Date: Thu, 22 Mar 2018 03:29:37 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: "Ronald F. Guilmette" <rfg@tristatelogic.com>, FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: Raw Sockets: Two Questions Message-ID: <5AB2C0B1.3020709@grosbein.net> In-Reply-To: <4584.1521662628@segfault.tristatelogic.com> References: <4584.1521662628@segfault.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
22.03.2018 3:03, Ronald F. Guilmette wrote: >> Why should you concentrate on RAW sockets? > > Well, for reasons that are completely legitimate, and that I'll > explain in detail, if anyone is seriously interested, I'd like > to check each IPv4 address within a set of about 90 or so > modest sized CIDRs and find out which ones of those have a > certain TCP port accepting connections. > > It would be (and is) trivial, of course, to just simply write a > little program to perform an ordinary TCP connect, complete > with all three parts of the TCP handshake, and then have the > program do that, individually, for each IP in the specified > CIDRs, but my opinion/impression is that this could be quite > slow. > > Obviously, it would be rather faster to just send out the SYNs, > full throttle, one per IP, and then see what SYN-ACKs come back. It does not mean you need to stick with raw sockets API. libpcap can be used too, as I've shown in previous letter. In fact, I use that code for very similar task: I send out several thousands of PPPoE service discovery frames (PADI) at full throttle (one per vlan) and then wait for responses (PADO) to come back. No raw socket (ab)used in progress :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5AB2C0B1.3020709>