From owner-freebsd-net@freebsd.org  Wed Mar 21 20:03:50 2018
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 34CD6F625D0
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Wed, 21 Mar 2018 20:03:50 +0000 (UTC)
 (envelope-from rfg@tristatelogic.com)
Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com
 [69.62.255.118])
 by mx1.freebsd.org (Postfix) with ESMTP id C1B1984CAE
 for <freebsd-net@freebsd.org>; Wed, 21 Mar 2018 20:03:49 +0000 (UTC)
 (envelope-from rfg@tristatelogic.com)
Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1])
 by segfault.tristatelogic.com (Postfix) with ESMTP id 784DA3AEF2
 for <freebsd-net@freebsd.org>; Wed, 21 Mar 2018 13:03:48 -0700 (PDT)
From: "Ronald F. Guilmette" <rfg@tristatelogic.com>
To: FreeBSD Net <freebsd-net@freebsd.org>
Subject: Re: Raw Sockets: Two Questions
In-Reply-To: <5AB2AD9F.6040600@grosbein.net>
Date: Wed, 21 Mar 2018 13:03:48 -0700
Message-ID: <4584.1521662628@segfault.tristatelogic.com>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2018 20:03:50 -0000


In message <5AB2AD9F.6040600@grosbein.net>, 
Eugene Grosbein <eugen@grosbein.net> wrote:

>Why should you concentrate on RAW sockets?

Well, for reasons that are completely legitimate, and that I'll
explain in detail, if anyone is seriously interested, I'd like
to check each IPv4 address within a set of about 90 or so
modest sized CIDRs and find out which ones of those have a
certain TCP port accepting connections.

It would be (and is) trivial, of course, to just simply write a
little program to perform an ordinary TCP connect, complete
with all three parts of the TCP handshake, and then have the
program do that, individually, for each IP in the specified
CIDRs, but my opinion/impression is that this could be quite
slow.

Obviously, it would be rather faster to just send out the SYNs,
full throttle, one per IP, and then see what SYN-ACKs come back.

And actually, now that I've just reviewed the online man page
for zmap, I see that (contrary to my earlier belief/suspicion)
this has enough control options to me useful to me, so I'll
probably just use that instead of rolling my own.

(I first learned about zmap some long time ago, but only just
today decided to actually take it out for a test drive.)

Still, there may be some other reasons for me to educate myself
about proper programming techniques utilizing raw sockets, but
I'll talk about that in a separate post to follow this one.