Techly NewsGet the app

Get the latest tech news

How Raw sockets behave differently in macOS and Linux


This post builds up on my previous post where I talked about an interesting bug in my ping implementation. In case you haven’t read it I will explain it very briefly for better coherence. I was sending raw echo-request packets to a target host but I wasn’t using the right tool for sending raw packets. As a result, the operating system’s network stack slapped a duplicate IP header on my IP packet making it look like IP | IP | ICMP.

If you’re planning to run this on a mac and observe packets using a tool like wireshark or tcpdump, you might want to disable checksum offloading on your system. Moving on, while writing to raw sockets, FreeBSD requires certain fields of the IP header such as Total Length and Offset to be in host byte order. This is just to reaffirm what I had mentioned earlier: the point where tools like tcpdump and Wireshark capture packets don’t observe the peculiarities around FreeBSD raw sockets.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Linux

Linux

Photo of macOS

macOS

Photo of Raw sockets

Raw sockets

Related news:

News photo

Linux 6.12 Landing Integrity Policy Enforcement "IPE" Module

News photo

Btrfs Sees Minor Performance Optimizations With Linux 6.12

News photo

Device Memory TCP Included With The Networking Changes For Linux 6.12

« Nurture wants to teach kids important life skills through interactive gameplay and entertainment
Google nets court win against EU’s $1.7B AdSense antitrust decision »