raw-sockets

When capturing network traffic for debugging, there seem to be two common approaches: Use a raw socket. Use libpcap. Performance-wise, is there much difference between these two approaches? libpcap seems a nice compatible way to listen to a real network connection or to replay some canned data, but does that feature set come with a performance hit? The answer is intended to explain more about the libpcap. libpcap uses the PF_PACKET to capture packets on an interface. Refer to the following link. https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt From the above link In Linux 2

I am trying to build an Ethernet network with raw sockets. I cannot use TCP/IP, UDP, or any other protocol. This is because it will be communicating with very simple hardware that won't have the resources to handle all the different protocol layers. My network will consist of 1 host computer communicating with several pieces of hardware through an Ethernet switch. At this point I basically just want to send simple packets to each piece of hardware and to establish a simple server I can expand on. My system is running Linux and the server needs to be written in C or C++. I have been trying to

I have a problem about the usage of this TPACKET_V2 . My problem is that after setting of this type of packet on socket, when I try to receive some packets I can't read the vlan id from the packet (of course from the header of the packet) the vlan_tci is ever 0. Now I'm using open suse sp1 and when I run my program on sless sp2 I 'm able to get the vlan id with the same program that doesn't work on sless sp1 but the weird thing is that tcpdump is able to get the vlan id (on this sless) and tcpdump set the TPACKET_V2 (so this means that TPACKET_2 is supported) My simple project is based on

I would like to realize a RAW socket in Python and then send data from the Client to the Server. Unlike a normal socket I've tried to use the following definition s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW) but commands as s.listen(1), s.connect() are not working. I have no clue how to program both the Client.py and the Server.py. Can someone help me? That's because a raw socket doesn't utelize the Ethernet/TCP/IP library at all. It's a RAW socket, you're in charge of whatever data you send. You're also in charge of connecting to your peer by sending the right SYN/ACK order.

For ICMP ping request (echo request) do I need to get the MAC address of the destination ? I am trying to learn how to implement this in C using raw sockets but can not understand how to get the MAC address of the destination. Any help is appreciated. Thanks. abligh [...] do I need to get the MAC address of the destination ? No you shouldn't, in most cases. From the man-page of raw(7) (my emphasis): Raw sockets allow new IPv4 protocols to be implemented in user space. A raw socket receives or sends the raw datagram not including link level headers . This is only logical, because you might be

I have a program that sends a set of TCP SYN packets to a host (using raw sockets) and uses libpcap (with a filter) to obtain the responses. I'm trying to implement this in an asynchronous I/O framework, but it seems that libpcap is missing some of the responses (namely the first packets of a series when it takes less than 100 microseconds between the TCP SYN and the response). The pcap handle is setup like this: pcap_t* pcap = pcap_open_live(NULL, -1, false, -1, errorBuffer); pcap_setnonblock(pcap, true, errorBuffer); Then I add a filter (contained on the filterExpression string): struct bpf