TCP handshake with SOCK_RAW socket TCP handshake with SOCK_RAW socket linux linux

TCP handshake with SOCK_RAW socket


linux network-programming

You want to implement part of a TCP stack in userspace... this is ok, some other apps do this.

One problem you will come across is that the kernel will be sending out (generally negative, unhelpful) replies to incoming packets. This is going to screw up any communication you attempt to initiate.

One way to avoid this is to use an IP address and interface that the kernel does not have its own IP stack using- which is fine but you will need to deal with link-layer stuff (specifically, arp) yourself. That would require a socket lower than IPPROTO_IP, SOCK_RAW - you need a packet socket (I think).

It may also be possible to block the kernel's responses using an iptables rule- but I rather suspect that the rules will apply to your own packets as well somehow, unless you can manage to get them treated differently (perhaps applying a netfilter "mark" to your own packets?)

Read the man pages

socket(7)ip(7)packet(7)

Which explain about various options and ioctls which apply to types of sockets.

Of course you'll need a tool like Wireshark to inspect what's going on. You will need several machines to test this, I recommend using vmware (or similar) to reduce the amount of hardware required.

Sorry I can't recommend a specific tutorial.

Good luck.

linux network-programming

I realise that this is an old thread, but here's a tutorial that goes beyond the normal SYN flooders: http://www.enderunix.org/docs/en/rawipspoof/

Hope it might be of help to someone.

linux network-programming

I can't help you out on any tutorials.

But I can give you some advice on the tools that you could use to assist in debugging.

First off, as bmdhacks has suggested, get yourself a copy of wireshark (or tcpdump - but wireshark is easier to use). Capture a good handshake. Make sure that you save this.

Capture one of your handshakes that fails. Wireshark has quite good packet parsing and error checking, so if there's a straightforward error it will probably tell you.

Next, get yourself a copy of tcpreplay. This should also include a tool called "tcprewrite".tcprewrite will allow you to split your previously saved capture files into two - one for each side of the handshake.You can then use tcpreplay to play back one side of the handshake so you have a consistent set of packets to play with.

Then you use wireshark (again) to check your responses.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last