Say ff a socket is open for Ethernet then is it same as socket in TCP/IP ? In some existing code i have found that, it supports Ethernet protocol, does that mean i can connect to this Ethernet socket using TCP socket client.
I am in confusion, please help.
Thanks in advance
Sagar
A raw ethernet socket, e.g. SOCK_RAW, cannot be used for TCP communication without you writing the protocol handler (you don't want to do that). You are expected to know how to serialize/deserialize ethernet frames when a socket is opened in raw ethernet mode. SOCK_STREAM is the mode for TCP and the internet is awash with examples of TCP client/server code.
There is some confusion. Ethernet is a layer 1 and 2 technology in the OSI model and the TCP/IP model. For communicating directly over 802.3, in Linux you can use packet sockets to directly generate an 802.3 frame and send it out through the NIC. You can also use packets sockets to receive 802.3 frames. Something different is TCP socket, stream sockets. Use stream sockets for a TCP connection. With a packet socket you can always receive a 802.3 frame containing an IP datagram which contains a TCP segment. However, in order to establish a TCP connection you need to have a TCP communication established between two points. If the code you saw says "Ethernet protcol", you should check it is actually doing, it could just be a misconception on the programmer side. Check the type of socket they are using.
Related
I am new to GNU Radio and Linux.
I want to send processed data out from gnu companion to a software/dashboard whose input is LAN/TCP/IP.
I am using RTL dongle and USRP and i have done GMSK demodulation successfully.Now want to send the demodulated data to a software for presentation and display developed by another team.The dashboard/software uses Ethernet data as input and has ip address and port as input parameters.
Currently i failed to send a random data via TCP sink and receive it via TCP source blocks on loopback address.
Please help me
Did you set the TCP Sink to "Server", and the Source Block to "Client"? Only the block that is set to "Client" needs to know the address, but both need to know the Port.
And is the port you use for your loopback test free, or could another program be using it?
Also, if the Nonblocking mode for the TCP blocks is off, the execution of the flowgraph is halted until a connection is established. I’m not sure but I think that could lead to problems if they are supposed to connect to each other in the same flowgraph.
Try using an external program (like netcat) for debugging instead. netcat will probably not display it correctly but it’ll tell you if any data at all is coming through.
Additionally, the TCP source and TCP sink blocks are deprecated and shouldn’t be used, use UDP or ZeroMQ for communicating with external programs instead, if possible.
I'm learning networking and sockets and there's something I don't understand. I often heard about "TCP ports"
But I think ports are related to the application layer (80 for HTTP servers for example).
So why don't you say "applications ports" ? Why port seems associated with TCP layer (it should be associated with an higher layer) ?
For me ports have nothing to do with TCP protocol
Thanks
Your understanding is incorrect, and you need to clarify this point before moving on to other networking concepts.
Port is a fundamental concept of TCP.
TCP is a bidirectional communication protocol between two endpoints (Source and Destination), which are identified by 2 things: IP address and Port. TCP is meant to extend the IP protocol (which identifies hosts only by IP address) by adding the Port and allowing multiple communication endpoints to exist for a single IP address.
In fact TCP packets (sent over the wire) encapsulate IP packets, but add some extra information on top of IP, information like the Port and some transmission control flags. This is why people often use the term TCP/IP.
On top of TCP/IP, people have built other protocols, like HTTP.
An HTTP packet (or request) consists of multiple TCP/IP packets exchanged between the client and the server. HTTP uses TCP/IP, and all packets sent with HTTP are TCP/IP packets. HTTP commonly uses the TCP port 80, however it can run on any other port without issues.
Also, any other application level protocol can be configured to use port 80.
Ports are associated with application level protocols only by convention. Similarly, SSH is commonly configured on port 22, but can be used on any other port.
I don't know if there is a official definition of you people say it like this :)
This is only my idea, maybe it will help you :)
Because applications are using 2 protocols:
TCP and UDP and people to express both the using protocol of an application and the port, they say TCP:80 or UDP:5000 (torrent example)
For example HTTPS can run over any reliable stream transport protocol. Normally that's TCP, but it could also be SCTP. It is NOT expected to run over UDP.
So you can say HTTPS:443 or TCP:443 referring at the HTTPS discussion of course.
They guy that you are talking to, understands from the start that HTTPS uses TCP protocol and it is on 443 port.
Combining the port number and the TCP/UDP you "create" the name of the assigned protocol, not vice-versa.
Eq:
TCP:80 = HTTP
TCP:23 = Telnet
UDP:220 = IMAP
You don't say HTTP:80 is TCP. The TCP port 80 is known as HTTP.
For a list or protocols and ports see: http://www.pearsonitcertification.com/articles/article.aspx?p=1868080
I have a great confusion about tshark.
What is the basic unit of the messages captured by tshark? Ip, tcp, or http?
I see TCP http or ssl and so on in the protocol column in wireshark.
These protocols are in different layer.
In addition, what is the tshark command to capturing the http message with tshark.
See the man page. To quote:
TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file
Packets are usually either TCP or UDP (you can find a list of protocols here), When wireshark states that it is HTTP or SSL, then it is based on introspection of the packet (Probably based on destination port).
As you can see, Wireshark is definitely capturing a lot of TCP packets. But it is displaying only ARP, 0x0800, 0x8912, etc. If I put TCP as a filter I get blank. Why can't I see TCP packets?
So I just found the solution on another site. Problem was that Wireshark was set to not recognize ipv4 and ipv6. But you can fix that by going to Analyze->Enabled Protocols and make sure that ipv4 and ipv6 are selected.
I have an application that is designed and working that is receiving UDP broadcasts on a port. The application has been working just fine, but I have wanted to compare the packets received by the application with a Wireshark capture. I'm trying to make sure that I'm capturing as many of the packets as possible with minimal data loss.
I initially thought that I'd run Wireshark and compare the raw packets captured against the packets shown in our application. However, when I run Wireshark, the packets are never captured at the IP layer for that port. I see other traffic from the server, but I never see Wireshare packets for this specific port.
The application continues to capture the data just fine. When I look at the IP src/dest fields, the src looks correct, 10.12.10.42, however the destination IP address is 0.0.0.0. I would have expected something like 255.255.255.255 instead for the destination address.
I don't have access to the application that is broadcasting the data, but I did write a quick sample UDP broadcaster and receiver to make sure I my expectations were correct. the sample application worked as expected.
Any ideas on why a UDP broadcast would be received by an application, but not show up in a Wireshark capture? Does Wireshark ignore an address like 0.0.0.0 and not capture it all?
Wireshark only captures Ethernet frames that are going through an interface you are listening on. Thus, packets destined on loopback addresses are not captured. I would check your machine's routing tables to see where packets are actually going.