RAW sockets

Unlike on standard Linux systems, where opening a RAW socket lets you see all network traffic, on PlanetLab, your visibility is limited to the traffic that belongs to you. The traffic that belongs to you includes the packets you transmit, the packets that are addressed to TCP and UDP ports that you have bound to, and the packets that are related to other traffic you have sent out. An example of the last case is an ICMP ECHO reply, which may be related to an ICMP ECHO request that you sent out. It is this association that allows the ``ping'' program to work in a slice.

In most cases, you do not have to do anything special to be able to be able to sniff these packets. The rule of thumb is that if you can receive a given packet using an ordinary protocol socket, then you should be able to see the packet using RAW sockets. There are however, two packet types that you can receive using RAW sockets that you cannot receive using ordinary sockets. These are:

• Out-of-state TCP packets. If a TCP packet is received, but is found by the kernel to fall out of the TCP state machine, then the kernel does not pass it on to the socket that would otherwise receive it. However, VNET+ tags such packets to belong to the appropriate slice, so that they can still be received using RAW sockets. An example of such a case is a lone TCP RST packet sent to a host. Many experiments use such packets to probe hosts. Please make sure that you have bound to the port on which the packet is received, since it is this bind operation that VNET+ will use to make the association between the packet and your slice.
• Related ICMP packets. When an ICMP error message is received in relation to your traffic, then you can read it using a RAW socket. E.g. if you send out a UDP packet to a port that does not have a listener, and a UDP-port-unreachable error message is generated, then such a message can be read using RAW sockets.