Clever Geek Handbook

TCP Traceroute in C #

How can you do TCP tracing in C #? Is it possible?

+2


source to share


3 answers


You will need raw ethernet frames to generate TCP packets manually, as Windows won't let you send TCP packets over raw sockets.



See how nmap gets raw network frames. Repeat it.

+2


source


It is not true that you need to handle packets if you want to do traceroute in C #. Traceroute consists of many messages with TTLs from 1 to n, and this can be archived with the Ping.Net framework class.

Here's my old code, it's not pretty, but it should work:



    /// <summary>
    /// Performs a pathping
    /// </summary>
    /// <param name="ipaTarget">The target</param>
    /// <param name="iHopcount">The maximum hopcount</param>
    /// <param name="iTimeout">The timeout for each ping</param>
    /// <returns>An array of PingReplys for the whole path</returns>
    public PingReply[] PerformPathping(IPAddress ipaTarget, int iHopcount, int iTimeout)
    {
        System.Collections.ArrayList arlPingReply = new System.Collections.ArrayList();
        Ping myPing = new Ping();
        PingReply prResult;
        for (int iC1 = 1; iC1 < iHopcount; iC1++)
        {
            prResult = myPing.Send(ipaTarget, iTimeout, new byte[10], new PingOptions(iC1, false));
            if (prResult.Status == IPStatus.Success)
            {
                iC1 = iHopcount;
            }
            arlPingReply.Add(prResult);
        }
        PingReply[] prReturnValue = new PingReply[arlPingReply.Count];
        for (int iC1 = 0; iC1 < arlPingReply.Count; iC1++)
        {
            prReturnValue[iC1] = (PingReply)arlPingReply[iC1];
        }
        return prReturnValue;
    }
+2


source


From MSFT: http://msdn.microsoft.com/en-us/library/ms740548(VS.85).aspx

In Windows 7, Windows Server 2008 R2, Windows Vista, and Windows XP Service Pack 2 (SP2), the ability to send traffic over raw sockets has been limited in several ways:

  • TCP data cannot be sent over raw sockets.
  • UDP datagrams with an invalid source address cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on the network interface or the datagram is disabled. This change was to limit the ability of malicious code to create distributed attacks and to limit denial of service to the ability to send spoofed packets (TCP / IP packets with a spoofed source IP address).
  • Calling the bind function on a raw socket is not allowed.

These restrictions do not apply to Windows Server 2008, Windows Server 2003, or operating system versions earlier than Windows XP with Service Pack 2 (SP2).

0


source






More articles:


All Articles