3

I was writing a multithreaded ping program. I created rawsockets on each thread (for each IP) and sent ICMP Echo Request to each using sendto() and then I did recvfrom() in each thread. I am getting messages from IPs in various sockets(like if I had used socket S1 for sendto for IP1, I get echo-replies from IP1 to S1, S2 etc). Do I need to do a bind?

Also another problem is that even though I send only 1 ICMP request I get back many echo replies from target. Is there any way I can limit this? This is causing me to miss some of the other ICMP packets. Is there a way for my program to ask the target to stop sending ICMP echo's?

Thanks,

Gambit
  • 41
  • 3

1 Answers1

3

Raw sockets pick up all incoming packets; you will need to do your own filtering, or - better yet - only open one raw socket, and detect all of the incoming echo replies on a single thread.

Your duplicate packets may be because of the multiple raw sockets - you'll get one copy of each incoming packet per socket. Also note that in some cases internet packets can be duplicated (this is rare, however).

bdonlan
  • 224,562
  • 31
  • 268
  • 324
  • So whats the exact behaviour of ICMP? 1 response per request? – Gambit Aug 01 '11 at 20:43
  • @Gambit, normally, yes, although the response can be dropped or in vrey rare cases duplicated – bdonlan Aug 01 '11 at 20:46
  • Also how can I set a filtering on the socket? Is it that I have to read each and see if its the correct one? or is there any other better method? – Gambit Aug 01 '11 at 20:46
  • 1
    @Gambit For ICMP ping, you get 1 reply (or no reply at all). And note that if you ping the broadcast address on a LAN, you'll likely get a reply from all the hosts. If you open many raw sockets though, the OS will dubilcate the (reply) packets to each of them - as the OS doesn't know which socket needs them, it sends them to all. For filtering, you have to parse the reply IP and ICMP packet yourself and discard the ones you don't need, e.g. based on their source IP address. – nos Aug 01 '11 at 20:48
  • @Gambit, the only filtering supported by linux raw sockets is by IP protocol, and for ICMP, the ICMP message type. I don't know about windows. – bdonlan Aug 01 '11 at 20:49
  • so can i set a filter so that all packets coming from a particular IP arrive at a particular socket? if yes how? – Gambit Aug 01 '11 at 20:57
  • You can't. You have to filter in your application. – bdonlan Aug 01 '11 at 21:00
  • @nos .. Thanx for the reply. one question though .. lets say I am pinging sending pings to 'n' machines.. so will I be in risk of loosing packets maybe because of the buffer size ? If all packets are copied to all sockets and the sockets buffer is full, I might loose .. right? – Gambit Aug 01 '11 at 21:05
  • what happens if my socket buffer is full? Will I be loosing packets? – Gambit Aug 01 '11 at 21:06
  • Yes, you can lose packets if your socket buffer is full. So make sure to read off packets ASAP :) – bdonlan Aug 01 '11 at 21:21