Date: Wed, 09 Jul 2003 12:45:14 +0300 From: Alin-Adrian Anton <aanton@reversedhell.net> To: Kip Macy <kmacy@netapp.com> Cc: freebsd-hackers@freebsd.org Subject: Re: tcp raw socket programming recvfrom() Message-ID: <3F0BE42A.50407@reversedhell.net> In-Reply-To: <Pine.GSO.4.10.10307101416000.12648-100000@cranford-fe.eng.netapp.com> References: <Pine.GSO.4.10.10307101416000.12648-100000@cranford-fe.eng.netapp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kip Macy wrote: >Usually if your looking at raw packets you want to use BPF. > > -Kip > >On Wed, 9 Jul 2003, Alin-Adrian Anton wrote: > > > >>Hey folks, >> >>I wrote my piece of code to play with, and it uses raw sockets to send >>TCP packets. It sends packets okay, everything tested with a sniffer, >>everything is really really fine, but it seems I cannot recvfrom >>anything. I mean, it just keeps waiting and doesn't see the reply the >>server is actually sending (can be seen with a sniffer). I read that the >>freebsd kernel does not duplicate any incoming TCP/UDP packets to any of >>the opened raw sockets. Is that true? So the only solution is to use the >>interface in promiscuous mode and sniff like a sniffer for the expected >>packet? Is there any other way? >> >>PS: ICMP gets received well with recvfrom (tested). >> >>On Linux, it does work for tcp/udp too with recvfrom. >> >> >>I was also wondering if anyone could help me understand why this >>behaviour in freebsd? (or *BSD) >> >>Thanks! >> >>Best Regards, >>Alin. >> >>_______________________________________________ >>freebsd-hackers@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >> >> >> > >_______________________________________________ >freebsd-hackers@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > > > Usually? What does usually mean? I know I can use bpf. But is there another way to look at incoming TCP packet ? What I did is I sent a TCP SYN packet and the server answers with a TCP SYN_ACK packet. How can I look at the SYN_ACK packet using raw sockets? Alin.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F0BE42A.50407>