UNIX Socket FAQ

You are not logged in.

#1 2002-07-27 01:02 AM

HectorLasso
Administrator
From: Colombia
Registered: 2002-06-12
Posts: 352

Re: 6.5 - RAW sockets

6.5 - RAW sockets
From: Steve McDonald

How would a socket using the SOCK_RAW protocol be used, and what, if any, advantages would it have over SOCK_DGRAM or SOCK_STREAM protocols?

From: Stanislav Shalunov

There is a separate Raw IP Networking FAQ regularly posted to comp.unix.programmer. As any Usenet FAQ it can be downloaded from rtfm.mit.edu. In short: you can do interesting things with the network using raw sockets (e.g., write arbitrary data rather than properly formatted TCP data or UDP packets).

From: HariKumar B

I could go to the site ftp://rtfm.mit.edu/
but how can I get the particular location from which I can download the ino pertaining to RAW SOCKETS.
Some list is specified here.
Please make it more clear!

From: [v0rt]

To those who cant be bothered searching the ftp for the file location, its available here ftp://rtfm.mit.edu/pub/usenet-by-group/ … orking_FAQ

[v0rt]
v0rt@deadprotocol
http://security.dayrom.com.au

From: Bret Watson

Better still - the master site is at
http://www.whitefang.com/rin/

Cheers,

Bret Watson
http://www.ticm.com

From: khodadad nezhadkorki

hello every body !
what is the difference between udp,tcp and raw sockets ?
please send me your idea .
thank you

From: G®ïm Rëåpër

I'm looking for a script in c for creating a spoofed udp packet. It must allow me to specify the destination address as well as the destinatin port. it also must allow me to specify a source address and port. The last thing is that I must be able to send a message in plain text w/ it.
I know nothing about c so if you know where i can get a script, please let me know.

From: Nullzilla

C is *not* an scripting language.

From: rawkid

What else do I need to do other than what I already have done in this code?
I am doing this on vxWorks.

#define IPPROTO_TEST 88 
#define BUFSIZE 1500 
char buf[BUFSIZE]; 
char rcvbuf[BUFSIZE]; 
int s; 
int nSize; 

//On client end 
main(char *toName) 
{ 
  struct sockaddr_in toAddr; 
  int n; 

  nSize = sizeof( struct sockaddr_in); 
  s = socket(AF_INET, SOCK_RAW, IPPROTO_TEST); 

  //On client end 
  n = sendto(s, (caddr_t) &buf, sizeof(buf), 0, 
               (struct sockaddr *) &toAddr, nSize) 
  if (n < 0) 
  { 
     perror("sendto"); 
     return(n); 
  } 
} 

//On server end 
main() 
{ 
  struct sockaddr_in frAddr; 
  int n; 
  
  nSize = sizeof( struct sockaddr_in); 
  s = socket(AF_INET, SOCK_RAW, IPPROTO_TEST); 


  n = rcvfrom(s, rcvbuf, sizeof(rcvbuf), 0, 
              (struct sockaddr *) &frAddr, nSize); 
  if(n < 0) 
  { 
     perror("rcvfrom"); 
     return(n); 
  } 
}

From: Harshit Kumar

  Raw Sockets are used to send Packets of protocols like ICMP,IGMP, which of course are not TCP(SOCK STREAM) or UDP (DGRAM). With Raw sockets you can spoof IP addresses as u
can control Ip headers.

Just to add to it.... For the first time Microsoft in its
windows XP implements raw sockets and confirms to Berkeley socket implementation.

From: Mateusz

Where I can get some information about sending ip spoofed
data?
I would like to see examples.
What should I include into my program for using
spoofing connections over TCP/IP ?
How can I send packets with random ip address?

From: Drat911

Will all of you idiots shutup about creating spoofed source ips and sending them out? We all know all you want to do is little l33t ./attack proggies that will send data from spoofed ips.

From: Woy

@Drat911:

Creating spoofed packets not always is for doing harm. For example, we currently have to develop a sniff detection tool which, beside other things, works by sending out an ICMP echo request package with a spoofed destination MAC address (but correct dest IP), and if there comes a reply this sure as hell is a sign of the network card of the checked host is in promiscuous mode.

So before calling others idiots, come to think of it.

From: Dorin
Added on: 2002-05-28 01:06:52

To Woy.

If you are developing this type of software you surely know how to spoof IP packets, and will not ask this kind of questions. So people who ask how to do it most probably are just script kiddies. And if they are asking about it (though web has tons of information about it) they are really idiots, so I fully agree with Drat911.

From: Rob Seace
Added on: 2002-05-28 08:31:54

Oh, come on... What kind of insane attitude is that???? Such an attitude, carried to logical conclusion, would effectively label as criminal anyone displaying simple curiosity over anything that could be perceived as dangerous... How utterly ridiculous... And, saying they should already know how to do such a thing somehow seems equally foolish... How can one ever learn about anything, if everyone has the same attitude as you, and refuses to give out any info to anyone who doesn't know it already????

I really, really, REALLY despise all attempts to censor information because it is perceived as "dangerous" or "bad" somehow... It's thinking like that which leads directly to some very scary and repugnant things (fascism, book burning, Big Brother, thought crimes, etc.)... If you don't want to provide information, fine, then simply shut the hell up!! But, don't go preaching about how anyone seeking such info is obviously up to no good... Curiosity is not a crime, and it's morally reprehensible to try to label it as such...
</RANT>

(BTW, the above isn't directed at anyone in particular; I'm just blowing off steam, because I'm really sick of seeing replies like the above whenever anyone asks about anything like that...)

Now, for people who are interested in learning more about such perfectly reasonable topics as spoofing IP packets, I would suggest perusing the source of libraries such as libnet, or libdnet, or read up on it at any one of many sources of info to be found online... (That's ONE thing I'll agree with: people who are too lazy to use a search engine are extremely annoying... ;-))

Offline

Board footer

Powered by FluxBB