 |
|
| |||||
|
|
Hi all, Today we will explore the Raw Sockets feature on Windows platforms. First of all a bit of raw networking basics. You must be knowing that IP is Internet Protocol which supports other sub protocols such as TCP, UDP, ICMP etc. So when you are sending some data to a remote computer through TCP. The data is first divided into small units called as packets.
So now you have a TCP packet which contains a TCP header and the data which is called as payload. When this packet advances, a new header is appended to it which is IP header. The IP header contains source/destination IP, checksums flags and many other IP related fields. So now you have an IP packet which contains an IP header and a payload (TCP Packet). This packet would then advance and may get appended with Ethernet header etc, but that's out of scope of Raw Sockets, so we won't discuss that.All these appending of data etc, is happening without your knowledge and control. You are just using simple TCP sockets and the TCP stack is doing all the work for you. Now what if you want to prepare the TCP (or UDP or any other IP protocol) packet your self and send it? Or more practically, what if you don't want to use any existing IP protocols and write one of your own with your own headers etc?Normal sockets are of no use in this case. So Windows has provided raw sockets for such situations. As you will read in the MSDN, raw sockets can be of two types, one with known protocols (TCP/UDP/ICMP etc. our first situation) and another with a custom protocol (our second situation). In both the cases you have to prepare your own IP header and provide the Protocol number in it (TCP=6, UDP=17 etc, or your custom number). Then you have to prepare the protocol header (either a standard one such as TCP or your custom header) and append that to the packet. Now you can append your payload to the packet and send to the destination. Note that in case of custom protocols, only your applications will be able to receive and understand the packets, TCP or simple WinSock applications won't even receive the packets.So now you know what you will need to develop your own network protocol. Note that there are security restrictions on use of Raw Sockets. On Windows NT/2k platforms, Raw Sockets (and hence applications using them) can only be used with Administrative privileges. This restriction is there because Raw socket applications are capable of sniffing normal IP traffic, that means they can receive all the packets going out and coming into your machines. Hence Raw Sockets can also be used for Network Monitoring type of applications. Exercises: 1. Read about Raw sockets in MSDN, also go through the samples in Platform SDK/Visual Studio. 2. Write a chat application with normal sockets (TCP), then modify it to use Raw sockets with TCP protocol and lastly, modify it to use a custom protocol of your own. 3. Write an application which can monitor all traffic of a provided protocol (such as ICMP etc.). This should be more than sufficient for this week, we will cover some other topic next week. Thanks, -Farooque
|