unexpected sockets behaviour?

Shay Cohen (shay@chinet.com)
Fri, 24 Sep 1999 17:54:47 +0200 (IST)


Hello,

I hope this is suitable to this list.

The c code added was sent to me by someone. It is an attempt to
create a socket for tcp/ip connection or something alike. Please ignore
what it is tried to do there... The weird thing is that when specfying any
domain (in the scanf) the program doesn't succeed connecting (I tried
'localhost') and since it doesn't exit on error it starts looping and
trying to read from the socket created before.

The unexpected behaviour is that THERE is something to read on the
socket. Actually, it seems like whole of the tcp/ip traffic on the machine
is read in that loop (must be root for the SOCK_RAW creation)! Is that an
expected behaviour by the kernel? If so, could the SOCK_RAW be used for
writing a program that monitors the traffic on the current machine, and
how?

(the program was run on kernel 2.2.5)

Shay.

code attached:

--------------------------------
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <unistd.h>

#define BUFSIZE 10000

char buf[BUFSIZE];

main()
{
struct sockaddr_in sck_addr;

int sck; //the socket to use
int snz; //the integer for read()
int port=23;
int id;

char domain[40];

printf("Enter domain name: ");
scanf("%s", domain);
printf("Connecting to %s ...\n", domain);
fflush(stdout);

bzero(&sck_addr, sizeof sck_addr);
sck_addr.sin_family=AF_INET;
sck_addr.sin_addr.s_addr=inet_addr(domain);
sck_addr.sin_port=port;

if ((sck=socket(AF_INET,SOCK_RAW,IPPROTO_TCP))<0)
perror("\nI can't create the socket!\n");
else
printf("\nSocket Created %d.\n", sck);

if ((connect(sck,&sck_addr, sizeof sck_addr))<0)
perror("I can't connect to the server!");
else
printf("Connected %d!", sck);

while ((snz=read(sck,buf,BUFSIZE))>0)
write(1,buf,snz);
close(sck);
}
-------------------------

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/