Why raw sockets?
Till now we only receive frames destined to us (Unicast), everyone (Broadcast), and to a group thatwe have subscribe to (Multicast).We are only to receive only data because all the Headers i.e. Ethernet, IP, TCP etc are stripped bythe network stack.We can't modify or create a header for a packet when we send the packet.
is the answer to the above short comes.With raw sockets we can get all the headers i.e. Ethernet, TCP, IP etc from the network and we canalso inject packets with custom headers and data into the network directly
We tells the network driver to accept all packets irrespective of whom the packets are addressed toi.e. “See All, Hear All” Wizard modeE.g. Used for Network MonitoringInterface can be set to promiscuous mode
Programmatically by setting the IFF_PROMISC flag or
Using the ifconfig utility i.e. ifconfig eth0 promiscWith Raw Sockets we can bypass the network stack.
Raw Socket Creation
The socket function creates a raw socket when the first argument is AF_INET/PF_INET, the secondargument is SOCK_RAW. The third argument (the protocol) is normally nonzero.
socket(PF_INET, SOCK_RAW, int protocol);
In this case A raw socket receives or sends the raw datagram not including link level headers.(or)The socket function can also create a raw socket when the first argument isAF_PACKET/PF_PACKET, the second argument is SOCK_RAW. The third argument is the protocol.socket(PF_PACKET, SOCK_RAW, int protocol)protocol is ETH_P_IP for IP networks. It is mostly used as a filter. To receive all types of packetsETH_P_IP is used.In this case A raw socket receives or sends packet at layer 2 of the OSI i.e. Device driver
The Ethernet Header
Defined in linux/if_ether.h