Archived

This topic is now archived and is closed to further replies.

InfestedFurby

raw sockets

Recommended Posts

ok heres the thing... what is the best way (in windows or linux) to access the raw ip header on a packet i know u can create one with socket(AF_INET,SOCK_RAW,IPPROTO_RAW); or something like that but how would u go about sending the data? you cant really use sendto cause it wants a port in sockaddr and ip doesnt have a notion of ports im thinking of maybe doing the following... would this work? char packet[]="insert ip header and anything else in the packet here"; int sock=socket(AF_INET,SOCK_RAW,IPPROTO_RAW); send(sock,packet,sizeof(packet),0); for recv would u just do recv(sock, buff, MAX_LEN,0); and would that give you the raw packet that was sent? any help would be apreicated thanks

Share this post


Link to post
Share on other sites
Few people will actually know how to use raw sockets. However, you might try searching the net for IP spoofing and e.g. landzone / teardrop attacks. Those all involve raw sockets in a way, and you''re likely to find example code that way.

cu,
Prefect

Share this post


Link to post
Share on other sites
Teardrop?!

Don''t go bothering about for hacks, probably uses non-standard methods to cause network problems, which is something you want to avoid. Raw Sockets are a legitimate concept.

On Linux, I did a ''man -K "raw socket"'' and found the following man page:

''man 7 raw''

It''ll give you a quick run down on raw sockets.

Hit google if you need a tutorial beyond that.

For Microsoft, I did a search on www.msdn.microsoft.com with "raw sockets" and found the following in the online Windows Socket SDK:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winsock/wsanxref_8x02.asp

May I ask what''s the intent of using Raw Sockets? They have a bad rap on the internet as being a security issue. I''m not sure all versions of Windows suppor them (but XP does I believe). Also, if this is because you think you might save some network overhead by trimming the size of the header, you''ll end up making up for that bandwith with bigger packet sizes to handle the information needed to keep track of who sent what.

R.

Share this post


Link to post
Share on other sites
Heh. Teardrop & co. are doing non-standard things to cause trouble, that's true. On the other hand, they're doing non-standard things to the _packets_, not to the API, e.g. setting source IP == destination IP on ICMP pings, which causes older OSs to crash (probably because they were ping flooding themselves or something).

Raw sockets are present in all Unices and in Win2k and WinXP. As stated before, you can't save bandwidth using raw sockets, but you won't waste bandwidth either. Generally, you can do a lot of Bad Things if you're not careful with raw sockets. On the other hand, raw sockets are necessary for programs as simple as ping (ever wondered why the ping program is installed as SUID root on Unix?).

Yes, Windows had ping before Win2k. I assume they built in some quirky hacks in order to allow sending ICMPs from user space.

BTW, this is the source for a "simple ping" which I just found on Google:

http://opensource.lineo.com/cgi-bin/cvsweb/netkit-tiny/ping.c?rev=1.2&content-type=text/x-cvsweb-markup&sortby=file

cu,
Prefect

Edited by - Prefect on December 13, 2001 10:34:59 AM

Share this post


Link to post
Share on other sites
I''m having trouble finding people with good reasons for using raw sockets. I understand ping, traceroute etc... but I highly doubt you''d gain anything by using raw sockets for a game libary, and there''s certainly a lot of room to screw something up.

Share this post


Link to post
Share on other sites
much thanks to all who replied Rube and Prefect thanks for the info

btw im not trying to attack anything i just enjoy knowledge on anything computer related (i.e. how ping works)

thanks folks

p.s. no im not trying to write a game w/ raw sockets

Share this post


Link to post
Share on other sites
quote:
Original post by JonStelly
I''m having trouble finding people with good reasons for using raw sockets. I understand ping, traceroute etc... but I highly doubt you''d gain anything by using raw sockets for a game libary, and there''s certainly a lot of room to screw something up.


I was thinking about writing my own socket api (a Socket Template Library) that was, shall we say, less chaotic than winsock and more efficient than bsd sockets (I want to take advantage of asyncronous IO). I figured it''d be cleanest to start using a raw socket, and build functionality from there, there-by minimizing my dependency on the antiquated socket APIs. And learn how the IP protocol really works in the process.


ipTransport
|
+-icmpSocket
|
+-udpTransport
|
+-tcpTransport
| |
| +-ftpSocket
| |
| +-httpSocket
|
+-rtpTransport
|
+-mpegSocket

Implemented as a set of templates supporting binary streams (and text in the case of an ircSocket).

Magmai Kai Holmlor

"Oh, like you''ve never written buggy code" - Lee

"What I see is a system that _could do anything - but currently does nothing !" - Anonymous CEO

Share this post


Link to post
Share on other sites