Linux Network Programming--RAW socket programming

The original socket programming is almost the same as the previous UDP programming, which is simply to create a socket to receive data or send data through the socket. The difference is that the original socket can assemble its own packets (masquerading as local IP, local MAC) and can receive all the data frames (packets) on the native Nic. In addition, you must be under administrator privileges to use the original socket.

creation of the original socket:

int socket (int family, int type, int protocol);

Parameters :
Family: The protocol family writes here Pf_packet
Type: Socket class, written here Sock_raw
Protocol: Protocol category, specify the type of packet that can be received or sent, cannot write "0", take the following value, note that the parameter needs to be htons () for byte-order conversion.

Eth_p_ip:ipv4 Data Packets
Eth_p_arp:arp Data Packets
Eth_p_all: Packets of any protocol type

return value :
Success (>0): socket, here is the socket for the link layer
Failed (<0): Error

Examples are as follows:

1 //Required header File2#include <sys/socket.h>3#include <netinet/ether.h>4#include <stdio.h>//perror5 6 intMainintargcChar*argv[])7 {8     intSOCK_RAW_FD =sockets (Pf_packet, Sock_raw, htons (Eth_p_all));9 Ten     if(Sock_raw_fd <0){ OnePerror ("Socket"); A         return-1; -     } -      the     return 0; -}

Get the packet for the link layer:

ssize_t recvfrom (int sockfd,
void *buf,
size_t Nbytes,
int flags,
struct SOCKADDR *from,
Socklen_t *addrlen);

Parameters :

SOCKFD: Raw sockets
BUF: Receiving data buffers
Nbytes: The size of the receive data buffer

Flags: Socket flag (usually 0)

From: No use here, write NULL

Addrlen: No use here, write NULL

return value :
Success: Number of characters received
Failed:-1

Examples are as follows:

1#include <stdio.h>2#include <netinet/inch.h>3#include <sys/socket.h>4#include <netinet/ether.h>5 6 intMainintargcChar*argv[])7 {8UnsignedCharbuf[1024x768] = {0};9     intSOCK_RAW_FD =sockets (Pf_packet, Sock_raw, htons (Eth_p_all));Ten  One     //get the packet for the link layer A     intLen = Recvfrom (sock_raw_fd, buf,sizeof(BUF),0, NULL, NULL); -printf"len =%d\n", Len); -  the     return 0; -}

Promiscuous mode

By default, we receive the data and the destination address is the local address before it is received. Sometimes we want to receive all the traffic that passes through the NIC, regardless of whether the destination address is it or not, we need to set the NIC to promiscuous mode .

The promiscuous mode of NIC is usually used when network administrator analyzes network data as a means of network fault diagnosis, and this mode is also used by network hacker as the entrance of network data eavesdropping. Administrator privileges are required to set up the NIC promiscuous mode in the Linux operating system. In both the Windows operating system and the Linux operating system, there are grab kits using promiscuous mode, such as the famous open source software Wireshark.

Set up promiscuous mode for Linux network card via command (requires Administrator privileges)

Set Promiscuous mode:ifconfig eth0 Promisc

Remove Promiscuous mode:ifconfig eth0-promisc

To set up promiscuous mode for a Linux network card via code

The code is as follows:

1 structIfreq Ethreq;//Network Interface Address2     3strncpy (Ethreq.ifr_name,"eth0", Ifnamsiz);//Specify the NIC name4 if(-1= = IOCTL (SOCK_RAW_FD, Siocgifindex, &ethreq))//Get Network interface5 {6Perror ("IOCTL");7 Close (SOCK_RAW_FD);8Exit (-1);9 }Ten  OneEthreq.ifr_flags |=Iff_promisc; A if(-1= = IOCTL (SOCK_RAW_FD, Siocsifindex, &ethreq))//NIC settings promiscuous mode - { -Perror ("IOCTL"); the Close (SOCK_RAW_FD); -Exit (-1); -}

To send a custom packet:

ssize_t sendto (int sockfd,
const void *BUF,
size_t Nbytes,int Flags,
const struct SOCKADDR *to,
Socklen_t Addrlen);

Parameters :

SOCKFD: Raw sockets
BUF: Send Data buffer
Nbytes: The size of the Send data buffer

Flags: typically 0
To: the local network interface, refers to the sent data should be from the local network card to go out, not the previous destination address
Addrlen:to the length of the content pointed to

return value :
Success: number of characters to send data
Failed:-1

Definition of the native network interface

Send the complete code as follows:

1 structSockaddr_ll SLL;//Original socket address structure2 structIfreq Ethreq;//Network Interface Address3 4strncpy (Ethreq.ifr_name,"eth0", Ifnamsiz);//Specify the NIC name5 if(-1= = IOCTL (SOCK_RAW_FD, Siocgifindex,ðreq))//Get Network interface6 {7Perror ("IOCTL");8 Close (SOCK_RAW_FD);9Exit (-1);Ten } One  A /*Assigning a network interface to the original socket address structure*/ -Bzero (&SLL,sizeof(SLL)); -Sll.sll_ifindex =Ethreq.ifr_ifindex; the  - //Send Data - //send_msg, Msg_len, there's no definition here, mock it. - intLen = SendTo (sock_raw_fd, send_msg, Msg_len,0, (structSOCKADDR *) &SLL,sizeof(SLL)); + if(len = =-1) - { +Perror ("SendTo"); A}

Here the header files are as follows:

1 #include <net/if.h>//  struct ifreq2//  IOCTL, Siocgifaddr3//  socket4//  eth_p_all5 // struct SOCKADDR_LL

Transferred from: http://blog.csdn.net/tennysonsky/article/details/44676377

Linux Network Programming--RAW socket programming