Sniffer - ICMP v1.0
-
To be able to read from the raw socket the reply, use instead of IPPROTO_RAW - IPPROTO_ICMP: socket (AF_INET, SOCK_RAW, IPPROTO_ICMP);
-
Do not "cook" IP-header - delete that code. Thus, with IPPROTO_ICMP the application is in charge only for ICMP packet, header and data, not for the IPheader.
-
"Cook" and add only ICMP, whereas kernel will add IPv4 header by itself.
-
Remove setsockopt() IP_HDRINCL since we are not "cooking" the IP-header
-
When receiving, though, we are getting the whole IP packet and must extract the
ICMP reply. -
Note, that you get a copy of all ICMP packets sent to the host and should filter
the relevant. -
Check the sent ICMP packet in Wireshark. If the checksum is not correct (zero),
you missed to remove IP-header offset in ICMP-header checksum copying or
calculations.