Re: RAW Socket

Richard B. Johnson (root@chaos.analogic.com)
Sun, 19 Apr 1998 10:54:09 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Sean Farley: "Re: SCSI disk I/O error"
Previous message: Andrea Arcangeli: "Re: PPA end_scsi_request: buffer-list destroyed mesg."

On 19 Apr 1998, Andi Kleen wrote:

> "Richard B. Johnson" <root@chaos.analogic.com> writes:
>
> This is really off-topic. Please don't post general
> programming questions to linux-kernel.
>
> > I promised that I'd make some `trivial` code to send raw packets
> > to a X11 program that a friend is making to monitor a network.
> >
> > I reviewed a recent version of tcdump (that won't comple anymore with
> > the new glibc, BTW).
> >
> > I can't get any raw packets. Perhaps someone knows out of the top of
> > their head what I forgot to do....
> >
> > Basic stuff is:
> >
> > if((s = socket(AF_INET, SOCK_RAW, SOCK_RAW)) < 0)
> ^^^^^^^^^
> Change that to 0 or the specific protocol number you want.
> > ERRORS;
> > strcpy(ifr.ifr_name, device);
> > if(ioctl(s, SIOCGIFFLAGS, &ifr) < 0)
> > ERRORS;
> > ifr_orig = ifr;
> > ifr.ifr_flags |= IFF_PROMISC;
> > if(ioctl(s, SIOCSIFFLAGS, &ifr) < 0)
> > ERRORS;
> > (void)signal(SIGINT, quit);
> > i = 1;
> > if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, (char *)&i, sizeof(i)) < 0)
> > ERRORS;
> > i = BUF_LEN;
> > if(setsockopt(s, SOL_SOCKET, SO_RCVBUF, (char *)&i, sizeof(i)) < 0)
> > ERRORS;
> >
> > Problem: select() never shows any activity and recvfrom() will wait
> > forever. If I change the 3rd parameter of socket to 3, I get ICMP
> > packets. If I change it to 6, I get IP packets. I need to get all
> > packets.
>
> Raw sockets don't support promiscuous mode. Packets not addressed to your
> machine are dropped early in the ip layer. If you want to sniff the
> network you have to use AF_PACKET (or SOCK_PACKET on 2.0) and parse the
> ethernet header for yourself.
>

Well I want to get the whole thing. I want the raw packet, whether or
not it's called raw.

Nothing you advised works:

socket(AF_INET, SOCK_PACKET, 0) returns Protocol not supported.
socket(AF_INET, AF_PACKET, 0) returns Invalid argument
socket(AF_PACKET, SOCK_PACKET, 0) returns Invalid argument

Cheers,
Dick Johnson
***** FILE SYSTEM MODIFIED *****
Penguin : Linux version 2.1.92 on an i586 machine (66.15 BogoMips).
Warning : It's hard to remain at the trailing edge of technology.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Sean Farley: "Re: SCSI disk I/O error"
Previous message: Andrea Arcangeli: "Re: PPA end_scsi_request: buffer-list destroyed mesg."