Original Socket-1

Source: Internet
Author: User

Raw Socket -1

2010-05-20 00:13:16| Category: Computers and interne | Font size Subscription

The socket (socket) that most programmers are exposed to is two types:

(1) streaming sockets (SOCK_STREAM): A connection-oriented socket for connection-oriented TCP service applications;

(2) Datagram Socket (SOCK_DGRAM): a non-connected socket that corresponds to a non-connected UDP service application.

From the user's point of view, Sock_stream, sock_dgram These two types of sockets do not seem to cover all the TCP/IP applications, because TCP/IP-based applications, from the protocol stack level, the transport layer is really only possible on the TCP or UDP protocol (Figure 1), Sock_stream and Sock_dgram, respectively, correspond to TCP and UDP, so almost all applications can be implemented with these two types of sockets.


Figure 1 TCP/IP protocol stack

However, when we face the following problems, Sock_stream, Sock_dgram will appear helpless:

(1) How to send a custom IP packet?

(2) How do I send an ICMP protocol packet?

(3) How to make the machine into a blending mode, so as to be able to network sniffer?

(4) How to analyze all the packets passing through the network, regardless of whether the package is sent to itself?

(5) How to disguise the local IP address?

This allows us to face another profound theme-the original socket (raw socket). Raw sockets are widely used in advanced network programming and are a widespread hacker approach. The famous network sniffer, denial of service attack (DOS), IP spoofing and so on can all be implemented with raw sockets.

The difference between a RAW socket and a standard socket (Sock_stream, SOCK_DGRAM) is that the former directly resets "root" to the operating system network core, while Sock_stream, sock_dgram "hover" On the periphery of the TCP and UDP protocols, 2 shows:


Figure 2 Raw socket and standard socket

When we use raw sockets, we can fully customize the IP packet, all forms of the package can be "made" out. Therefore, this paper must be in advance of TCP/IP packet structure involved in the necessary explanation.

Currently, the header structure of the IPV4 is:

Version number (4) Baotou Long (4) Service Type (8) Packet Length (16)
Logo (16) Offset (16)
Survival Time (8) Transport Protocol (8) Checksum (16)
Source Address (32)
Destination Address (32)
Options (8) ......... Fill

To encapsulate it in a data structure:

typedef struct _IPHDR//define IP header
{
unsigned char h_lenver; 4-Bit header length + 4-bit IP version number
unsigned char tos; 8-bit Service type TOS
unsigned short total_len; 16 bits total length (bytes)
unsigned short ident; 16-bit identification
unsigned short frag_and_flags; 3-bit flag bit
unsigned char ttl; 8-bit time-to-live TTL
unsigned char proto; 8-bit protocol (TCP, UDP, or other)
unsigned short checksum; 16-bit IP header checksum
unsigned int sourceIP; 32-bit Source IP address
unsigned int destip; 32-bit Destination IP address
} Ip_header;

Or, the first byte in the definition above is split by bit:

typedef struct _IPHDR//define IP header
{
unsigned char h_len:4; 4-Bit header length
unsigned char ver:4; 4-bit IP version number
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destip;
} Ip_header;

More strictly speaking, the memory order of the H_len and Ver fields in the above definition is also related to the endian of the specific CPU, so the stricter ip_header can be defined as:

typedef struct _IPHDR//define IP header
{
#if defined (__little_endian_bitfield)
unsigned char h_len:4; 4-Bit header length
unsigned char ver:4; 4-bit IP version number
#elif defined (__big_endian_bitfield)
unsigned char ver:4; 4-bit IP version number
unsigned char h_len:4; 4-Bit header length
#endif
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destip;
} Ip_header;

The TCP header structure is:

Source Port (16) Destination Port (16)
Serial Number (32)
Confirmation Number (32)
TCP Offset (4) Reserved (6) Logo (6) Windows (16)
Checksum (16) Emergency (16)
Options (0 or 32)
Data (variable)

corresponding data structure:

typedef struct PSD_HDR//define TCP pseudo-header
{
unsigned long saddr; Source Address
unsigned long daddr; Destination Address
Char Mbz;
Char PTCL; Protocol type
unsigned short tcpl; TCP length
}psd_header;
typedef struct _TCPHDR//define TCP header
{
unsigned short th_sport; 16-bit Source port
unsigned short th_dport; 16-bit Destination port
unsigned int th_seq; 32-bit serial number
unsigned int th_ack; 32 Digit Confirmation Number
unsigned char th_lenres; 4-bit header length/4-bit reserved word
unsigned char th_flag; 6-bit flag bit
unsigned short th_win; 16-bit window size
unsigned short th_sum; 16-bit Checksum
unsigned short th_urp; 16-bit emergency data offset
} Tcp_header;

Similarly, the definition of a TCP header can also split a bit field:

typedef struct _TCPHDR
{
unsigned short th_sport;
unsigned short th_dport;
unsigned int th_seq;
unsigned int th_ack;
/*little-endian*/
unsigned short tcp_res1:4, Tcp_hlen:4, Tcp_fin:1, Tcp_syn:1, Tcp_rst:1, Tcp_psh:1, Tcp_ack:1, Tcp_urg:1, Tcp_res2: 2;
unsigned short th_win;
unsigned short th_sum;
unsigned short th_urp;
} Tcp_header;

The UDP header is:

Source Port (16) Destination Port (16)
Message Length (16) Checksum (16)

The corresponding data structure is:

typedef struct _UDPHDR//define UDP header
{
Unsigned short uh_sport;//16 bit source port
Unsigned short uh_dport;//16 bit destination port
Unsigned short uh_len;//16 bit length
Unsigned short uh_sum;//16 bit checksum
} Udp_header;

The ICMP protocol is a very important protocol in the network layer, which is all called Internet Control message Protocol (Internet Controlling Message Protocol), and the ICMP protocol makes up the limitation of IP, it uses IP protocol to transmit information. Provides error information feedback that occurs at the network layer to the source-side node in the packet. The ICMP header is:

Type (8) Code (8) Checksum (16)
Message content

The commonly used loopback and or echo response ICMP messages correspond to the data structure:

typedef struct _ICMPHDR//define ICMP header (loopback and or echo response)
{
unsigned char i_type;//8 bit type
unsigned char i_code; 8-bit Code
unsigned short i_cksum; 16-bit Checksum
unsigned short i_id; Identification number (usually with process number as identification number)
unsigned short i_seq; Message serial Number
unsigned int timestamp;//timestamp
} Icmp_header;

Common ICMP packets include echo-request (response request message), Echo-reply (response reply message), Destination unreachable (Destination Unreachable message), Time exceeded (timeout message), Parameter problems (parameter error message), source Quenchs (source suppress message), redirects (redirected message), timestamps (timestamp message), Timestamp replies (timestamp response message), Addresses masks (Address mask Request messages), address mask replies, and so on, are important messages on the Internet. The ping commands, ICMP denial of service attacks, and route spoofing that are involved in the later chapters are all related to the ICMP protocol.

In addition, some of the source code in this series refer to the open source projects of some good programmers, and we would like to express our thanks for the length of the relationship we cannot enumerate.

So, let's go. Source: >  

Original Socket-1

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.