Presentation is loading. Please wait.

Presentation is loading. Please wait.

Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.

Published byJayson Flowers Modified over 9 years ago

Similar presentations

Presentation on theme: "Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet."— Presentation transcript:

1 Raw Sockets - 101 Vivek Ramachandran

2 A day in the life of Network Packet

3 The gory details …..

4 Problem formulation- why raw sockets ? We can only receive frames destined to us (Unicast), to everyone (Broadcast) and to some selected addresses we subscribe to (Multicast). All Headers i.e. Ethernet, IP, TCP etc are stripped by the network stack and only the data is shipped to the application layer. We cannot modify the packet headers of packets when they are sent out from our host.

5 What could be interesting ? If we could receive the frames for all computers connected to our broadcast domain – Promiscous mode If we could get all the headers i.e. Ethernet, TCP, IP etc from the network and analyze them – Raw Sockets. If we could inject packets with custom headers and data into the network directly – Raw Sockets.

6 Promiscous Mode It is the “See All, Hear All” Wizard mode Tells the network driver to accept all packets irrespective of whom the packets are addressed to. Used for Network Monitoring – both legal and illegal monitoring We can do this by programmatically setting the IFF_PROMISC flag or by using the ifconfig utility (ifconfig eth0 promisc)

7 Getting all headers - Sniffing Once we set the interface to promiscous mode we can get “full packets” with all the headers. We can process these packets and extract data from it. Note we are receiving packets meant for all hosts => see what your neighbors are doing in the lab

8 Sending arbitrary packets – Packet Injection We “manufacture” our own packets and send it out on the network. Absolute power – total network stack bypass Most active network monitoring tools and hacking tools use this. Remember the Dos attacks ? Syn Floods ? IP Spoofs ?

9 Raw Sockets – a closer look Application Raw Socket

10 What are raw sockets ? Simply put raw sockets provide a way to bypass the whole network stack traversal of a packet and deliver it directly to an application. There are many ways to create raw sockets. We will concentrate on the PF_PACKET interface for creating raw sockets.

11 PF_PACKET It is a software interface to send/receive packets at layer 2 of the OSI i.e. device driver. All packets received will be complete with all headers and data. All packets sent will be transmitted without modification by the kernel to the medium. Supports filtering using Berkley Packet Filters.

12 Creating a Raw Socket Call socket() with appropriate arguments. Socket(PF_PACKET, SOCK_RAW, int protocol) Protocol is ETH_P_IP for IP networks. It is mostly used as a filter. To receive all types of packets ETH_P_IP is used.

13 The making of a Sniffer Create Raw socket – socket() Set interface you want to sniff on in promiscous mode. Bind Raw socket to this interface – bind() Receive packets on the socket – recvfrom() Process received packets Close the raw socket().

14 The making of a Packet Injector Create a raw socket – socket() Bind socket to the interface you want to send packets onto – bind() Create a packet Send the packet – sendto() Close the raw socket – close()

15 Class over !! Lets start coding !!!

Download ppt "Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet."

Similar presentations

Florida State UniversityCOP5570 - Advanced Unix Programming Raw Sockets Datalink Access Chapters 25, 26.

Florida State UniversityCOP Advanced Unix Programming Raw Sockets Datalink Access Chapters 25, 26.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Tactics to Discover “Passive” Monitoring Devices

Tactics to Discover “Passive” Monitoring Devices
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Packet Injection 101 Vivek Ramachandran. What is packet injection ? Please go through the raw socket tutorial before going further. Simply put packet.

Packet Injection 101 Vivek Ramachandran. What is packet injection ? Please go through the raw socket tutorial before going further. Simply put packet.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.

1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.
1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.

1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.
Computer Network 實踐資管 Wang-Jiunn Cheng 2004 PART IV-2 Local Area Networks (LANs) Frame.

Computer Network 實踐資管 Wang-Jiunn Cheng 2004 PART IV-2 Local Area Networks (LANs) Frame.
Java Socket Support Presentation by: Lijun Yuan Course Number: cs616.

Java Socket Support Presentation by: Lijun Yuan Course Number: cs616.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Adjusting out device-driver Here we complete the job of modifying our ‘nicf.c’ Linux driver to support ‘raw’ packet-transfers.

Adjusting out device-driver Here we complete the job of modifying our ‘nicf.c’ Linux driver to support ‘raw’ packet-transfers.
Chapter 3 Review of Protocols And Packet Formats

Chapter 3 Review of Protocols And Packet Formats
Detection of Promiscuous nodes Using Arp Packets By Engin Arslan.

Detection of Promiscuous nodes Using Arp Packets By Engin Arslan.
Socket options A way for network applications to ‘tweak’ the processing done at lower-levels of the TCP/IP stack.

Socket options A way for network applications to ‘tweak’ the processing done at lower-levels of the TCP/IP stack.
Hubs & Switches Ethernet Basics -10. There is only so much available bandwidth, in some instances it can be dynamic An overabundance of data on the network,

Hubs & Switches Ethernet Basics -10. There is only so much available bandwidth, in some instances it can be dynamic An overabundance of data on the network,
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises.

Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises.
1 Introduction to Raw Sockets 2 IP address Port address MAC address TCP/IP Stack 67 Bootp DHCP 176 2 OSPF 89 53 protocol frame type UDP Port # TCP Port.

1 Introduction to Raw Sockets 2 IP address Port address MAC address TCP/IP Stack 67 Bootp DHCP OSPF protocol frame type UDP Port # TCP Port.
CSCD433 Advanced Networks Fall 2011 Raw vs. Cooked Sockets.

CSCD433 Advanced Networks Fall 2011 Raw vs. Cooked Sockets.

Similar presentations

Ads by Google