how to analyse the contents of a give IP packet?

solomonml · #1 (**permalink**) 08-01-2008

hi you all!
I can write a network program to send and receive some messages. I use
read() and write() functions for extracting of sending messages via a given socket. By doing so, i know only the actions performed at the application layer of the TCP/IP suite. But i want to control the actual contents of each IP packets(i.e data and ip header) sent/received.Lets say I want to write a routing application which analyses the destination address found in the IP header(TCP header) and sends the packet to its destination.
Give me some hint on how to tackle such cases or give me a reference book/site...

thank you

redoubtable · #2 (**permalink**) 08-02-2008

You want to use raw sockets.

Search google for "raw sockets" or "SOCK_RAW" or "PF_PACKET"

If you're programming C in Linux, there are structs that easily let you alter the whole tcp/udp/icmp/igmp/whatever header and inject packets at will. This can also be used for communication over closed ports and other obscure stuff (if you create a listening raw socket, you'll have yourself a "sniffer", and with that you can analyze data packets that arrive even on closed tcp ports)

ramen_noodle · #3 (**permalink**) 08-02-2008

libnet: The Million Packet March

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
Using GDB to analyse different CORE dumps	nsdeeps	UNIX for Advanced & Expert Users	2	04-16-2008 12:10 AM
end-end packet delay?	yogesh_powar	IP Networking	4	12-13-2005 01:21 PM
sendto in packet socket	Rakesh Ranjan	High Level Programming	5	09-02-2005 07:32 AM
Getting an ACK for RAW SYN packet	zampya	High Level Programming	17	05-24-2004 09:15 PM
Seeing IP packet	manjunath	IP Networking	4	09-15-2002 11:46 PM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: