4

How can you perform a TCP traceroute in C#? Is it even possible?

Joshua
  • 40,822
  • 8
  • 72
  • 132
webly
  • 327
  • 2
  • 7
  • 18
  • What's a "TCP traceroute": which TCP socket would you hope to connect to on each host along the route? Traceroute is implemented using ICMP, not TCP. – ChrisW Aug 21 '09 at 19:36
  • I'm guessing that they're looking to create a tool like hping? – 48klocs Aug 21 '09 at 19:46
  • http://en.wikipedia.org/wiki/Tcptraceroute http://michael.toren.net/code/tcptraceroute/ http://tracetcp.sourceforge.net/ not trying to do hping, just a traceroute that relies on HTTP, wanted to see if is possible in C# without having to use some sort of packet sniffer/driver like pcap. – webly Aug 22 '09 at 03:13
  • http://stackoverflow.com/questions/142614/traceroute-and-ping-in-c – Breakthrough Aug 21 '09 at 19:14
  • they seem to all be using ICMP. I need one using TCP packets. – webly Aug 21 '09 at 19:19

2 Answers2

2

You will need raw ethernet frames to generate TCP packets by hand as Windows won't let you send TCP packets over raw sockets.

See how nmap gets raw ethernet frames. Repeat it.

Joshua
  • 40,822
  • 8
  • 72
  • 132
  • can i use this? http://www.codeproject.com/KB/IP/CSNetworkSniffer.aspx he seems to have implemented a network sniffer using C# – webly Aug 21 '09 at 19:24
  • No sorry. You can read all you want that way but your outbound TCP packets never reach the wire. – Joshua Aug 21 '09 at 21:27
  • I was reading a little bit on this and it seems like it was a windows XP SP2 fix that caused the raw packet limitation - what if my application is targeting windows server 2008? is this limit there too? – webly Aug 21 '09 at 22:04
  • Sorry, but it's been there in every Windows version since. – Joshua Aug 21 '09 at 23:15
  • see the answer below, you cant still do tcp frames over raw packet on windows server 2008 – webly Aug 22 '09 at 03:14
  • Huh. They didn't put it into the server versions. – Joshua Aug 22 '09 at 15:12
1

From MSFT: http://msdn.microsoft.com/en-us/library/ms740548(VS.85).aspx

On Windows 7, Windows Server 2008 R2, Windows Vista, and Windows XP with Service Pack 2 (SP2), the ability to send traffic over raw sockets has been restricted in several ways:

  • TCP data cannot be sent over raw sockets.
  • UDP datagrams with an invalid source address cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped. This change was made to limit the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets (TCP/IP packets with a forged source IP address).
  • A call to the bind function with a raw socket is not allowed.

These above restrictions do not apply to Windows Server 2008 , Windows Server 2003, or to versions of the operating system earlier than Windows XP with SP2.

webly
  • 327
  • 2
  • 7
  • 18