I have an interesting situation. I have written an application that uses raw sockets to send UDP packets to, in this case, query a game server. Everything works fine so far, I send an udp packet, and I receive a response.

Now, since I'm using raw sockets and I'm filling my own IP/UDP headers, I thought I'd change the "source ip", just to see what happens. And this is where it gets interesting. Using a packet analyser, I found out the program sends one packet, on my real ip, and I receive _TWO_ packets from the game server, one with destination the fake ip, and the other my real.

Why does this happen? You'd think I wouldn't be able to receive a reponse, since I changed the source ip, so it'd send my packet out to float around in cyberspace, or send it to someone that doesn't need it.

Any thoughts?

Just for clarification. Do you use IP_HDRINCL options using setsockopt() to manipulate the headers yourself?

yep, I sure am.

I don't know much about the UDP inner-workings. But a packet having spoofed ip address cannot be traced back. My best guess about what has happened to you is that you might not have changed the source ip of the pseudo header. Please let me know if I am right.

:thumb: