Re: [Planetlab-users] a question about raw sockets (one more time)
Brought to you by:
alklinga
Menu
▾
▴
Re: [Planetlab-users] a question about raw sockets (one more time)
|
From: Rob <ca...@cs...> - 2003-10-28 17:40:21
|
On Tue, Oct 28, 2003 at 09:42:39AM +0100, Michal Szymaniak wrote: > > Andy, > > > To monitor incoming and outgoing packets on a port, PlanetLab provides raw > > "sniffer" sockets. Here is a bit of documentation: > > > > http://www.planet-lab.org/raw_sockets/api_sniffer.html > > > > I followed the instructions exactly, and: > - I can see incoming raw IP packets :-) > - I still cannot see any outgoing ones :-( > For example, during a TCP-handshake, I can see incoming SYN and ACK > packets, but I cannot see any SYNACK packet between them. I am fairly sure this is a limitation of raw sockets and the linux netfilter kernel architechture (see http://www.netfilter.org/ for details) - basically out going packets don't get looked at with SOCK_RAW. Unfortunately, I don't know of a way to get around this in the planetlab environment... normally I would use libpcap to get around this, but we don't have permissions: [umd2@planet-lab nload]$ ./nload -i eth0 Device: eth0 ER: pcap_open_live: socket: Operation not permitted Does anyone else know a way around this? - Rob . |
