Stack Overflow
Stack Overflow

Questions tagged [raw-sockets]

An internet socket that allows direct sending and receiving of raw network packets that contain all headers. They differ from protocols like TCP/IP or UDP.

Raw sockets differ from standard sockets where the payload is encapsulated according to the transport layer protocol (TCP, UDP, HTTP, ..). Raw sockets can be used to implement completely new transport-layer protocols or to send messages through some less common protocol like ICMP.

Most socket APIs, especially those based on Berkeley sockets, support raw sockets. Support under Windows XP is intentionally limited due security concerns.

490 questions
8
votes
2 answers

Sending a raw tcp packet with syn flag set just goes through the lo interface, not eth0 as I want

I would like to send a syn packet to my httpd server and get a responding syn-ack packet. But when I monitor with Wireshark, the packet is beeing sent by my local interface, lo and not eth0. I have tried to set some different values in setsockopt…
Rox
  • 2,647
  • 15
  • 50
  • 85
8
votes
5 answers

Python TCP stack implementation

Is there a python library which implements a standalone TCP stack? I can't use the usual python socket library because I'm receiving a stream of packets over a socket (they are being tunneled to me over this socket). When I receive a TCP SYN packet…
David Underhill
  • 15,896
  • 7
  • 53
  • 61
8
votes
2 answers

create SOCK_RAW socket just for sending data without any recvform()

If I create a socket whose type is SOCK_RAW only to send some data without receiving any data, is there any problem when kernel continue to receive network packets and copy its datagram to somebuffer (of application?). In other words, after the…
FaneadFan
  • 125
  • 1
  • 1
  • 7
8
votes
2 answers

Asynchronous libpcap: losing packets?

I have a program that sends a set of TCP SYN packets to a host (using raw sockets) and uses libpcap (with a filter) to obtain the responses. I'm trying to implement this in an asynchronous I/O framework, but it seems that libpcap is missing some of…
bruno nery
  • 2,022
  • 2
  • 20
  • 31
8
votes
2 answers

Why can't I send this IP packet?

I'm trying to send an IP packet using c#. destAddress = IPAddress.Parse("192.168.0.198"), destPort = 80; // Create a raw socket to send this packet rawSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw,…
TonyM
  • 708
  • 1
  • 8
  • 15
7
votes
3 answers

Filter packets in network stack while sniffing packets on Linux?

I have a question for the Low-level networking/Linux gurus, I have to build two tools for a security project at my university. The first tool is an ARP Poisonning attacker which will poison the ARP cache from a remote host in order to retrieve the…
Halim Qarroum
  • 13,985
  • 4
  • 46
  • 71
7
votes
4 answers

C Programming TCP Checksum

I have been having trouble doing the checksum for TCP for several days now. I have looked at many sources on the Internet but none of the examples that I have seen show you how to do the TCP checksum. I have also looked at the RFC document and still…
Hudson Worden
  • 2,263
  • 8
  • 30
  • 45
7
votes
1 answer

Read from a raw socket connected to a network interface using golang

I'm trying to read the link-layer packets received by my wifi-card using golang. The program I wrote compiles successfully and runs without any errors, but it seems to be stuck trying to read from the socket (syscall.Recvfrom(fd, data, 0 - At this…
ashishmax31
  • 151
  • 2
  • 12
7
votes
3 answers

TCP Connection Hijacking

I have a small project that I've been working on in C++, and due to the nature of what it does, I need to insert packets in to a live TCP stream. (The purpose is innocent enough, http://ee.forumify.com/viewtopic.php?id=3299 if you MUST know) I'm…
Kaslai
  • 2,445
  • 17
  • 17
7
votes
2 answers

How to find out encapsulated protocol inside IEEE802.11 Frame?

I'm developing a IEEE802.11 frame parser program using libpcap inside Linux with raw C. I can parse RadioTap and IEEE802.11 headers easily but I can't find out the protocol name which is encapsulated inside the IEEE802.11 MPDU. Unfortunatly there…
SuB
  • 2,250
  • 3
  • 22
  • 37
7
votes
1 answer

C `sendto` versus `write`

Correct me if I'm wrong, but my understanding of sending a raw packet inevitably is defined as buffering an array of bytes in an array, and writing it to a socket. However, most example code I've seen so far tend towards sendto, rarely is send used,…
motoku
  • 1,571
  • 1
  • 21
  • 49
7
votes
3 answers

Prevent kernel from processing TCP segments bound to a raw socket

According to http://linux.die.net/man/7/raw , raw_socket = socket(AF_INET, SOCK_RAW, int protocol); is the way to create a raw socket. I assume that raw-sockets are created on layer-3 and so protocol shouldn't be IPPROTO_TCP / IPPROTO_UDP but it…
Raj Kumar
  • 143
  • 2
  • 11
7
votes
1 answer

Connecting a Docker container to a network interface / device instead of an IP address

After careful research, testing, and fiddling, I've only been able to find away to connect a Docker container to a given interface by forwarding from an IP/port. This can be accomplished by adding -p Host-IP:Host-Port:Container-Port to a docker run…
tryexceptpass
  • 529
  • 5
  • 14
7
votes
1 answer

Why does not the server respond with syn-ack packets when I send syn-packets with raw sockets?

I am experimenting with raw sockets and I have just written a small program that sends TCP packets with the syn flag set. I can see the packets coming with Wireshark on the server side and they look good, but the server never responds with any…
Rox
  • 2,647
  • 15
  • 50
  • 85
7
votes
1 answer

How come ping doesn't need administrative privileges on Windows?

Possible Duplicate: Why does ping work without administrator privileges? From a MSDN article on TCP/IP Raw Sockets: ... It is important to understand that some sockets of type SOCK_RAW may receive many unexpected datagrams. For example, a PING…
user267885
1
2
3
32 33