Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Getting an ACK for RAW SYN packet
Top Forums Programming Getting an ACK for RAW SYN packet Post 50896 by Perderabo on Tuesday 4th of May 2004 11:59:36 PM
Old 05-05-2004
What you're attempting is so far "out there" that I hesitate to reply. I have never used raw sockets at all. And you seem to be trying to bypass TCP entirely. I'm not sure what to expect when raw sockets are used like that. Like Driver, I think it would help if you posted your code.

I do know the TCP protocol though. Your SYN packet seems to be step one of the 3-way handshake. If it's addressed to port that is listening, You should get a packet that ACK's your SYN and contains a SYN of it's own. Otherwise you should get a RST packet. These days, some systems run in stealth mode and just ignore SYN's to unused ports.

You should not get an ICMP message. But if you fumble a bit, and set the protocol to UDP instead on TCP, then a ICMP port unreachable would be in order.

But you're using raw sockets, right? So isn't all of this your job? You seem to be expecting the kernel's TCP code to help you out. I don't know if it should or not. Like I said, I've never used raw sockets like this. But my expectation would be that the kernel's TCP code would not be in use. After all, to the kernel, there is no TCP connection.
 

7 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

ACK! Help! What do I do?

Hiya folks, I am a windows xp home user and for awhile I have been thinking about changing my OS, the only problem is that I don't know where to start. Is it called Unix or Linux? Are they the same thing? It's really confusing. I would really appreaciate some help on this. I have looked all... (1 Reply)
Discussion started by: Mr_Pinky
1 Replies

2. Shell Programming and Scripting

syn

suppose I have data in a log file in the below format date|time|name|email|address|SSN date|time|name|email|address|SSN date|time|name|email|address|SSN is it possible to create a search engine which takes input as three filters out of which two filters should be optional? say i give... (4 Replies)
Discussion started by: wannalearn
4 Replies

3. UNIX for Advanced & Expert Users

What is FIN/ACK/SYN

Please tell me details about terms FIN, ACK, SYN, RST; used in TCP based communication. Also tell me any RFC or other document which tell me details about these terms. (1 Reply)
Discussion started by: mansoorulhaq
1 Replies

4. UNIX for Dummies Questions & Answers

plug in for syn on

I am using vim version 7.1.314.It don't have syn on.Is there any plug in available for syn on or I have to update the version. (2 Replies)
Discussion started by: karthigayan
2 Replies

5. IP Networking

TCP Same Ack Sequencing for Two Packets

I was analyzing a TCP snoop. And found following scenario From Server to Client ---> SEQ 2993 ACK 1744 WIN 8192 LEN 13 From Server to Client ---> SEQ 3006 ACK 1744 WIN 8192 LEN 13 From Client to server --> SEQ 1744 ACK 3019 WIN 3304 I just want to know Why Packet 1 and 2... (3 Replies)
Discussion started by: mr_deb
3 Replies

6. Programming

Raw Socket Programming - Efficient Packet Sniffer

Hi, I have the requirement to sniff packets from the Ethernet card on my Linux machine and process it and feed it to a RANAP protocol stack. So far I have written the raw packet sniffer and successfully sniffing packets and do little processing. However, for huge number of packets ... (9 Replies)
Discussion started by: rstnsrr
9 Replies

7. AIX

Packet loss coming with big packet size ping

(5 Replies)
Discussion started by: Vishal_dba
5 Replies

LEARN ABOUT V7

raw

RAW(8)                                                         System Administration                                                        RAW(8)

NAME

       raw - bind a Linux raw character device

SYNOPSIS

       raw /dev/raw/raw<N> <major> <minor>

       raw /dev/raw/raw<N> /dev/<blockdev>

       raw -q /dev/raw/raw<N>

       raw -qa

DESCRIPTION

       raw  is  used  to  bind  a  Linux raw character device to a block device.  Any block device may be used: at the time of binding, the device
       driver does not even have to be accessible (it may be loaded on demand as a kernel module later).

       raw is used in two modes: it either sets raw device bindings, or it queries existing bindings.  When setting a raw device,  /dev/raw/raw<N>
       is  the  device name of an existing raw device node in the filesystem.  The block device to which it is to be bound can be specified either
       in terms of its major and minor device numbers, or as a path name /dev/<blockdev> to an existing block device file.

       The bindings already in existence can be queried with the -q option, which is used either with a raw device  filename  to  query  that  one
       device, or with the -a option to query all bound raw devices.

       Unbinding can be done by specifying major and minor 0.

       Once  bound  to  a block device, a raw device can be opened, read and written, just like the block device it is bound to.  However, the raw
       device does not behave exactly like the block device.  In particular, access to the raw device bypasses the  kernel's  block  buffer  cache
       entirely:  all I/O is done directly to and from the address space of the process performing the I/O.  If the underlying block device driver
       can support DMA, then no data copying at all is required to complete the I/O.

       Because raw I/O involves direct hardware access to a process's memory, a few extra restrictions must be observed.  All I/Os  must  be  cor-
       rectly  aligned  in  memory  and on disk: they must start at a sector offset on disk, they must be an exact number of sectors long, and the
       data buffer in virtual memory must also be aligned to a multiple of the sector size.  The sector size is 512 bytes for most devices.

OPTIONS

       -q, --query
              Set query mode.  raw will query an existing binding instead of setting a new one.

       -a, --all
              With -q , specify that all bound raw devices should be queried.

       -h, --help
              Display help text and exit.

       -V, --version
              Display version information and exit.

BUGS

       The Linux dd(1) command should be used without the bs= option, or the blocksize needs to be a multiple of the sector  size  of  the  device
       (512 bytes usually), otherwise it will fail with "Invalid Argument" messages (EINVAL).

       Raw  I/O devices do not maintain cache coherency with the Linux block device buffer cache.  If you use raw I/O to overwrite data already in
       the buffer cache, the buffer cache will no longer correspond to the contents of the actual storage device underneath.  This is  deliberate,
       but is regarded either a bug or a feature depending on who you ask!

NOTES

       Rather than using raw devices applications should prefer open(2) devices, such as /dev/sda1, with the O_DIRECT flag.

AUTHOR

       Stephen Tweedie (sct@redhat.com)

AVAILABILITY

       The raw command is part of the util-linux package and is available from https://www.kernel.org/pub/linux/utils/util-linux/.

util-linux                                                          August 1999                                                             RAW(8)
All times are GMT -4. The time now is 02:15 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy