From owner-freebsd-hackers@FreeBSD.ORG Thu Jul 10 14:40:59 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 786E637B401 for ; Thu, 10 Jul 2003 14:40:59 -0700 (PDT) Received: from mail.rdstm.ro (mail.rdstm.ro [193.231.233.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D85543FBF for ; Thu, 10 Jul 2003 14:40:58 -0700 (PDT) (envelope-from aanton@reversedhell.net) Received: from reversedhell.net (casa_auto [81.196.32.25]) by mail.rdstm.ro (8.12.9/8.12.1) with ESMTP id h6ALevjd031527; Fri, 11 Jul 2003 00:40:57 +0300 Message-ID: <3F0BE42A.50407@reversedhell.net> Date: Wed, 09 Jul 2003 12:45:14 +0300 From: Alin-Adrian Anton User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030606 X-Accept-Language: en-us, en, ro MIME-Version: 1.0 To: Kip Macy References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-hackers@freebsd.org Subject: Re: tcp raw socket programming recvfrom() X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2003 21:41:00 -0000 Kip Macy wrote: >Usually if your looking at raw packets you want to use BPF. > > -Kip > >On Wed, 9 Jul 2003, Alin-Adrian Anton wrote: > > > >>Hey folks, >> >>I wrote my piece of code to play with, and it uses raw sockets to send >>TCP packets. It sends packets okay, everything tested with a sniffer, >>everything is really really fine, but it seems I cannot recvfrom >>anything. I mean, it just keeps waiting and doesn't see the reply the >>server is actually sending (can be seen with a sniffer). I read that the >>freebsd kernel does not duplicate any incoming TCP/UDP packets to any of >>the opened raw sockets. Is that true? So the only solution is to use the >>interface in promiscuous mode and sniff like a sniffer for the expected >>packet? Is there any other way? >> >>PS: ICMP gets received well with recvfrom (tested). >> >>On Linux, it does work for tcp/udp too with recvfrom. >> >> >>I was also wondering if anyone could help me understand why this >>behaviour in freebsd? (or *BSD) >> >>Thanks! >> >>Best Regards, >>Alin. >> >>_______________________________________________ >>freebsd-hackers@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >> >> >> > >_______________________________________________ >freebsd-hackers@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > > > Usually? What does usually mean? I know I can use bpf. But is there another way to look at incoming TCP packet ? What I did is I sent a TCP SYN packet and the server answers with a TCP SYN_ACK packet. How can I look at the SYN_ACK packet using raw sockets? Alin.