Raw Socket vs Sockets (TCP/UDP):


Raw Socket vs Full Transport-Oriented Socket (TCP/UDP): A Practical Comparison
When developing network applications in Linux, understanding the fundamental differences between raw sockets and full transport-oriented sockets is crucial for systems programmers and network engineers. Each type serves distinct purposes and offers different levels of control over network communications.
What is a Full Transport-Oriented Socket?
Full transport-oriented sockets represent the standard choice for most application developers. These sockets leverage established protocols like TCP or UDP, which handle the underlying networking complexities automatically.
TCP Sockets (
SOCK_STREAM
): - Provide connection-oriented communicationEnsure reliable data delivery
Maintain ordered packet transmission
Handle congestion control and flow management
UDP Sockets (
SOCK_DGRAM
): - Enable connectionless communicationOffer best-effort delivery
Prioritize speed over reliability
Suit applications requiring low latency
All application level protocols like HTTP, FTP,DNS,.. and many more use these sockets under the hood.
Example: HTTP Request in Go
// When using http.Get(IP), the net/http package performs these operations:
1. Calls net.Dial()
2. Creates TCP socket using socket() system call with SOCK_STREAM
3. Establishes connection with connect()
4. Manages reliable data transmission
Example: System Call Trace for the ftp command in Linux
$ strace -e socket ftp 192.168.1.254
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
What is a Raw Socket?
Raw sockets provide direct access to lower-level network protocols, offering developers fine-grained control over packet creation and transmission. Unlike transport-oriented sockets, raw sockets aren't limited to TCP or UDP protocols.
Capabilities: - Craft and send packets with custom headers
Implement non-standard protocols
Inspect and modify packets at low levels
Access protocol layers directly
Example: The ping Command
// The ping utility implements ICMP echo requests using raw sockets:
1. Creates raw socket with socket(PF_INET, SOCK_RAW, IPPROTO_ICMP)
2. Manually crafts ICMP packets
3. Sends packets using sendto()
System Call Trace
$ strace -e socket ping 192.168.1.254
socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = 3
Key Differences
Feature | Full Transport-Oriented Socket (TCP/UDP) | Raw Socket |
Protocol Handling | Managed by OS (TCP/UDP stack) | User must handle protocol details |
Primary Use Cases | Web servers, APIs, most applications | Network tools, protocol development |
System Calls | socket() , connect() , send() , recv() | socket() , sendto() , recvfrom() |
Common Examples | http.Get() , curl , netcat | ping , packet sniffers, custom tools |
Permissions | No special privileges needed | Requires root privileges or CAP_NET_RAW capability |
Summary
Full transport-oriented sockets (TCP/UDP) serve as the high-level interface for most applications, handling networking complexities automatically
Raw sockets provide low-level access for specialized cases, such as protocol development and network diagnostics
Choose based on application requirements: - Use TCP/UDP for standard network applications
- Use raw sockets for specialized networking tools or protocol implementation
Further Reading
Linux Sockets Tutorial: https://man7.org/linux/man-pages/man7/socket.7.html
A Guide to Using Raw Sockets: https://www.opensourceforu.com/2015/03/a-guide-to-using-raw-sockets/
ping command working with Raw Sockets: https://unixetc.co.uk/2016/05/30/linux-capabilities-and-ping/
Subscribe to my newsletter
Read articles from Cheithanya Pr directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
