Raw Sockets

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Greetings: I am looking for a way to put a raw packet on the network wire. I have built the IP header myself, and included all needed data in a scalar. Now, all I need is to send it out on the cable. Is there a way to do this in WinNT?

I’ve opened the socket, and attempted a write as below:

I get an “unknown error”

my $temp=socket(SOCK,PF_INET,SOCK_RAW,0) or die('Can not open socket')
+;
printf "%d $@ $!\n",$temp;
my $temp=syswrite(SOCK,$packed);  #send the data
printf "%d $@ $!\n",$temp;
close SOCK;
[download]

Thx for any help!

Comment on Raw Sockets Download Code

Replies are listed 'Best First'.
Re: Raw Sockets by tadman (Prior) on Mar 19, 2002 at 17:35 UTC
SOCK_RAW is the right idea. You can even use IO::Socket if you're into that sort of thing, as it's a lot easier than using straight POSIX-type socket calls. Either way, you're going to need to do something like this: `my $rv = socket ($s, AF_INET, SOCK_RAW, IPPROTO_RAW);` To make a raw socket, you have to be "root" or equivalent. Not sure how this works on NT, but perhaps you have to be the Administrator. Since you are creating the socket successfully, this doesn't seem to be a problem. What I think your problem is likely to be is the use of syswrite where you should be using sendto. You can use something like syswrite if your socket is connected. A RAW socket is not. Don't assume that the kernel is going to open up your packet and see what you mean. So, this way you can treat the socket like any old socket, except that you have to make the headers yourself and send it like a regular UDP-type packet (connectionless).	[reply] [d/l]
Re: Raw Sockets by RMGir (Prior) on Mar 19, 2002 at 17:28 UTC
This might not help, but I vaguely recall that libpcap has been ported to NT. In that case, you might be able to use Net::RawIP. -- Mike (Edit: Net::RawIP rather than Net-RawIP, thanks tadman!)	[reply]
Re: Re: Raw Sockets by Rhose (Priest) on Mar 19, 2002 at 19:44 UTC
Yes, libpcap has been ported to NT -- it is called WinPcap. You can access it here. I have not tried any of these packages, but they are interfaces to libpcap (and may also work with WinPcap -- I don't yet know.) Net::Pcap Net::PcapUtils NetPacket (this is a family of modules)	[reply]
Re: Raw Sockets by Erik Hensema (Sexton) on Mar 19, 2002 at 23:23 UTC
As far as I know NT doesn't support raw sockets. You need XP for that.	[reply]
Re: Re: Raw Sockets by mce (Curate) on Mar 20, 2002 at 12:15 UTC
This is what I understood also. Go to GRC for more details. --------------------------- Dr. Mark Ceulemans Senior Consultant IT Masters, Belgium	[reply]
Re: Re: Raw Sockets by blogan (Monk) on Mar 20, 2002 at 14:25 UTC
But there would need to be someway to access a raw socket in earlier versions of Windows. Programs like ping don't use TCP or UDP and are usually implemented on a raw socket. Also, some Internet telephony programs don't use TCP, UDP, or ICMP. Sure, it might not be as easy as with a raw socket, but it still has to be possible.	[reply]
Re: Raw Sockets by Anonymous Monk on Mar 19, 2002 at 21:47 UTC
check your filehandles	[reply]

Back to Seekers of Perl Wisdom