Typically, programmers connect to a socket (socket) that is two types of contact:
(1) streaming sockets (SOCK_STREAM): A connection-oriented socket for connection-oriented TCP service applications;
(2) Datagram Socket (SOCK_DGRAM): a non-connected socket that corresponds to a non-connected UDP service application.
From the user's point of view, Sock_stream, sock_dgram These two types of sockets do not seem to cover all the TCP/IP applications , because TCP/IP-based applications, from the level of the protocol stack, at the transport layer is really only possible to build on TCP or UDP protocol, and Sock_stream and Sock_dgram correspond to TCP and UDP respectively, so almost all applications can be implemented with these two types of sockets .
However, when we face the following problems, Sock_stream, Sock_dgram will appear helpless:
(1) How to send a custom IP packet?
(2) How do I send an ICMP protocol packet?
(3) How to analyze all the packets passing through the network, regardless of whether the package is sent to itself?
(4) How to disguise the local IP address?
This allows us to face another profound theme-the original socket (SOCK_RAW). The original socket is widely used in advanced network programming, and is also widely used as a hacker tool . The famous network sniffer (a kind of network analysis method based on passive listening principle), denial of service attack (DOS), IP spoofing, etc. can all be realized through the original socket.
The original socket (SOCK_RAW) can be used to assemble the packet itself, which can receive all the data frames (packets) on the local network card, and it is very useful for monitoring the traffic and analyzing the network data.
The original sockets are based on IP packet programming (Sock_packet is based on the data Link layer programming). In addition, you must be under administrator privileges to use the original socket.
The difference between the original socket (SOCK_RAW) and the standard sockets (Sock_stream, SOCK_DGRAM) is that the original socket is placed directly "rooted" in the operating system network core, while Sock_stream, Sock_dgram " Suspended "to the perimeter of the TCP and UDP protocols.
Streaming sockets can only send and receive TCP protocol data, datagram sockets can only send and receive UDP protocol data, the original socket can send and receive packets that are not processed by the kernel.
Transferred from: http://blog.csdn.net/tennysonsky/article/details/44655077
Linux Network Programming-what can raw sockets do?