Re: tcp raw socket programming recvfrom()
Toni Andjelkovic wrote: On Wed, Jul 09 2003 (12:45:14 +0300), Alin-Adrian Anton wrote: Usually? What does usually mean? I know I can use bpf. But is there another way to look at incoming TCP packet ? What I did is I sent a TCP SYN packet and the server answers with a TCP SYN_ACK packet. How can I look at the SYN_ACK packet using raw sockets? Try libpcap or tcpdump. Cheers, Toni Libcap uses /dev/bpf for *BSD, and RAW recvfrom for linux and others. My goal is to experience with the freebsd system, not only to receive that packet. I just want to understand why *BSD socket model, which is the original socket model, chose not to allow recvfrom with raw sockets, on TCP and UDP protocols. It allows it with ICMP and all others. I just want to understand why this choice. Linux didn't respect that, and in linux it is possible to recvfrom with raw socket, on TCP and UDP protocols too. In the end, I will just use the /dev/bpf to get the work done. I want to play with the system, and understand it, not with a portable lib :P . The goal is not to get things done, for that there is libcap. The goal is to explore src/sys details and IP stack. PS: ethereal is a great sniffer :-) Thanks :-). Alin. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: tcp raw socket programming recvfrom()
On Wed, Jul 09 2003 (12:45:14 +0300), Alin-Adrian Anton wrote: > Usually? What does usually mean? I know I can use bpf. But is there > another way to look at incoming TCP packet ? What I did is I sent a TCP > SYN packet and the server answers with a TCP SYN_ACK packet. How can I > look at the SYN_ACK packet using raw sockets? Try libpcap or tcpdump. Cheers, Toni ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: tcp raw socket programming recvfrom()
Kip Macy wrote: Usually if your looking at raw packets you want to use BPF. -Kip On Wed, 9 Jul 2003, Alin-Adrian Anton wrote: Hey folks, I wrote my piece of code to play with, and it uses raw sockets to send TCP packets. It sends packets okay, everything tested with a sniffer, everything is really really fine, but it seems I cannot recvfrom anything. I mean, it just keeps waiting and doesn't see the reply the server is actually sending (can be seen with a sniffer). I read that the freebsd kernel does not duplicate any incoming TCP/UDP packets to any of the opened raw sockets. Is that true? So the only solution is to use the interface in promiscuous mode and sniff like a sniffer for the expected packet? Is there any other way? PS: ICMP gets received well with recvfrom (tested). On Linux, it does work for tcp/udp too with recvfrom. I was also wondering if anyone could help me understand why this behaviour in freebsd? (or *BSD) Thanks! Best Regards, Alin. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]" Usually? What does usually mean? I know I can use bpf. But is there another way to look at incoming TCP packet ? What I did is I sent a TCP SYN packet and the server answers with a TCP SYN_ACK packet. How can I look at the SYN_ACK packet using raw sockets? Alin. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: tcp raw socket programming recvfrom()
Usually if your looking at raw packets you want to use BPF. -Kip On Wed, 9 Jul 2003, Alin-Adrian Anton wrote: > Hey folks, > > I wrote my piece of code to play with, and it uses raw sockets to send > TCP packets. It sends packets okay, everything tested with a sniffer, > everything is really really fine, but it seems I cannot recvfrom > anything. I mean, it just keeps waiting and doesn't see the reply the > server is actually sending (can be seen with a sniffer). I read that the > freebsd kernel does not duplicate any incoming TCP/UDP packets to any of > the opened raw sockets. Is that true? So the only solution is to use the > interface in promiscuous mode and sniff like a sniffer for the expected > packet? Is there any other way? > > PS: ICMP gets received well with recvfrom (tested). > > On Linux, it does work for tcp/udp too with recvfrom. > > > I was also wondering if anyone could help me understand why this > behaviour in freebsd? (or *BSD) > > Thanks! > > Best Regards, > Alin. > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
tcp raw socket programming recvfrom()
Hey folks, I wrote my piece of code to play with, and it uses raw sockets to send TCP packets. It sends packets okay, everything tested with a sniffer, everything is really really fine, but it seems I cannot recvfrom anything. I mean, it just keeps waiting and doesn't see the reply the server is actually sending (can be seen with a sniffer). I read that the freebsd kernel does not duplicate any incoming TCP/UDP packets to any of the opened raw sockets. Is that true? So the only solution is to use the interface in promiscuous mode and sniff like a sniffer for the expected packet? Is there any other way? PS: ICMP gets received well with recvfrom (tested). On Linux, it does work for tcp/udp too with recvfrom. I was also wondering if anyone could help me understand why this behaviour in freebsd? (or *BSD) Thanks! Best Regards, Alin. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
