![]() ![]() There are various packet sniffers available for Linux, like Wireshark. If we are interested in the contents or the structure of the headers of different network layers, we can access these with the help of a packet sniffer. We can go into the promiscuous mode with the help of ioctls. But if we want to receive all the packets, we have to switch into the promiscuous mode. For example, when we type in our browser, we receive packets sent from Google, and our machine extracts all the headers of the network layer and gives the data to our browser.īy default, a machine receives those packets that have the same destination address as that of the machine, and this mode is called the non-promiscuous mode. When we connect to the Internet, we receive network packets, and our machine extracts all network layer headers and sends data to a particular application. Figure 3: A generic representation of a network packet Figure 4: Network Packet for internet Protocol In Linux, we can see all protocols in the if_ether.h header file (see Figure 4). According to Ethernet protocols, there are various types of network packets like Internet Protocol packets, Xerox PUP packets, Ethernet Loopback packets, etc. The wrapped form of data, which contains all the information like the source and destination address, is called a network packet (see Figure 3). ![]() Before sending data, it is wrapped in various headers of the network layer. When an application sends data into the network, it is processed by various network layers. Figure 2: Graphical demonstration of how a raw socket works compared to other sockets Network packets and packet sniffers There is no need to provide the port and IP address to a raw socket, unlike in the case of stream and datagram sockets. A raw socket allows an application to directly access lower level protocols, which means a raw socket receives un-extracted packets (see Figure 2). The purpose of a raw socket is absolutely different. If applications running on the same machine or on different machines are communicating, then they are only exchanging data. This means that there is no information about the source IP address and MAC address. Other sockets like stream sockets and data gram sockets receive data from the transport layer that contains no headers but only the payload. Figure 1: Graphical demonstration of a raw socket A raw socket vs other sockets Stating it precisely, a raw socket bypasses the normal TCP/IP processing and sends the packets to the specific user application (see Figure 1). This means packets received at the Ethernet layer will directly pass to the raw socket. A raw socket is used to receive raw packets. If you have no knowledge of the Linux kernel, yet are interested in the contents of network packets, raw sockets are the answer. Hence, they synchronize their "view" of time by communicating numbers.In this tutorial, let us take a look at how raw sockets can be used to receive data packets and send those packets to specific user applications, bypassing the normal TCP/IP protocols. Then, the sender's view of time would be different from the receivers. Imagine if we didn't have a universal notion of time. So your friend asks you to resend the letter at position 3 (this is the idea behind the expected acknowledgement number).Īs mentioned in the article, it may be just that ('c', 3) is taking longer to arrive and so in that case, the sender sends a duplicate message, but duplicates are typically dropped by the receiver.Ī helpful way to think about these numbers is that they synchronize the data so both parties have the same "view" of it. It's missing 'c' because it expects a continuous increase of numbers and 3 is missing. Now, suppose the friend gets ('b', 2), but then ('d', 4). The numbers are used in case the packets/messages arrive out of order. Imagine you want to send the letters of the alphabet to a friend over the Internet. ![]()
0 Comments
Leave a Reply. |