Hi,
About 4 months ago, I remember reading in the Linux Kernel Hackers
guide that Linux does not support SOCK_RAW. I do not know how true it is
now.
Can someone enlighten me with a books or web site about raw sockets,
packet filtering ...etc. I know the normal client, server stuff.
Thanks,
Prasanna Subash
[EMAIL PROTECTED]
>Date: Tue, 19 Jan 1999 18:10:02 +0500 (KGT)
>From: CyberPsychotic <[EMAIL PROTECTED]>
>To: Linux C Programming List <[EMAIL PROTECTED]>
>Subject: Packet capturing...
>Message-ID: <[EMAIL PROTECTED]>
>MIME-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>Sender: [EMAIL PROTECTED]
>Precedence: bulk
>Reply-To: CyberPsychotic <[EMAIL PROTECTED]>
>
>Hello people,
> I am writing a sort of packet capturing piece, which is supposed to
>analyze various packets hitting my interface,(all IP packets:
>ICMP,UDP,TCP) and I got abit confused with one thing:
>
>first i tried to open raw socket like:
>rawfd=socket(PF_INET,SOCK_RAW,IPPROTO_RAW);
>or
>rawfd=socket(PF_INET,SOCK_RAW,IPPROTO_IP);
>(using later setsockopt IP_HDRINCL). to get them all.but nothing gets
>passed by kernel to my recvfrom. However when I specify the proto
>explictly, f.e.:
>IPPROTO_TCP, IPPROTO_UDP, things work just fine, but I am able to get
only
>single proto pieces per one sockfd.(running kernel 2.0.36) Any hints?
>
>thanks beforehands
>
>Fyodor
>--
>[EMAIL PROTECTED] http://www.kalug.lug.net
>
>
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
