Using raw socket in Python

Question 1

I have this simple client code which is sending a message to a server and then echoes the server response.

import socket, sys, time
HOST = 'localhost' 
PORT = 11000 
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
msg = raw_input()
s.send(msg)
data = s.recv(len(msg))
s.close()
print 'Received: ', data

I wish to use raw socket here in order to be able to get the IP_ID field out of the server's response packet, but I have no idea how.

No matter how much I read about it on the internet I did not find a good example of how to do it.

(Just to clarify, I don't really need to send a raw packet to the server, I can use the normal SOCK_STREAM to send the message, but I need to use raw socket to get the response' IP_ID.)

Can anyone just edit my code and show me, in the simpliest way, how to do it? All I managed to find out is that I need to replace socket.SOCK_STREAM with socket.SOCK_RAW, but im still far away.

Thanks alot

Question 2

What's the IP_ID field? Is that a part of the server's response? If so, then you have to parse it (and it depends on the format). Also getting IP of a server is pointles since you need to know it in order to connect to it. Unless some DNS round robin is involved, then you can retrieve it by calling socket.getpeername().

Question 3

He's talking about field at offset 4 of the IPv4 header.

Question 4

IP_ID is a part of every tcp packet. Its just the identifier used to determine which fragments constitues a datagram

Question 5

@Jjang - Can you explain why you want to inspect the IP_ID field? The best way to do it depends upon precisely what you are trying to achieve.

Question 6

I'm pretty sure you can't use the same socket in raw mode and stream mode at the same time, so you're going to need to replace that connect and send with a bunch of much more complicated code that constructs and sends the appropriate TCP packets (this post gets you started) to initiate the connection before you can receive anything interesting.

Question 7

Reading from a raw socket and parsing out the IP_ID is trivial:

response, addr = s.recvfrom(65535)
response_id = struct.unpack('!H', response[4:6])
print response_id

The hard part is getting someone to send you a packet in the first place. I'm pretty sure you can't use the same socket in raw mode and stream mode at the same time, so you're going to need to replace that connect and send with a bunch of much more complicated code that constructs and sends the appropriate TCP packets to initiate the connection. There are libraries like scapy that will do all that hard stuff for you, but if you want to do it manually, you just need to read RFC 791 and RFC 793 carefully, do all the tedious stuff (making sure you get all the endianness right), and you're on your way.

On *BSD (including OS X), the kernel will fill in the IP length, TCP length, and, best of all, the TCP checksum. It gets much more painful if you have to handle those yourself. (If this doesn't work on your platform, you probably do... either that, or I screwed up something else that OS X fixes for me automagically and your platform doesn't.)

import socket
import struct
def make_ip(proto, srcip, dstip, ident=54321):
 saddr = socket.inet_aton(srcip)
 daddr = socket.inet_aton(dstip)
 ihl_ver = (4 << 4) | 5
 return struct.pack('!BBHHHBBH4s4s' , 
 ihl_ver, 0, 0, ident, 0, 255, proto, 0, saddr, daddr)
def make_tcp(srcport, dstport, payload, seq=123, ackseq=0,
 fin=False, syn=True, rst=False, psh=False, ack=False, urg=False,
 window=5840):
 offset_res = (5 << 4) | 0
 flags = (fin | (syn << 1) | (rst << 2) | 
 (psh <<3) | (ack << 4) | (urg << 5))
 return struct.pack('!HHLLBBHHH', 
 srcport, dstport, seq, ackseq, offset_res, 
 flags, window, 0, 0)
srcip = dstip = '127.0.0.1'
srcport, dstport = 11001, 11000
payload = '[TESTING]\n'
ip = make_ip(socket.IPPROTO_TCP, srcip, dstip)
tcp = make_tcp(srcport, dstport, payload)
packet = ip + tcp + payload
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW)
s.sendto(packet, (dstip, 0))
response, addr = s.recvfrom(65535)
response_id = struct.unpack('!H', response[4:6])
print response_id

Each time I run this, I get a nak (if no one's listening on port 11000) or ack packet with a randomized IP_ID, just as you'd expect.

Question 8

Hi, thats an excellent answer! P.S is there any way to do it without struct import?

Question 9

@Jjang: Sure. I assume you that if you don't want the struct module, you don't want the ctypes module either. So, without any imports, you could manually pack each 16- and 32-bit value into network-endian bytes with the & and >> operators, stick the bytes in a bytearray, and convert it to a str, and then on the receive side do the same thing—convert the str to a bytearray and manually unpack bytes 4 and 5 as a network-endian short. But why would you want to do this? The standard library is there to be used, to make your life easier.

Question 10

is working with raw socket different than working with normal sockets? My server doesnt seem to recognize that I connected to it, Plus, I manage to get a response even if my server is down... but if I use my original code, server regocnize connection, and I fail to send packets if server is not up... here's my simple echo server code: stackoverflow.com/questions/20198003/…

Question 11

P.S,assume I wanted to make a UDP packet, the only thing I had to do was to change make_tcp to make_udp? and if yes, how?

Question 12

@Jjang: For the second question: yes. You just need to read RFC 768 instead of RFC 793. (If you can't remember the numbers—I certainly can't—a quick google for "RFC UDP" turns up the official RFC, the Wikipedia page, and other useful sources as the top hits.) You may want to search around and see if someone has already done the work constructing packets for you, of course.

abarnert 368k54 gold badges627 silver badges692 bronze badges · Accepted Answer · 2013-11-25 22:09:41Z

Reading from a raw socket and parsing out the IP_ID is trivial:

response, addr = s.recvfrom(65535)
response_id = struct.unpack('!H', response[4:6])
print response_id

The hard part is getting someone to send you a packet in the first place. I'm pretty sure you can't use the same socket in raw mode and stream mode at the same time, so you're going to need to replace that connect and send with a bunch of much more complicated code that constructs and sends the appropriate TCP packets to initiate the connection. There are libraries like scapy that will do all that hard stuff for you, but if you want to do it manually, you just need to read RFC 791 and RFC 793 carefully, do all the tedious stuff (making sure you get all the endianness right), and you're on your way.

On *BSD (including OS X), the kernel will fill in the IP length, TCP length, and, best of all, the TCP checksum. It gets much more painful if you have to handle those yourself. (If this doesn't work on your platform, you probably do... either that, or I screwed up something else that OS X fixes for me automagically and your platform doesn't.)

import socket
import struct
def make_ip(proto, srcip, dstip, ident=54321):
 saddr = socket.inet_aton(srcip)
 daddr = socket.inet_aton(dstip)
 ihl_ver = (4 << 4) | 5
 return struct.pack('!BBHHHBBH4s4s' , 
 ihl_ver, 0, 0, ident, 0, 255, proto, 0, saddr, daddr)
def make_tcp(srcport, dstport, payload, seq=123, ackseq=0,
 fin=False, syn=True, rst=False, psh=False, ack=False, urg=False,
 window=5840):
 offset_res = (5 << 4) | 0
 flags = (fin | (syn << 1) | (rst << 2) | 
 (psh <<3) | (ack << 4) | (urg << 5))
 return struct.pack('!HHLLBBHHH', 
 srcport, dstport, seq, ackseq, offset_res, 
 flags, window, 0, 0)
srcip = dstip = '127.0.0.1'
srcport, dstport = 11001, 11000
payload = '[TESTING]\n'
ip = make_ip(socket.IPPROTO_TCP, srcip, dstip)
tcp = make_tcp(srcport, dstport, payload)
packet = ip + tcp + payload
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW)
s.sendto(packet, (dstip, 0))
response, addr = s.recvfrom(65535)
response_id = struct.unpack('!H', response[4:6])
print response_id

Each time I run this, I get a nak (if no one's listening on port 11000) or ack packet with a randomized IP_ID, just as you'd expect.

Hi, thats an excellent answer! P.S is there any way to do it without struct import?
@Jjang: Sure. I assume you that if you don't want the struct module, you don't want the ctypes module either. So, without any imports, you could manually pack each 16- and 32-bit value into network-endian bytes with the & and >> operators, stick the bytes in a bytearray, and convert it to a str, and then on the receive side do the same thing—convert the str to a bytearray and manually unpack bytes 4 and 5 as a network-endian short. But why would you want to do this? The standard library is there to be used, to make your life easier.
is working with raw socket different than working with normal sockets? My server doesnt seem to recognize that I connected to it, Plus, I manage to get a response even if my server is down... but if I use my original code, server regocnize connection, and I fail to send packets if server is not up... here's my simple echo server code: stackoverflow.com/questions/20198003/…
P.S,assume I wanted to make a UDP packet, the only thing I had to do was to change make_tcp to make_udp? and if yes, how?
@Jjang: For the second question: yes. You just need to read RFC 768 instead of RFC 793. (If you can't remember the numbers—I certainly can't—a quick google for "RFC UDP" turns up the official RFC, the Wikipedia page, and other useful sources as the top hits.) You may want to search around and see if someone has already done the work constructing packets for you, of course.

CollectivesTM on Stack Overflow

Using raw socket in Python

1 Answer 1

8 Comments

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Linked

Hot Network Questions

CollectivesTM on Stack Overflow

1 Answer 1

8 Comments

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Linked

Related