P. 1
Raw Sockets

Raw Sockets

|Views: 372|Likes:
Published by manjunathbhatt
Raw sockets
Raw sockets

More info:

Published by: manjunathbhatt on Mar 13, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Raw Sockets

Why raw sockets?
Till now we only receive frames destined to us (Unicast), everyone (Broadcast), and to a group that we have subscribe to (Multicast). We are only to receive only data because all the Headers i.e. Ethernet, IP, TCP etc are stripped by the network stack. We can't modify or create a header for a packet when we send the packet. Raw Socket is the answer to the above short comes. With raw sockets we can get all the headers i.e. Ethernet, TCP, IP etc from the network and we can also inject packets with custom headers and data into the network directly

Promiscuous Mode
We tells the network driver to accept all packets irrespective of whom the packets are addressed to i.e. “See All, Hear All” Wizard mode E.g. Used for Network Monitoring Interface can be set to promiscuous mode • • Programmatically by setting the IFF_PROMISC flag or Using the ifconfig utility i.e. ifconfig eth0 promisc

With Raw Sockets we can bypass the network stack.

Raw Socket Creation
The socket function creates a raw socket when the first argument is AF_INET/PF_INET, the second argument is SOCK_RAW. The third argument (the protocol) is normally nonzero. socket(PF_INET, SOCK_RAW, int protocol); In this case A raw socket receives or sends the raw datagram not including link level headers. (or) The socket function can also create a raw socket when the first argument is AF_PACKET/PF_PACKET, the second argument is SOCK_RAW. The third argument is the protocol. socket(PF_PACKET, SOCK_RAW, int protocol)

protocol is ETH_P_IP for IP networks. It is mostly used as a filter. To receive all types of packets ETH_P_IP is used. In this case A raw socket receives or sends packet at layer 2 of the OSI i.e. Device driver

The Ethernet Header
Defined in linux/if_ether.h

Pictorial view

Data structure view struct ethhdr { unsigned char h_dest[ETH_ALEN]; /* destination eth addr */ unsigned char h_source[ETH_ALEN]; /* source ether addr */ unsigned short h_proto; /* packet type ID field */ }

The IP Header
Defined in linux/ip.h Pictorial View

Data Structure View struct iphdr { #if defined(__LITTLE_ENDIAN_BITFIELD) __u8 ihl:4, version:4; #elif defined (__BIG_ENDIAN_BITFIELD) __u8 version:4, ihl:4; #else #error "Please fix <asm/byteorder.h>" #endif __u8 tos; __u16 tot_len; __u16 id; __u16 frag_off; __u8 ttl; __u8 protocol; __u16 check; __u32 saddr; __u32 daddr;

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->