Re: [tcpdump-workers] Sending a packet to localhost?

On Feb 23, 2009, at 3:14 PM, Oliver Zheng wrote: How does Libpcap do it then if it's not with raw sockets? To what does "it" refer in "how does libpcap do it"? If by "it" you mean "capture and send raw link-layer packets", then, on Linux, it uses a PF_PACKET socket (raw or cooked) rather t

Re: [tcpdump-workers] Sending a packet to localhost?

> You can do that using a raw socket. > Well, I do that with no problem. > This code is from ctdb ( http://samba.ctdb.org common/system_linux.c ) > and does just that. > > (this is part of the ctdb "tickle-ack" and "tcp socketkiller" which ctdb > uses to make sure that failover and > session reco

Re: [tcpdump-workers] Sending a packet to localhost?

On Mon, Feb 23, 2009 at 1:55 PM, Guy Harris wrote: > > On Feb 23, 2009, at 1:29 PM, Aaron Turner wrote: > >> tcpdump/Wireshark will show you the Linux SLL header. > > ...although that's not the format of the link-layer header on packets on the > Linux loopback interface; those packets have fake Et

Re: [tcpdump-workers] Sending a packet to localhost?

On Feb 23, 2009, at 1:29 PM, Aaron Turner wrote: tcpdump/Wireshark will show you the Linux SLL header. ...although that's not the format of the link-layer header on packets on the Linux loopback interface; those packets have fake Ethernet headers. (The SLL header is synthesized by libpc

Re: [tcpdump-workers] Sending a packet to localhost?

On Tue, Feb 24, 2009 at 8:17 AM, Oliver Zheng < mailinglists+tcpd...@oliverzheng.com > wrote: > Thanks for the response Aaron. > > On Mon, Feb 23, 2009 at 11:34 AM, Aaron Turner > wrote: > > In my experience, sending packets on eth0 causes the packet to bypass > > the TCP/IP stack and be sent out

Re: [tcpdump-workers] Sending a packet to localhost?

On Mon, Feb 23, 2009 at 1:17 PM, Oliver Zheng wrote: > Thanks for the response Aaron. > > On Mon, Feb 23, 2009 at 11:34 AM, Aaron Turner wrote: >> In my experience, sending packets on eth0 causes the packet to bypass >> the TCP/IP stack and be sent out sight unseen. Hence, you won't be >> able t

Re: [tcpdump-workers] Sending a packet to localhost?

Thanks for the response Aaron. On Mon, Feb 23, 2009 at 11:34 AM, Aaron Turner wrote: > In my experience, sending packets on eth0 causes the packet to bypass > the TCP/IP stack and be sent out sight unseen. Hence, you won't be > able to inject packets into a TCP stream with the target of the loca

Re: [tcpdump-workers] Sending a packet to localhost?

On Sun, Feb 22, 2009 at 2:34 PM, Oliver Zheng wrote: > I am trying to inject a packet to a live TCP stream. It is connected > to the localhost and some other host. The packet i'm trying to inject > is to spoof the other host. Is this possible. In my experience, sending packets on eth0 causes the

Re: [tcpdump-workers] Sending a packet to localhost?

I am trying to inject a packet to a live TCP stream. It is connected to the localhost and some other host. The packet i'm trying to inject is to spoof the other host. Is this possible. On 2/22/09, Tyler Littlefield wrote: > you are able to send packets to eth0, set the ip address to 127.0.0.1 > H

Re: [tcpdump-workers] Should the default snapshot length in tcpdump be 65535?

--- On Sat, 2/21/09, Ken Bantoft wrote: > [...] > Back on topic, I'd be happy to see the default snaplen > changed to 65535. +1 for me. Francois-Xavier - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.