I learned the hard way that modern Windows machines do not permit sending TCP data over raw sockets after trying to perform the TCP handshake myself in Python. And yet Scapy, a Python library, is able to do it seemingly just fine. Other libraries, like Npcap and WinPcap, also seem to be able to send raw TCP data just fine on Windows. How is this possible? What are these libraries doing under the hood that enables them to bypass this limitation?
Asked
Active
Viewed 185 times
1 Answers
2
WinPcap (the windows implementation of libpcap) authors say in their website:
WinPcap consists of a driver that extends the operating system to provide low-level network access and a library that is used to easily access low-level network layers.
So the answer to your question would be: in windows, the implementation of libpcap (which is what Scapy uses according to their site) uses a driver to get access to the low-level networking stuff
Pablo Recalde
- 3,334
- 1
- 22
- 47
-
1Thanks for the answer! You mentioned before that these drivers are "virtual"; what exactly does that mean? Is it just the software emulation of a physical device? – noG23 Sep 17 '22 at 18:57
-
2"Virtual" meaning "the driver isn't for a physical device"; it's not even for an emulation of a physical device. It's a purely software-defined device that can read from a buffer filled up by the driver code that taps into the networking stack. – user16139739 Sep 18 '22 at 23:09
-
1
-
2As for sending packets, the driver can also be written to; the packet written to the software-defined device is injected into the networking stack by other driver code. – user16139739 Sep 18 '22 at 23:20
-
-