[Planetlab-users] Re: a question about raw sockets
Brought to you by:
alklinga
Menu
▾
▴
[Planetlab-users] Re: a question about raw sockets
|
From: Andy B. <ac...@CS...> - 2003-10-29 13:32:47
|
Hi Michal, I can't reproduce your problem -- I see both incoming and outgoing messages for a connection, including the SYNACK. I've attached three files which may help you: sniffdump.c: Opens a safe raw socket on a particular port, attaches a pcap header to read packets, and prints them to stdout. plabdump: Invokes sniffdump and then pipes its output to tcpdump for nice formatting. tcp_port.c: Creates a connection to www.cs.princeton.edu from local port 12345 Note that sniffdump and plabdump are also available as part of the plkmodutil package: http://www.planet-lab.org/raw_sockets/notes_files.html Here is some output from planetlab-2.cs.princeton.edu. I see all packets sent between the web server and the local host. [princeton8@planetlab-2 testit]$ ./plabdump -l tcp port 12345 13:05:45.663254 planetlab-2.cs.princeton.edu.12345 > web0.CS.Princeton.EDU.http: S 3930150656:3930150656(0) win 5840 <mss 1460,sackOK,timestamp 309102267 0,nop,wscale 0> (DF) 13:05:45.664677 web0.CS.Princeton.EDU.http > planetlab-2.cs.princeton.edu.12345: S 2193066063:2193066063(0) ack 3930150657 win 24616 <nop,nop,timestamp 9227789 309102267,nop,wscale 0,nop,nop,sackOK,mss 1460> (DF) 13:05:45.664731 planetlab-2.cs.princeton.edu.12345 > web0.CS.Princeton.EDU.http: . ack 1 win 5840 <nop,nop,timestamp 309102268 9227789> (DF) 13:05:46.673981 planetlab-2.cs.princeton.edu.12345 > web0.CS.Princeton.EDU.http: F 1:1(0) ack 1 win 5840 <nop,nop,timestamp 309102369 9227789> (DF) 13:05:46.674631 web0.CS.Princeton.EDU.http > planetlab-2.cs.princeton.edu.12345: . ack 2 win 24616 <nop,nop,timestamp 9227890 309102369> (DF) 13:05:46.675078 web0.CS.Princeton.EDU.http > planetlab-2.cs.princeton.edu.12345: F 1:1(0) ack 2 win 24616 <nop,nop,timestamp 9227890 309102369> (DF) 13:05:46.675106 planetlab-2.cs.princeton.edu.12345 > web0.CS.Princeton.EDU.http: . ack 2 win 5840 <nop,nop,timestamp 309102369 9227890> (DF) Cheers, Andy ----- Original Message ----- From: "Michal Szymaniak" <mi...@cs...> To: "Andy Bavier" <ac...@CS...> Cc: <pla...@li...> Sent: Tuesday, October 28, 2003 3:29 AM Subject: Re: a question about raw sockets > > Andy, > > > To monitor incoming and outgoing packets on a port, PlanetLab provides raw > > "sniffer" sockets. Here is a bit of documentation: > > > > http://www.planet-lab.org/raw_sockets/api_sniffer.html > > > > I followed the instructions exactly, and: > - I can see incoming raw IP packets :-) > - I still cannot see any outgoing ones :-( > For example, during a TCP-handshake, I can see incoming SYN and ACK > packets, but I cannot see any SYNACK packet between them. > > Here is a piece of my code: > > #define PACKET_SIZE 1500 > > int m,on; > char packet[PACKET_SIZE]; > > if ((m=socket(PF_INET,SOCK_RAW,IPPROTO_TCP))==-1) > fatal("monitor:socket"); > on=1;if (setsockopt(m,SOL_SOCKET,SO_REUSEADDR,&on,sizeof(int))==-1) > fatal("monitor:reuseaddr"); > on=1;if (setsockopt(m,0,SO_RAW_SNIFF,&on,sizeof(int))==-1) > fatal("monitor:setrawsniff"); > if (bind(m,(struct sockaddr*)&sa,sizeof(struct sockaddr_in))==-1) > fatal("monitor:bind"); > > and then loop on recvfrom(m,packet,PACKET_SIZE,0,NULL,NULL); > > > Any ideas what may be wrong? BTW, thanks to everyone who tried to help me > the last time :-) > > Kind regards, > M. > -- > Michal Szymaniak | mailto:mi...@cs... | http://www.cs.vu.nl/~mszyman > |
