... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.protocols.tcp-ip

TCP and IP network protocols.

14,669 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 12,717 of 14,669

Barry Margolin to All

Re: Capturing TCP SYN packets for a spec

06 Feb 09 22:29:43

   From: barmar@alum.mit.edu   
      
   In article , Ralf    
   wrote:   
      
   > Jorgen Grahn wrote:   
   > >   
   > > And the mandatory question: what are you really trying to do, what   
   > > problem are you trying to solve? There are probably easier, more   
   > > normal ways.   
   >   
   > I just need to record *all* IPs who send a connect packet   
   > (ie. the 1st SYN packet) to that TCP port, including failed   
   > connect attempts from spoofed IPs etc.   
   > It is my app which exclusively listens and serves on that port,   
   > ie. there is no other app which listens/serves on that port.   
   >   
   > I cannot use any external utility like tcpdump etc.   
   >   
   > I guess I would need to use raw sockets.   
   > I'm already experimenting with raw sockets but   
   > I don't know how to receive the SYN packets with raw sockets.   
   > The examples I found on the net so far are just sending out, but not   
   > receiving.   
   >   
   > Does anybody know how to solve this problem?   
      
   Look at how libpcap does it.  The issue is that the details depend on   
   the OS -- libpcap is full of conditional code that uses the appropriate   
   interface for each OS.   
      
   --   
   Barry Margolin, barmar@alum.mit.edu   
   Arlington, MA   
   *** PLEASE don't copy me on replies, I'll read them in the group ***   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]