a bad decision can result in your being miserable and feeling unfulfilled, but unable to leave because you have only been in the job for a few months. It's always best to evaluate any offer, but if there is more than one offer to choose from -- it is essential.
Why Some People Always Succeed At Work
Some people always seem to get faster promotions, make more money and generally stand out on the job, in any economy.
Why is that?
While there's no one thing that will guarantee career success for everyone, there are three things you can start doing today to make yourself more valuable -- to any employer, in any industry.
Here they are:
1. Add Value
"Adding value is the single most powerful personal attribute you can possess," says Les McKeown, President & CEO of success-at-work.com and author of numerous books on career achievement.
Did you ever hand a job or task to someone, knowing you would have to go back over it once they finished, to fix the inevitable errors and generally "mop up" after them?
"People who add value are just the opposite. You *know* when you give them a task that it will be completed on time, the way you want it, with no loose ends or unfinished parts," says McKeown.
However, really successful "value adders" see the completion of an allocated task as only the starting point.
Maybe it's by turning an event into a process. Example: not just clearing up a filing mess, but putting a filing system in place to avoid future backlogs.
"In whatever form it shows itself, naturally successful people consistently and appropriately add value -- all the time," says McKeown.
2. Become an Expert
A sure-fire way to increase your value on the job is to keep learning. This can be as complex as getting your MBA or as simple as reading a book every week.
Whatever you do to increase your expertise, make sure your boss knows about it! Completing training, such as Microsoft's MCSE certification, can make it more likely that you'll be rewarded appropriately in your next
performance review.
Here's an example from the field of medicine.
I'm told the average doctor makes $160,000 per year. Not bad. But I know a liver specialist in Michigan who makes $500,000 and lives in a house the size of an airplane hanger. He's a recognized expert. And he's rewarded appropriately.
What subject can you become an expert in for your employer?
3. Be There Every Day
Can 80% of success really come just from showing up, to paraphrase Woody Allen?
In the minds of many, the answer is "yes!"
"I still remember my first promotion with a mixture of pride and amusement," says McKeown.
"I was a young kid back in Ireland, and I had a paper-route before school. I needed the money and never missed a morning."
"After 3 months, the owner pulled me aside and said: 'Les, I'm going on vacation for three weeks. I want you to be in charge. I'll give you an extra five shillings every week.'"
When McKeown asked his manager why he had been chosen over older, more-experienced newsboys, he got this reply: "Simple. You're always there. That means more to me than anything else. I wanted piece of mind on
vacation. I knew you'd be there every morning."
Are you THERE every day for your employer? If so, you may find your steady presence makes you more valuable than less-dependable co-workers.
By adding value, becoming an expert, and "being there" every day, you can make yourself indispensable to any employer. Which can lead to faster promotions, keys to the executive washroom -- whatever it is that defines
career success for you.
Best of luck to you
Answering Questions of Salary
You want a higher salary in your next job, right?
Yet, you're worried about discussing salary, right?
Kevin Donlin
If you're like most people, you answered, "yes" to both questions.
Let's face it, discussing salary is a touchy subject in any job interview-- what if you ask for too much or not enough?
Here's how you can navigate the salary question and position yourself to make more money, before and during the job interview.
First, when replying to classified ads that ask for salary requirements or a salary history, I advise you NOT to answer directly. Because, in my view, any answer will hurt your chances.
Remember that a typical classified ad can produce hundreds of resumes. And a fast way to make that pile smaller is to weed out applicants who are either too expensive (over-qualified) or too cheap (under-qualified).
So, in your cover letter, I would simply say: "My salary requirements are negotiable." This shows you've read the ad, but are choosing to dodge the issue. Most HR professionals and hiring managers I've talked to won't take offense. On the contrary, it gives them one LESS reason NOT to call you.
What about salary questions in the interview? These require advance planning.
You can say: "Well, I'd like to make as much as other employees with my qualifications." (Here you can repeat 2-3 of your most valuable skills or achievements, just to remind them how qualified you are.) Then add: "And what is a typical salary for this position?"
Another strategy is to avoid a specific salary ... and name a pay range instead. Say: "I was thinking of a salary in the $25,000 to $35,000 range," (with $25,000 being the lowest amount you'd accept). That way, you can name
a higher figure, if they try to pin you down, yet still be able to retreat to a point that satisfies you.
Finally, information is power here. If you can back your salary request with a list of average salaries you've obtained from the Internet or from phone calls, you'll enjoy greater leverage in your negotiations.
6 Steps to a Job Search Action Plan
Has it been a while since you planned a job search? Or maybe it's your first time? At the outset, looking for a new job can seem like an enormous task. But if you break the job search down into simple steps, you'll be signing that employment offer in no time.
Use this helpful six-step framework to guide your job search action plan:
* Key Tips on Researching Companies before the Interviews Begin
* Surviving and Thriving in a Tough Job Market: Top Ten To-Dos to Be Your Best
* Surviving and Thriving in a Tough Job Market: Acing the Interviews
* Resume Makeovers: How to Stand out from the Crowd
* Get Results with Your Cover Letter
* "Decoding the Interview and Evaluation Process"
* "Ten Executives Discuss What They’re Looking for When They Interview Candidates"
* "What to Say When It’s Your Turn to Ask Questions in an Interview"
* "Seven Tips for Smarter Compensation Negotiation"
* "Keeping Up Your Job Search Momentum"
* Networking Channel
* The WetFeet Insider Guide to Negotiating Your Salary and Perks
RECOMMENDED RESOURCES
* BusinessWeek Online
* Fortune
* Working Mother
* Forb
The start of any good job search begins with a thorough self-assessment. Looking for a new job is a great opportunity to realign your goals-and it's up to you to articulate exactly what those goals are.
Start by asking yourself these questions and spend some time reflecting on the answers:
* What are my values? Deep down, what guides me as I make my decisions? Is it a need to make a difference or make big bucks, be the center of attention or help others?
* What are my priorities and objectives for the next few years? What about five years from now?
* What are my core strengths?
* What provides meaning in my life? What is my purpose?
* Where does work fit into my vision of life?
Preparation Vs. Performance
Preparation is the name of the game.
Your performance in any area of your life depends on how much preparation went into it. The high achievers are all those who have done all their homework and prepared well. You need to shine and polish up your act for it to run together smoothly and captivate your targeted audience. Here are 12 power steps to boost up your performance
*
Work on your strengths
*
Counter all objections
*
Answer all questions
*
Minimize all risks.
*
Accept all responsibility
*
Make it simple,
*
Make it easy.
*
Make it quick
*
Visualize all possible scenarios, and counter each one of them successfully.
*
Be your own first customer and review the service as a client to rate how well you do it and how you can improve it.
*
Keep editing, keep reviewing, keep polishing, keep correcting until it is flawless.
*
Get feedback from your clients and make improvements as needed.
These basic guidelines can serve you in almost any scenario. For instance if you are applying for jobs: Read Powerful Interview Tips For Your Dream Job
If you have a business, again how well you do depends on your preparation:
*
Prepare your product to perfection
*
Prepare your sales copy
*
Prepare your customer service
*
Get feedback from your customers
*
Do everything for customer satisfaction.
*
Go the extra mile.
How to Find Your Dream Career Articles
*
How to Find Your Dream Career
*
The High Way to Your Dream Career
*
From Dreams to Realization - 5 Steps to Your dream Career
*
So You Know What Your Dream Career is
*
Your First Step to your dream career
*
Taking the First Step
*
How do you know that your dream career is right for you?
*
Will You Succeed at your dream career
*
Moving Forward in Your Career of Choice
*
Personal Development For Career Change
*
Behavior Modification & Your Dream Career
*
The Power of Positive Expectations For Career Success
*
Unleash the Power of Attraction For Your Dream Job
*
Powerful Interview Tips For Your Dream Job
*
Overcome the Fear of Risk Taking for Career Success.
*
Setting Career Milestones
*
7 Tips For a Successful Career Search
*
Mid Life Career Change
*
7 Steps to your Dream Job
*
Resume Cover Letter, Resignation Letters & Interview Question Samples
*
Read More Career Inspiring Articles
Your performance is directly proportional to your preparation. Remember genius is 99% hard work and 1% inspiration. The more you prepare , the better you will perform.
Here is a piece of caution though: Don't just get bogged down in the minute of preparation... your primary goal is to get your career off the ground and make it successful in the shortest possible time. So set realistic time lines for each of your preparatory stages, and remember polishing, perfecting and growing is something that you keep on doing forever... By adjusting your sails as the wind blows. So Prepare. Practice. Rehearse. Get started. Get feedback. Adjust.
1) Negative comments about your current or past employers and co-workers.
No good can come from talking down your past employers. You run the risk of seeming like an employee that may be a "management problem."
2) Requests for special hours or equipment unless you have a handicap that necessitates special accommodations.
3) Avoid initiating salary discussions or making demands in the early interview stages.
Let the prospective employer initiate salary discussions. It is OK to give a range, or to ask what they feel the range is for the position. However, it can be a turnoff if you are the one to initiate the subject of salary.
4) Asking about vacation days, sick days or holidays.
This can be a turnoff because you may seem more interested in time off rather than the job itself. Would a hardworking, dedicated employee be more focused on days off or doing a good job?
5) Don't give a list of the things you won't do.
Telling an interviewer that you don't answer phones, or file, or work overtime is another alarm. Make sure you apply for positions that are appropriate for you, and understand that there will always be tasks that are not enjoyable.
6) Asking, "What is it your company does again?"
Take the time to know about the company before you interview.
7) "I don't know, I just saw your ad and I thought I'd give this a try."
Yes, candidates really say this. Always prepare yourself. If you don't know why you are there, or how this position fits in with your goals, maybe you should not be there.
"I don't have any negative points."
In an interview, you may be asked to list your negative qualities. Have at least one ready, and more importantly explain how you are working to improve it. Another angle is to explain how it is negative and also positive. For example, "Once I start a project I throw myself into it and sometimes neglect personal obligations. I have to keep myself in check to avoid burnout."
9) Avoid argumentative statements.
Remember you want to be liked and fit in. If you are hired you will have plenty of time to learn their business and make suggestions. The interview is not the time to argue and force your opinions.
10) No whining or complaining.
Leave your personal problems at home. Present yourself as a strong, capable person that can overcome setbacks and challenges.
How to Find Your Dream Career
If You find the work you love...
When I was a little kid, I had a crazy dream of traveling to the Moon, because I found this golden glowing orb in the night sky so alluring. This childish dream materialized in a hard grueling career as an Electrical Engineer.
Fifteen long years later, my changing circumstances and the instinct for survival turned me into a 'Do-it-all' office administrator. Another three long and hard years passed before I knew I could not take it any longer. Another career change was in order...
My secret innermost longings of becoming a writer beckoned very strongly. And that's what I am today with another crazy dream of turning out a best seller some day...
Do You even Know What Your Dream Career is?
Here is a 7 Step Exercise to Help You Find Your True Career Path...
Take a notepad and pen, sit in a quiet peaceful and inspiring spot and pour out your no-holds-barred answers to the following questions...
1. Can You imagine a day at your Dream career? Describe it.
2. Do You know how much you earn at Your Dream Job?
3. Do You know where your office is located for Your dream Career? Describe the decor and set up of your work space.
4. Do You know how much time you devote to your dream work? Write about the hours you work, the time you spend and the commute time, and how do you get to your dream work place?
5. Do You know what industry you would like to work in or service you would love to provide? Who benefits from your service or product? What do they love about it most?
6. Can you see yourself interacting with your co-workers / family in your dream career? How does your family respond to it?
7. Imagine you have just met your long lost friend, and you are excitedly telling him/her about your career. What would you say? Write it down.
TARGET EVERYTHING
Everything that is a part of the job search process is used to target the right job for you.
How do you target your career path? First, read this article titled, "Career Philosophy". It helps explain the importance of choosing a career that fits with your values and goals. Knowing who you are and what means the most to you is a true benefit when determining what career to choose. Next, read: Career Planning Choices. It will provide you with a clear understanding of what you are looking for in an employer. A variety of questions will help you clarify the importance of certain ideas and concepts and how they relate to your happiness on the job. Employers are not created equal after all.
Applying this kind of valuable information to your situation can make a huge difference in how you approach the future – YOUR future.
The reason that articles such as these offer such wonderful benefits is that they are based on YOU, YOUR NEEDS and YOUR GOALS. If you are going to be able to recognize which career path best suits your needs and goals, then you have to put some thought into it. The same holds true for selecting the best employer(s) to target with your resume.
5 Ingredients Of The Perfect Job
There are as many concepts and definitions of what should a perfect job look like as there are adult men and women. For some, it could well be the one which takes little or no commuting while many would rate a high paying job a perfect one. There is also a good deal of majority that rates less of bossism as uppermost when it comes to choosing a perfect job? Well, the big question on hand is whether your current job is a perfect one or not.
Defining the Basics of a Perfect Job
An ideal job has many attributes. But practically speaking, an ideal job never exists at all. So how do we define a perfect job?
A perfect job is one in which you excel, have the aptitude for and that you are very much comfortable with. Here are few more key points that define a perfect job:
1. Growth opportunity:
Jobs that provide great growth opportunity, regardless of whether you joined at a lower or middle level, stands out as the top characteristic of a perfect job. Most employers offer a structured career growth plan, as in the case of government jobs, while some others provide out-of-turn growth opportunity as a reward for performance. Small, up-and-coming companies, unlike large, lean & mean corporations will not have too many organizational ranks. So you have fewer rungs to climb up to the top.
2. Adequate Salary:
This could well have made it to the top of the list. Your salary package may include a car, insurance, or paid vacations. Before you accept the offer, you should compare salaries across the industry for your career level.
3. A Great Boss:
Many people would like to believe that it is the boss who makes your job hell. Whether there is truth in this or not, the fact of the matter is that a great boss can also make your career flourish. Just as companies like to say that good help is hard to find, it is equally as hard to find a good boss!
4. Job Duties:
Your responsibilities, along with your working environment, are what hold the key to your success. Even any additional responsibilities offered, as you move up the ladder, can be enjoyable if it doesn’t push you into doing grunt work. You must understand that in every job, you will have to do at least some pencil pushing. But those should not become your primary duties.
5. The Working Environment:
A perfect job will provide a motivating environment in which to work. Everything about such an environment is conducive to working comfortably and will help you to perform at your peak. De-motivating environments may be caused by any number of reasons. But before you begin to complain, look inwards first. Certain things can be corrected by you, too.
Fear of Interviewing
Your heart is beating faster than usual, your hands feel clammy, your mouth is so dry it feels like you have cotton inside – and your supposed to feel confident. Are you going to an interview or a torture session? The answer is – “it’s all in your perspective.”
Ideally you would sit poised thumbing through a magazine, feeling relaxed as you wait your turn to have a conversation with the interviewer for the company. Think about it - what do you have to lose here? What’s the worst thing that can happen? What if you don’t get this job - is the world going to stop turning? I realize of course, that bills must be paid, but you are taking the wrong approach if you are going to come across as desperate – “Please, please, hire me.” Interviewers smell fear.
A change in thinking
The first, and most important step is to change the way that you view the interview. This is not an appointment with the dentist who may inflict pain. It is a conversation with another person. What is the worst thing that can happen as a result of the interview? You won’t get the job, which may not have been the right job for you anyway.
Secondly, this is a conversation - a two-way process. You will be interviewing them as much as they are interviewing you. Is there a good fit here – both ways? What looks good on paper may not be what it appears – for either party. It will be part of your job during the interview to investigate whether this a good place for you, and whether you want to invest a significant part of your life here. When you are not checking them out and what they have to offer you are missing an opportunity that you may regret later.
Calming techniques
One of the best techniques to handle stress is through breathing. Take deliberate, shallow breaths. Take air in through the nostrils and exhale quietly through your mouth. This is a technique that should be practiced as a relaxation technique before the interview so that your body gets used to slowing down the breathing process and relaxing.
Relaxation techniques such as yoga, and meditation classes, are recommended for anyone who has an extreme case of “interview fright.” The interview can cause panic attacks if the fear is strong enough. Pre-conditioning will do wonders for this type of anxiety.
Preparation before the interview
These are competitive times and you should steel yourself to expect some rejection. Think about it this way, “Did you get a marriage proposal after every date?” Well, you probably aren’t going to get a job offer after every interview.
For every job you apply for there are more than likely three to four equally qualified candidates in line for the same job. Whether you stand out from “the crowd” will depend on your preparation and ability to show confidence in yourself – believing that you are the “best candidate for this job.” How can you possibly sell anyone anything if you don’t believe in it yourself?
Preparation will make you feel more confident and less anxious. Can you imagine giving a performance without some practice and preparation? “Winging” the interview in today’s market is a big mistake.
Fear of Rejection
You may have had a number of interviews with no offer. You may be feeling defeated, and it’s beginning to affect your-self esteem.
This would be true of anyone. But it is a mistake to take it personally. There are so many factors that could be affecting the offer that it is impossible to say what is happening. There may be internal candidates, relatives promised jobs, a competitor who is a perfect match for the job, a lack of chemistry between you and the new boss, a mismatch in salary needs, etc., etc.
Let it go
Give yourself credit for getting an interview – only a small percentage of people get this far in the process. Give yourself credit for going out there and putting yourself on the line, even though it is painful for you. Give yourself permission to not get job offers. Believe that an offer will come through when it is the right offer – the right fit for the company and for you. Take the control back and reject the feeling of fear.
When you have done everything to prepare for the interview, and you are satisfied that you can present yourself in the best light possible, the next step is for you to let it go. You can learn something from each interview. Learn to enjoy meeting new people and having new experiences. Who knows you may even grow to like interviewing.
Top 6 Tax Tips for Self-employed
1. Keep good records – save all your receipts and use some simple software to keep track of your credits and debits.
2. Get a good help- whether this is an accountant or somebody familiar with the subject.
3. Deduct child care costs and medical expenses.
4. Set up an RRSP – the allowance you contribute is tax free.
5. The RRSP allowance you can contribute is deductible form your income and can put you in a lower tax bracket.
6. If you have separate office or you are using part of your house as an office, deduct this percentage off your monthly payments.
10 WAYS TO BELIEVE IN YOURSELF
Throughout recorded history personal worth was often measured by an individual's willingness to take risks. Perhaps Englishman John Heywood best summed up risk taking when he wrote in 1546, "Not venture nought have."
However there is an inherent difference between reckless risk and calculated risk. An old American proverb counsels against rashness: "Swift risks are often attended by precipitate falls."
So in today's unpredictable job market, how can ensure that any risk you take is worth any potential gain? One of the best ways I know is to believe in yourself. Easier said then done, you say. Then, let my Top Ten List of Ways To Believe In Yourself be your guide:
1. Think of ways you can be your best.
2. Focus on your strengths not your weaknesses.
3. Remind yourself of who you are becoming.
4. Like Magellan, have faith in yourself and know it will happen.
5. Challenge yourself to be all you can be, more so than you've ever been.
6. Encourage yourself to keep going, keep building this new you.
7. Acknowledge your successes.
8. Be unconditionally constructive.
9. Allow yourself to achieve greatness.
10.Take a stand for the success you deserve.
As your belief in yourself expands, any problems and challenges you face will lose their sense of power
How to Find Work You'll Love
Stuck in a job you can't stand? Feeling burned out and bored?
With unemployment at persistently high levels, many people today are doing work they hate, simply to make ends meet.
That's a short-term choice that could cost you dearly in the long run, according to Henry Neils, President of Edina, Minn.-based Assessment.com, a career advisory firm (special link - http://www.gresumes.com/MAPP)
"Michael Jordan doesn't go to work in the morning, and neither do any really successful people. Instead, they get paid for work they love," says Neils.
Want to get paid to do what you love?
Here are three ways to do just that .
1. Discover what you are designed to do
Did you know that Babe Ruth started out as a pitcher? But he chose to stop pitching so he could focus on hitting. He took a lot of heat for this, because he was a good pitcher. Yet Babe stuck with his decision because he knew he was a GREAT hitter. Success followed.
What about you?
"If you want to go from 'good' to 'great,' know what your talents and motivations are, then use them as a foundation for growth," advises Neils.
To find out what motivates you, answer this question: if you won a million dollars in the lottery tomorrow and could quit working, what 3 things would you still do every day?
Would it be writing? Public speaking? Gardening? Teaching or healing others? Travel? Restoring classic cars?
"These are your strengths and they're yours for life. You can build on them, and they won't let you down," says Neils.
2. Do it
Once you discover what you love to do, make adjustments that let you do more of it. Some changes will be minor . and some radical.
"The idea is to spend more of your time using your strengths. That is where your performance and satisfaction both peak," advises Neils.
At this point, it's time to tell your boss. Include examples or stories to illustrate your true talents.
"Every piece of equipment in any company comes with an owner's manual, except the most important assets of all -- employees. So, by letting your boss know what makes you tick, he can put you in a position to get the best results for both the company and you. It's a win-win situation," says Neils.
3. Minimize everything else
You are designed to do something, but not everything. So don't try to do it all.
"A spoon is designed to help us eat and will last a lifetime in that role. But if you use a spoon to drive nails, it will wear out in about an hour," says Neils.
That means, to avoid burnout on the job, you should delegate or automate tasks you don't enjoy or do well.
But what if you're forced to do work that doesn't challenge or interest you?
"First, try to create a system to streamline what you're doing. For instance, a man with low talent for time management found that it helped to use a Palm Pilot. Or, simply partner with someone who has high talent in
the area you dislike," advises Neils.
Now. This does not give you the right to shrug off any workplace task that doesn't thrill you. We all have to do things we don't enjoy -- the trash won't walk itself to the curb, for example.
But you don't have to spend your best years in a job that chokes off your passion and stifles your creativity. You certainly can align your work with your talents.
The most successful people throughout human history have one thing in common: they saw work as play. That's how they were able to put in the long hours of practice and toil that took them to the top. From Michelangelo to Michael Jordan, from Caesar to Clinton, these workplace wonders did what they loved to do, what they were born to do.
You can, too.
If you know what you do well, do more of it, and minimize the rest, you could find yourself in that most enviable position of all, getting paid to do what you love.
skills neccessary for a career
From the 1950's to the late 1980's, the concept of lifetime employment was considered one's ideal career path, where seniority determined career success.
Beginning in the 1990's to the present, technological advances have sped up market cycles, where companies started to go out of business, reorganize, and re-emerge as new companies to meet new demands in a shorter period of time. In response, the labor market had to become more flexible, providing their talents where they were needed. Workers were thus rewarded based on performance rather than seniority.
The ability to develop proficiency in transferable workplace skills has replaced seniority as a measure of employability. They are necessary for career success at all levels of employment.
21st Century Employability
Employability refers to possessing a set of core skill groups that are transferable from job-to-job and from industry-to-industry. To address what these skills are, the U.S. Department of Labor established a Commission on Achieving Necessary Skills (SCANS) in 1990.
In their 1991 report, What Work Requires of Schools, the commission's primary objective is to help teachers understand how curriculum and instruction must change to enable students to develop the specific foundation skills and competencies necessary for employment.
In their 1999 report, Skills and Tasks for Jobs: A SCANS Report for America 2000, the commission's primary objective is to expand on proposing acceptable levels of these core foundation skills and competencies. You can access full text versions of these reports from the Resources section for this course.
SCANS Foundation Skills and Competencies
SCANS determined that workplace skills from job-to-job and industry-to-industry consist of a core group of foundation skills and competencies.
Foundation skills are basic academic and behavioral characteristics from which to build competencies. The three SCANS foundation skill categories were identified as Basic Literacy Skills, Thinking Skills, and Personal Qualities.
Competencies are a combination of skills, abilities, and knowledge needed to accomplish a specific task; they are more closely related to what people actually do at work. The five SCANS competencies were identified as Resources, Information, Interpersonal, Systems, and Technology.
SCANS foundation skills and competencies are being integrated into industry skill standards, educational learning standards, and hiring/evaluation procedures throughout the U.S.
What is missing is the integration of these skills and competencies into the job search, resume writing, and career development processes. A lot of what you read and do on this site will focus on how you focus on your core skills; this is the foundation for achieving resiliency in your career
6 Factors of Career Success
What do employers look for in potential employees? That was the question that was posted recently on a career discussion forum online. Naturally, for each different position, the particular answers to that question would be different. However, there are some common skills that employers look for in all employees, whether the employee happens to be a network engineer or a fry cook.
In-Demand Skills for Success
1. BASIC SKILLS ‚ Reading, writing and arithmetic! Believe it or not, a good portion of high school graduates (and some college grads) do not read at an 8th grade level and cannot do multiplication in their head. Employers are seeking employees who can read well, can write coherently, and who can calculate mathematics in a business environment (fractions, percentages, etc.) Add to that the modern basic skills of keyboarding skill, basic computer knowledge, and ability to use most computerized tools (e.g. fax machine, basic word processing program, etc.) to round out the basic skill sets needed for employment success.
2. PERSONAL SKILLS‚ Can a potential employee speak well? Can he/she answer questions of customers in a positive, informative manner? Can the prospect provide good customer service? While not everyone has an outgoing sales' personality, successful employees can communicate in a non-confrontational, positive manner with their coworkers, team members, subordinates, management, and customers. Being able to work well with others is a vital skill for success in all jobs.
3. JOB ATTAINMENT‚ Job search is a process that requires a great deal of dedication and attention to be conducted successfully. It follows the old principal that many veteran programmers refer to as GIGO ‚ Garbage In, Garbage Out. If you put lousy effort in, you will receive lousy results. Employers are seeking employees who know how to present themselves in a positive manner and who display enthusiasm and knowledge about the companies they approach. Not only do candidates get evaluated on their skills and experience, but also on how they are approaching the job search. Enthusiastic candidates with fewer skills have an even chance of getting the job as dull candidates with better skills.
4. JOB SURVIVAL‚ Now there's a hot topic in this period of layoffs. Who gets the ax and who doesn't is often a matter of numbers, but it is also often a matter of performance. Employees who have consistently demonstrated their worth, taken initiative, and made themselves a valuable asset to the company have lower incidences of being downsized than employees who put forth mediocre or average effort in their jobs. Surviving within a company through layoffs or moving up the career ladder is a success skill that is learned and is consciously cultivated among successful professionals.
5. PROFESSIONAL DEVELOPMENT‚ As all high tech and engineering pros know‚ it's learn or burn in today's work environment. Attaining new skills, applying new concepts, updating established skills is an absolute necessity to succeed in today's work force. The successful individual is constantly attending seminars, taking classes, attaining training on new products or releases, and otherwise learning new skills that will keep them marketable in their careers. Successful people are lifelong learners. Employers are looking for people who have the training necessary to fulfill their needs.
6. CAREER DEVELOPMENT‚ Career Development differs from Professional Development. Professional Development is learning while Career Development is a planning and goal setting process. Successful individuals design a career plan with written goals for short term and long term. They lay out the steps needed to move their careers from Point A to Point B within Time Frame C and plan how they are going to achieve those steps. Successful people have someone to whom they are accountable for their progress and who will monitor their success in achieving their goals. Employers are seeking individuals who (believe it or not) wish to commit to the company for a long period of time. Good career progression is a high selling point of candidates to prospective employers.
Career Planning for Professionals
Do you have a career plan? Do you know where you want to be 10 years from now? 5 years? 1 year?
The reason for making decisions today about where you want to be tomorrow is so that you have the ability to actually get there.
If you don't know exactly where you want to be, you will be wandering aimlessly from position to position hoping that somehow it will all work out. Unfortunately, that isn’t how it works.
Think of it this way:
If you want to visit a friend who has moved out of state, you have to map it out or get directions. If you just start taking one street because it looks like the right way or another street because it seems to be pointing in the right direction, you will never get to where you want to go.
The great news is that Career Planning isn't some mystical smoke and mirrors experience. It's not hard at all. Just give yourself a little time and ask yourself a few questions and you'll be on the right track. As you have more time in the months and years to come, revisit your Career Plan and determine if it still makes sense for you or if you need to tweak it.
Yes, this is another task you have to do yourself. You can ask friends, family members and others who know you well if they can provide clues as to what they believe are your strengths and abilities, but only YOU know where your passion lies.
You are the only one who can create your destiny. You choose.
Take the time NOW to set the course for your future.
If you take the time to set your career goals, you will be ahead of 90% of the rest of the people out there who don’t bother to plan ahead. You will be more successful than your peers in the same field because you know where you are going and how you intend to get there. You will make more money and you will be much happier. Why? Because you didn't wait for destiny to step in. You took control of your life and made things happen.
The fact that you are looking on this website proves that you are so far above your peers. You want more information. You want to:
Plan ahead.
Be successful.
Work hard.
Make good, sound decisions.
Live with integrity.
Below are some additional links to career planning articles which will provide you with more information on career planning. Absorb everything you can. If it doesn't benefit you right now, it will definitely make a difference down the road.
Find out how to network you way to your next job in this amazing article Networking Your Way to a Great Job. The information in this article will blow you away.
Taking Career Tests can help you determine which career paths are best suited for you. If you want to be successful, you need to enjoy what you do and you will enjoy it much more if you are working in a field that is right for you.
Assessing your Career Strengths is a very important part of the job search process. When you follow the concepts outlined here, you will have a huge advantage over your competitors.
Would you like to see the Employer's Perspective in the job search process? Understanding how an employer thinks can provide insight and shed light on what you need to do to be successful.
If you are considering a career change, you will have to revamp your resume among other things. Follow this link Changing Careers to find out how to make your career change more successful. Planning is essential.
One of the most valuable pieces of information you will ever need can be found here:Your Personal and Professional Traits Take a few moments to familiarize yourself with something that employers REALLY want you to know.
What Do You Want to Be When You Grow Up? This is an excellent start for those who are not quite sure where their interests lie. Learn some techniques for clarifying your interests and goals. This is the essence of Career Planning.
Do you have Goals, Objectives and Tasks defined for the next month, year, or 5 years? Find out how you can achieve your goals. Then, when you have read that article, you can utilize the Goal Setting Template to simplify the process even more. Take your career planning to the next level.
Make your Career Planning Choices point YOU down the road to SUCCESS.
Common Job Search Misconceptions
Contrary to what you may think as you mop the sweat from your brow while contemplating your upcoming interviews, the recruiter who'll be sitting across the table from you wasn't born in a pinstriped suit with the keys to a Beamer in one hand and a Palm Pilot in the other.
In fact, at one point she was probably in the same position that you're in right now as you begin your search: Sitting in a one-room apartment eating ramen noodles and wondering if she'd ever find a job. Thinking that interviewers are genetically superior beings is one of the misconceptions that many job seekers seem to have as they prepare themselves for the interviews that will pull them out of their MSG-saturated college days and into the lightning pace of the business world.
Quite a few misconceptions seem to be floating around out there; WetFeet would like to explode some of them and, we hope, ease your pain.
Misconception Number One: My Resume Is a Comedy Routine
A lot of job seekers try to add panache to their resume by making them unconventional. Take it from us: Your resume is not the best forum for your dry wit.
It might seem like a great idea at the time to paste macaroni to your resume or describe your work experience in iambic pentameter. You're trying to prove your creativity and individuality, as well as give the recruiter a little taste of who you are. Trust us when we tell you that this isn't the you the recruiter wants to know. The you the recruiter wants to know would not create and submit a document called "The Resume Rap" that tries to rhyme the phrases "job experience" and "I think you'll dig this."
Truth: The Recruiters' Point of View
Recruiters want resumes that let them know what you will bring to the company and how you'll be a good addition to the team. They want this information in a format that is easily comparable to other resumes, a format that won't give them a headache. Your job is to make the recruiter's job easier so that he or she will want to hire you. Your job is not to show off your origami skills by folding your resume into a swan.
Misconception Number Two: The Recruiter Is Out to Get Me
One of the most popular fallacies among inexperienced job hunters is that the recruiter is out to get them. The fresh-faced grads coming out of college and heading to their first real job interviews seem to have a mental picture of the recruiter as a mustache-twirling Snidely Whiplash (from the "Dudley Do-Right" segments of Rocky and Bullwinkle) whose only goal is to mystify, humiliate, befuddle, and ding prospective job seekers, or at least tie them to some train tracks somewhere.
Truth: Bad Recruiters Don't Last
In fact, the interviewer isn't going to be hiding behind the door with a baseball bat waiting to ambush you when you show up in your freshly pressed new suit. Recruiters who dismiss everyone they interview probably aren't going to be recruiting for very long. They're supposed to be separating the wheat from the chaff, not just whacking everything they see with their scythe.
This isn't to say that you shouldn't be on top of your game when you're sitting across the table from your interviewer. Even though it isn't a recruiter's job to Shaq everybody who tries to get to the hoop, they do have to make sure that you've got game. The recruiter's job is to put you through your paces, making sure that you have the proper skills, education, and attitude to make it in the business world.
Even if it seems like malice when he puts the pressure on, he's just doing it to make sure that you can take the heat once he signs you on. If you've got your game with you, don't sweat it; your antiperspirant will hold up just fine—so will you, kid.
Misconception Number Three: I'll Fit in Anywhere
Say it's your first day at your new job. You made it past the interviews and won a cubicle of your very own. You arrive at 8:58 a.m. with the required first-day-on-the-job gear: A picture of your significant other or your cat, a couple of knickknacks to ensure that your desk has character, and the W-2 forms from the guys in HR.
You lay out your bric-a-brac, check your breath by blowing into your hand, and start asking around if there's any free coffee in the office. Suddenly, everyone around you stands up and gives a three-count. At three, your coworkers break into an a cappella version of "Wannabe" by the Spice Girls. There is dancing and high kicks, and Larry from accounting flips the lights on and off to simulate a strobe. You look around for Allen Funt but realize to your horror that you're not on Candid Camera. Even though the guy over by the copy machine looks like he phoned in that split, for the most part your fellow employees are getting into it.
Truths: Do your Homework
If you'd done a little research on the company before you signed on, you would have found out that it's a subsidiary of Sporty Spice enterprises and that the dance routine is a mandatory morning icebreaking exercise. You'll be expected to participate in full tomorrow and for the rest of your life at the company.
http://Corporate Culture Is Top Priority
So, when you're sitting in front of your computer at three a.m. trying to get your resume to print after you spilled coffee on the keyboard, corporate culture might not rate high on your list of concerns. But once you get the job, it can become priority number one no matter how many times you tell yourself that you'll make do.
If you don't fit in with the culture of your company, it will affect your happiness, your ability to work, and possibly your long-term health. Find out a little about what you're getting into before you sign on. If you don't, you might regret it in the morning. Oh, and look—here comes Larry with a Scary Spice wig and a tube top for you!
A Dream Job Is Waiting For Everyone
You know your workplace is just not where you want to be, so what's next? Are you ready to start the race to your dream job? Hey, you know, it's not the most difficult thing to do.
Your work place is past its sell by date and you get no sense of valued from your boss – or the organization. Your colleagues are ready and waiting to do anything to beat you.
Life isn't about a routine of day in, day out in some job you didn't really want. It's awful to feel stuck, when you realize you've still got the rest of your working life to come.
Life is about living and feeling alive, so make some changes and realize your full potential! No one is forcing you to stay in a job you hate and no one is holding you back from your dreams – except yourself, that is.
And the fact, the honest truth that it's all down to you is often the bitterest pill to swallow.
So, what do you really enjoy in life. Is it a hobby or a passion? Whatever it is you love doing is a huge hint! Have you ever thought of turning that hobby into a dream job that you'll look forward to every day? You could turn your hobby into a real, exciting, successful job with a little determination and some close attention.
That's right – it's all about focus. Decide what it is you'd rather be doing, and then find out all you can about how you need to get there. Do your homework on whether you need credentials or qualifications to turn your hobby into employment. Find out the steps you need to make that will bring you to where you want to be and lay down a plan.
Remember, you're not going to get anywhere over night. Miracles don't happen and hard work, effort, and the right choices to move you forward will have amazing results.
If you need training, part time courses or night school can let you keep your day job and work towards a new career in your spare time. Hey, you might even find them in your current workplace, so you can get them for free
Volunteer. Network. Apprentice under someone who excels at what you want to do. Offering free services in exchange for the learning experience can be a great way to break into a new industry or career.
Talk to everyone you know about your plans; the more contacts and support you have, the more it will help you stay focused on your goals and provide opportunities.
Don't give up. Making life changes takes time and isn't always easy. You may face some stumbling blocks along the way to a dream job. If you remember your goals and you've taken the time to lay down your steps and plans, you'll be better prepared to find a way around the obstacle.
Obstacles are valuable opportunities for lessons in achieving what you want. Be prepared to face them and accept the challenge of resolving them. You'll also gain plenty of wisdom and experience while you work towards securing your dream job and a life of happiness and satisfaction.
If you truly believe you can, with no 'glass ceilings' to hold you back you'll release potential and show the world what you can do.
YOU are the ONLY person in charge of your life.
So, go on, take that risk, believe in your own talents and abilities to make good things happen. With the right focus attitude and belief, you are already half-way there!
Want to Work From Home?
The concept of working from home is becoming immensely popular today. A lot of men and women prefer to work in the comforts of their own home rather than joining an office on a full time basis.
The opportunities are large and very promising -
SOHO - Small Office Home Office
If you are enterprising, resourceful and business minded, you can always setup your own small office right at home. The SOHO concept has caught the attention of many individuals who have started working from their home office with very little investment. Depending on your line of business, you can hire and work with a small staff of people, each of whom are proficient in their own field.
Work for Others
If you are looking for lucrative job opportunities that can be pursued from home, here are a few options that you can look into -
Data Entry & Typing Jobs - good typing speed - error free typing.
Market Research exercises including Telemarketing - good communication skills, a pleasant voice and an ability to carry out a goal driven conversation.
Customer Care
Translation Work - excellent command over written and spoken English as well as other languages. An ability to translate and reproduce content while maintaining relevance and focus.
Web Design - Knowledge of designing softwares
Online Writing - An ability to put thoughts, facts and concepts into words keeping in mind the specific target audience.
There are many option available for individuals who want to work from home.
Remember to -
Always look for genuine projects.
Stick to your terms and conditions.
Look for transparency.
Multiple Offers – So What’s Your Problem?
In a tight job market, multiple offers sounds too good to be true. So what's the problem? Choose the one that pays the most and move on, right? Wrong. If you don't take time to evaluate the offers, you could find yourself searching for a job again in no time.
Assess Your Wants and Needs
First thing that you will need to do is to evaluate your needs and which of these offers fits your situation the best. It may be time well spent to plan out a strategy to evaluate the offers.
Exercise
Put together a spreadsheet with the company names across the top. Down the left side of the page list your values and needs. Under each company's name assign a score from one to 10 for each of the following as appropriate for you:
1. Security: Have you been laid off? Are you looking for a home with a solid company?
2. Balance: If you have a family or outside life, you may not be interested in working 60 hours a week. Rank the importance of job and your personal situation.
3. Job Satisfaction: You probably want to feel your work means something in the bigger picture, that you are contributing and making a difference.
4. Location: This goes hand-in-hand with balance. If you have to spend three to four hours a day commuting, it will mean time spent away from your interests or family. Telecommuting a couple of days a week may be a possibility.
5. Salary and Benefits: These are certainly important considerations but are they as important as some of the other values? You want to be paid what you are worth, but would you be willing to negotiate to get some of your other needs met?
After totaling the columns compare total scores. The totals may reveal that although one of the companies offers more money, the risks are higher and the time away from your “life” may not be worth the extra dollars. Your priorities will affect your decision. The decision will be about priorities and values – and where you are in your career and life.
There are always variables that cannot be predicted when accepting an offer, but using an analytical approach the decision can be more objective. Making a bad decision can result in your being miserable and feeling unfulfilled, but unable to leave because you have only been in the job for a few months. It's always best to evaluate any offer, but if there is more than one offer to choose from -- it is essential.
Why Some People Always Succeed At Work
Some people always seem to get faster promotions, make more money and generally stand out on the job, in any economy.
Why is that?
While there's no one thing that will guarantee career success for everyone, there are three things you can start doing today to make yourself more valuable -- to any employer, in any industry.
Here they are:
1. Add Value
"Adding value is the single most powerful personal attribute you can possess," says Les McKeown, President & CEO of success-at-work.com and author of numerous books on career achievement.
Did you ever hand a job or task to someone, knowing you would have to go back over it once they finished, to fix the inevitable errors and generally "mop up" after them?
"People who add value are just the opposite. You *know* when you give them a task that it will be completed on time, the way you want it, with no loose ends or unfinished parts," says McKeown.
However, really successful "value adders" see the completion of an allocated task as only the starting point.
Maybe it's by turning an event into a process. Example: not just clearing up a filing mess, but putting a filing system in place to avoid future backlogs.
"In whatever form it shows itself, naturally successful people consistently and appropriately add value -- all the time," says McKeown.
2. Become an Expert
A sure-fire way to increase your value on the job is to keep learning. This can be as complex as getting your MBA or as simple as reading a book every week.
Whatever you do to increase your expertise, make sure your boss knows about it! Completing training, such as Microsoft's MCSE certification, can make it more likely that you'll be rewarded appropriately in your next
performance review.
Here's an example from the field of medicine.
I'm told the average doctor makes $160,000 per year. Not bad. But I know a liver specialist in Michigan who makes $500,000 and lives in a house the size of an airplane hanger. He's a recognized expert. And he's rewarded appropriately.
What subject can you become an expert in for your employer?
3. Be There Every Day
Can 80% of success really come just from showing up, to paraphrase Woody Allen?
In the minds of many, the answer is "yes!"
"I still remember my first promotion with a mixture of pride and amusement," says McKeown.
"I was a young kid back in Ireland, and I had a paper-route before school. I needed the money and never missed a morning."
"After 3 months, the owner pulled me aside and said: 'Les, I'm going on vacation for three weeks. I want you to be in charge. I'll give you an extra five shillings every week.'"
When McKeown asked his manager why he had been chosen over older, more-experienced newsboys, he got this reply: "Simple. You're always there. That means more to me than anything else. I wanted piece of mind on
vacation. I knew you'd be there every morning."
Are you THERE every day for your employer? If so, you may find your steady presence makes you more valuable than less-dependable co-workers.
By adding value, becoming an expert, and "being there" every day, you can make yourself indispensable to any employer. Which can lead to faster promotions, keys to the executive washroom -- whatever it is that defines
career success for you.
Best of luck to you
Answering Questions of Salary
You want a higher salary in your next job, right?
Yet, you're worried about discussing salary, right?
Kevin Donlin
If you're like most people, you answered, "yes" to both questions.
Let's face it, discussing salary is a touchy subject in any job interview-- what if you ask for too much or not enough?
Here's how you can navigate the salary question and position yourself to make more money, before and during the job interview.
First, when replying to classified ads that ask for salary requirements or a salary history, I advise you NOT to answer directly. Because, in my view, any answer will hurt your chances.
Remember that a typical classified ad can produce hundreds of resumes. And a fast way to make that pile smaller is to weed out applicants who are either too expensive (over-qualified) or too cheap (under-qualified).
So, in your cover letter, I would simply say: "My salary requirements are negotiable." This shows you've read the ad, but are choosing to dodge the issue. Most HR professionals and hiring managers I've talked to won't take offense. On the contrary, it gives them one LESS reason NOT to call you.
What about salary questions in the interview? These require advance planning.
You can say: "Well, I'd like to make as much as other employees with my qualifications." (Here you can repeat 2-3 of your most valuable skills or achievements, just to remind them how qualified you are.) Then add: "And what is a typical salary for this position?"
Another strategy is to avoid a specific salary ... and name a pay range instead. Say: "I was thinking of a salary in the $25,000 to $35,000 range," (with $25,000 being the lowest amount you'd accept). That way, you can name
a higher figure, if they try to pin you down, yet still be able to retreat to a point that satisfies you.
Finally, information is power here. If you can back your salary request with a list of average salaries you've obtained from the Internet or from phone calls, you'll enjoy greater leverage in your negotiations.
6 Steps to a Job Search Action Plan
Has it been a while since you planned a job search? Or maybe it's your first time? At the outset, looking for a new job can seem like an enormous task. But if you break the job search down into simple steps, you'll be signing that employment offer in no time.
Use this helpful six-step framework to guide your job search action plan:
* Key Tips on Researching Companies before the Interviews Begin
* Surviving and Thriving in a Tough Job Market: Top Ten To-Dos to Be Your Best
* Surviving and Thriving in a Tough Job Market: Acing the Interviews
* Resume Makeovers: How to Stand out from the Crowd
* Get Results with Your Cover Letter
* "Decoding the Interview and Evaluation Process"
* "Ten Executives Discuss What They’re Looking for When They Interview Candidates"
* "What to Say When It’s Your Turn to Ask Questions in an Interview"
* "Seven Tips for Smarter Compensation Negotiation"
* "Keeping Up Your Job Search Momentum"
* Networking Channel
* The WetFeet Insider Guide to Negotiating Your Salary and Perks
RECOMMENDED RESOURCES
* BusinessWeek Online
* Fortune
* Working Mother
* Forb
The start of any good job search begins with a thorough self-assessment. Looking for a new job is a great opportunity to realign your goals-and it's up to you to articulate exactly what those goals are.
Start by asking yourself these questions and spend some time reflecting on the answers:
* What are my values? Deep down, what guides me as I make my decisions? Is it a need to make a difference or make big bucks, be the center of attention or help others?
* What are my priorities and objectives for the next few years? What about five years from now?
* What are my core strengths?
* What provides meaning in my life? What is my purpose?
* Where does work fit into my vision of life?
Preparation Vs. Performance
Preparation is the name of the game.
Your performance in any area of your life depends on how much preparation went into it. The high achievers are all those who have done all their homework and prepared well. You need to shine and polish up your act for it to run together smoothly and captivate your targeted audience. Here are 12 power steps to boost up your performance
*
Work on your strengths
*
Counter all objections
*
Answer all questions
*
Minimize all risks.
*
Accept all responsibility
*
Make it simple,
*
Make it easy.
*
Make it quick
*
Visualize all possible scenarios, and counter each one of them successfully.
*
Be your own first customer and review the service as a client to rate how well you do it and how you can improve it.
*
Keep editing, keep reviewing, keep polishing, keep correcting until it is flawless.
*
Get feedback from your clients and make improvements as needed.
These basic guidelines can serve you in almost any scenario. For instance if you are applying for jobs: Read Powerful Interview Tips For Your Dream Job
If you have a business, again how well you do depends on your preparation:
*
Prepare your product to perfection
*
Prepare your sales copy
*
Prepare your customer service
*
Get feedback from your customers
*
Do everything for customer satisfaction.
*
Go the extra mile.
How to Find Your Dream Career Articles
*
How to Find Your Dream Career
*
The High Way to Your Dream Career
*
From Dreams to Realization - 5 Steps to Your dream Career
*
So You Know What Your Dream Career is
*
Your First Step to your dream career
*
Taking the First Step
*
How do you know that your dream career is right for you?
*
Will You Succeed at your dream career
*
Moving Forward in Your Career of Choice
*
Personal Development For Career Change
*
Behavior Modification & Your Dream Career
*
The Power of Positive Expectations For Career Success
*
Unleash the Power of Attraction For Your Dream Job
*
Powerful Interview Tips For Your Dream Job
*
Overcome the Fear of Risk Taking for Career Success.
*
Setting Career Milestones
*
7 Tips For a Successful Career Search
*
Mid Life Career Change
*
7 Steps to your Dream Job
*
Resume Cover Letter, Resignation Letters & Interview Question Samples
*
Read More Career Inspiring Articles
Your performance is directly proportional to your preparation. Remember genius is 99% hard work and 1% inspiration. The more you prepare , the better you will perform.
Here is a piece of caution though: Don't just get bogged down in the minute of preparation... your primary goal is to get your career off the ground and make it successful in the shortest possible time. So set realistic time lines for each of your preparatory stages, and remember polishing, perfecting and growing is something that you keep on doing forever... By adjusting your sails as the wind blows. So Prepare. Practice. Rehearse. Get started. Get feedback. Adjust.
Subscribe to:
Posts (Atom)