tcp raw socket programming recvfrom()
Alin-Adrian Anton
aanton at reversedhell.net
Thu Jul 10 14:41:00 PDT 2003
Kip Macy wrote:
>Usually if your looking at raw packets you want to use BPF.
>
> -Kip
>
>On Wed, 9 Jul 2003, Alin-Adrian Anton wrote:
>
>
>
>>Hey folks,
>>
>>I wrote my piece of code to play with, and it uses raw sockets to send
>>TCP packets. It sends packets okay, everything tested with a sniffer,
>>everything is really really fine, but it seems I cannot recvfrom
>>anything. I mean, it just keeps waiting and doesn't see the reply the
>>server is actually sending (can be seen with a sniffer). I read that the
>>freebsd kernel does not duplicate any incoming TCP/UDP packets to any of
>>the opened raw sockets. Is that true? So the only solution is to use the
>>interface in promiscuous mode and sniff like a sniffer for the expected
>>packet? Is there any other way?
>>
>>PS: ICMP gets received well with recvfrom (tested).
>>
>>On Linux, it does work for tcp/udp too with recvfrom.
>>
>>
>>I was also wondering if anyone could help me understand why this
>>behaviour in freebsd? (or *BSD)
>>
>>Thanks!
>>
>>Best Regards,
>>Alin.
>>
>>_______________________________________________
>>freebsd-hackers at freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>>
>>
>>
>
>_______________________________________________
>freebsd-hackers at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
>
>
>
Usually? What does usually mean? I know I can use bpf. But is there
another way to look at incoming TCP packet ? What I did is I sent a TCP
SYN packet and the server answers with a TCP SYN_ACK packet. How can I
look at the SYN_ACK packet using raw sockets?
Alin.
More information about the freebsd-hackers
mailing list