Linux Network Programming: original socket programming and instance analysis (1)

Linux Network Programming: original socket programming and instance analysis (1)

I. What can the original socket do?

Generally, the programmer receives two types of sockets:

(1) stream Socket (SOCK_STREAM): a connection-oriented Socket for connection-oriented TCP Service applications;

(2) datagram Socket (SOCK_DGRAM): a connectionless Socket that corresponds to a connectionless UDP Service Application.

From the user's point of view, the sockets SOCK_STREAM and SOCK_DGRAM seem to cover all TCP/IP applications, because TCP/IP-based applications, at the protocol stack level, the transport layer may only be built on TCP or UDP, while SOCK_STREAM and SOCK_DGRAM correspond to TCP and UDP respectively. Therefore, almost all applications can implement these two types of sockets.

However, when we are faced with the following problems, SOCK_STREAM and SOCK_DGRAM will look so helpless:

(1) how to send a custom IP address package?

(2) how to send an ICMP protocol packet?

(3) how to analyze all packets passing through the network, regardless of whether the packets are sent to you?

(4) How to disguise the local IP address?

This makes it necessary for us to face another profound topic-the original socket (SOCK_RAW ). The original socket is widely used in advanced network programming and is also a widely used hacker. The famous network sniffer (a network analysis method based on the passive listening principle), DOS, IP spoofing, and so on can all be implemented through the original socket.

The original socket (SOCK_RAW) can be used to assemble data packets and receive all data frames (data packets) on the NIC of the local computer. It is useful for listening to network traffic and analyzing network data.

The original socket is based on IP packet programming (SOCK_PACKET is based on the data link layer programming ). In addition, you must have the Administrator permission to use the original socket.

The difference between the original socket (SOCK_RAW) and standard socket (SOCK_STREAM and SOCK_DGRAM) is that the original socket is directly set to "root" at the Network Core of the operating system ), SOCK_STREAM and SOCK_DGRAM are "suspended" outside TCP and UDP protocols.

Streaming sockets can only send and receive TCP data. datagram sockets can only send and receive UDP data. The original sockets can send and receive unprocessed data packets from the kernel.