8

I'm trying to send an IP packet using c#.

    destAddress = IPAddress.Parse("192.168.0.198"),
    destPort = 80;

    // Create a raw socket to send this packet
    rawSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);

    // Bind the socket to the interface specified
    IPEndPoint iep = new IPEndPoint(IPAddress.Parse("192.168.0.140"),0);
    rawSocket.Bind(iep);

    // Set the HeaderIncluded option since we include the IP header
    rawSocket.SetSocketOption( socketLevel, SocketOptionName.HeaderIncluded, 1 );

    // Send the packet!
    int rc = rawSocket.SendTo(builtPacket, new IPEndPoint(destAddress, destPort));
    Console.WriteLine("sent {0} bytes to {1}", rc, destAddress.ToString());

The content of builtPacket is shown below. It's an IP packet containing a TCP SYN packet (That's what I think I created anyway).

45 00 00 28 00 00 00 00 02 06 36 6E C0 A8 00 8C

C0 A8 00 C6 14 1E 00 50 00 00 00 00 00 00 00 00

05 02 FF FF E6 4F 00 00

The output is:

sent 40 bytes to 192.168.0.198

The problem is I don't see anything in the Wireshark trace. It's like the data is not getting far enough down the stack for Wireshark to see it? If I use a browser to connect to 192.168.0.198, Wireshark shows all the packets, but shows nothing when I try to send a packet using the above code and data.

My config:

  • I am running as admin so it's not a permissions problem.

  • Windows7 ( Not running in a VM)

  • Wireless connection only (IP config reports its IP as 192.168.0.140)

What am I doing wrong?

I'm sure Occam's Razor applies here, but I've been looking at this for hours and can't figure out what's wrong.

anton.burger
  • 5,637
  • 32
  • 48
TonyM
  • 708
  • 1
  • 8
  • 15
  • 1
    Do you have any filters set in wireshark? – default May 11 '12 at 10:19
  • 1
    Does the receiver get package? – Johnny_D May 11 '12 at 10:19
  • I have tried with a filter of "host 192.168.0.198" and no filter, but get nothing from my app with either. – TonyM May 11 '12 at 10:24
  • I haven't checked if the receiver is getting anything, but it's probably not if Wireshark doesn't see it. – TonyM May 11 '12 at 10:26
  • IP vs. HTTP, in Wireshark, did you look at the IP/TCP representation of the HTTP request or just the HTTP request? – Julius F May 11 '12 at 10:38
  • [Enabling System.Net tracing](http://msdn.microsoft.com/en-us/library/ty48b824.aspx) might help to determine if something is going wrong in the .NET Framework's handling of the data. – anton.burger May 11 '12 at 10:39
  • @daemonfire300 If I could get a trace I would look at the IP/TCP as all I'm sending is a TCP SYN packet no HTTP at this stage. – TonyM May 11 '12 at 10:46
  • @TonyM my point is, that testing whether some TCP call works using a browser might not be the best way^^, can't you fake a Socket Connection with Wireshark or some other programm to rebuild your request? – Julius F May 11 '12 at 10:49
  • @daemonfire300 When I use the browser I see the TCP handshake as expected. The first packet is a TCP SYN as expected. – TonyM May 11 '12 at 10:53
  • I think you see nothing in wireshark because you cannot see traffic on localhost even if you don't use `127.x.x.x` or `::1`. – rekire May 11 '12 at 10:57
  • @TonyM: check whether the receiver's getting anything, because this will confirm whether the problem is your code, or Wireshark's monitoring. – Dan Puzey May 11 '12 at 11:13
  • I'm no expert but I would expect the builtPacket to start with the source address. Can you show how you build the packet? – JonC May 11 '12 at 11:22

2 Answers2

3

This question, backed up by MSDN, claims that Windows no longer (XP SP 2 through 7) allows transmission of TCP data using raw sockets.

Community
  • 1
  • 1
anton.burger
  • 5,637
  • 32
  • 48
0

My guess is that either Wireshark is not looking at the right network interface, or that the destination ip address somehow resolves to the local machine, in which case it will routed inside of the OS and be invisible to the 'Shark.

earthling42
  • 916
  • 10
  • 15
  • 1
    Wiresharks says it's looking at 192.168.0.140. If I put the destination IP address in a browser URL it connects to it and shows up on Wireshark. – TonyM May 11 '12 at 10:21