Raw Socket vs Sockets (TCP/UDP):

Cheithanya PrCheithanya Pr
3 min read

Raw Socket vs Full Transport-Oriented Socket (TCP/UDP): A Practical Comparison

When developing network applications in Linux, understanding the fundamental differences between raw sockets and full transport-oriented sockets is crucial for systems programmers and network engineers. Each type serves distinct purposes and offers different levels of control over network communications.

What is a Full Transport-Oriented Socket?

Full transport-oriented sockets represent the standard choice for most application developers. These sockets leverage established protocols like TCP or UDP, which handle the underlying networking complexities automatically.

  • TCP Sockets (SOCK_STREAM): - Provide connection-oriented communication

    • Ensure reliable data delivery

    • Maintain ordered packet transmission

    • Handle congestion control and flow management

  • UDP Sockets (SOCK_DGRAM): - Enable connectionless communication

    • Offer best-effort delivery

    • Prioritize speed over reliability

    • Suit applications requiring low latency

All application level protocols like HTTP, FTP,DNS,.. and many more use these sockets under the hood.

Example: HTTP Request in Go

// When using http.Get(IP), the net/http package performs these operations:
1. Calls net.Dial()
2. Creates TCP socket using socket() system call with SOCK_STREAM
3. Establishes connection with connect()
4. Manages reliable data transmission

Example: System Call Trace for the ftp command in Linux

$ strace -e socket ftp 192.168.1.254
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3

What is a Raw Socket?

Raw sockets provide direct access to lower-level network protocols, offering developers fine-grained control over packet creation and transmission. Unlike transport-oriented sockets, raw sockets aren't limited to TCP or UDP protocols.

  • Capabilities: - Craft and send packets with custom headers

    • Implement non-standard protocols

    • Inspect and modify packets at low levels

    • Access protocol layers directly

Example: The ping Command

// The ping utility implements ICMP echo requests using raw sockets:
1. Creates raw socket with socket(PF_INET, SOCK_RAW, IPPROTO_ICMP)
2. Manually crafts ICMP packets
3. Sends packets using sendto()

System Call Trace

$ strace -e socket ping 192.168.1.254
socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = 3

Key Differences

FeatureFull Transport-Oriented Socket (TCP/UDP)Raw Socket
Protocol HandlingManaged by OS (TCP/UDP stack)User must handle protocol details
Primary Use CasesWeb servers, APIs, most applicationsNetwork tools, protocol development
System Callssocket(), connect(), send(), recv()socket(), sendto(), recvfrom()
Common Exampleshttp.Get(), curl, netcatping, packet sniffers, custom tools
PermissionsNo special privileges neededRequires root privileges or CAP_NET_RAW capability

Summary

  • Full transport-oriented sockets (TCP/UDP) serve as the high-level interface for most applications, handling networking complexities automatically

  • Raw sockets provide low-level access for specialized cases, such as protocol development and network diagnostics

  • Choose based on application requirements: - Use TCP/UDP for standard network applications

    • Use raw sockets for specialized networking tools or protocol implementation

Further Reading

  1. Linux Sockets Tutorial: https://man7.org/linux/man-pages/man7/socket.7.html

  2. A Guide to Using Raw Sockets: https://www.opensourceforu.com/2015/03/a-guide-to-using-raw-sockets/

  3. ping command working with Raw Sockets: https://unixetc.co.uk/2016/05/30/linux-capabilities-and-ping/

0
Subscribe to my newsletter

Read articles from Cheithanya Pr directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Cheithanya Pr
Cheithanya Pr