15

I want to write a port scanner in C# and I can't use SocketType.Raw as raw sockets were taken out from desktop versions of windows. I can't use SharpPcap either or other wrapper for Winpcap as I use PPPoE for internet connection and Winpcap doesn't support PPP devices.

I need to use a library which implements raw sockets and doesn't rely on winpcap.

Any ideas? Basically I need to send SYN, receive SYN/ACK or RST but don't send ACK back.

edit:

For people who doesn't believe RAW sockets are gone from desktop versions of Windows, see here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740548(v=vs.85).aspx

On Windows 7, Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows XP with Service Pack 3 (SP3), the ability to send traffic over raw sockets has been restricted in several ways:

  • TCP data cannot be sent over raw sockets.
  • UDP datagrams with an invalid source address cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped. This change was made to limit the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets (TCP/IP packets with a forged source IP address).
  • A call to the bind function with a raw socket for the IPPROTO_TCP protocol is not allowed.
    Note The bind function with a raw socket is allowed for other protocols (IPPROTO_IP, IPPROTO_UDP, or IPPROTO_SCTP, for example).
Community
  • 1
  • 1
Mack
  • 783
  • 1
  • 8
  • 13
  • 6
    Before voting here on answers please understand what a raw socket is and that its not simply using sockets in .net – Adam Tuliper Sep 23 '11 at 20:41
  • Purely academic comment: Couldn't you write your own WinSock DLLs? Having written raw sockets and having to do the TCP myself in UNIX/LINUX, I would think it should be possible. – HungryBeagle Sep 05 '17 at 13:50

3 Answers3

2

Take note on how nmap did it and that for now I believe your option would be to go to a lower level at the ethernet frame.

"Nmap only supports ethernet interfaces (including most 802.11 wireless cards and many VPN clients) for raw packet scans. Unless you use the -sT -Pn options, RAS connections (such as PPP dialups) and certain VPN clients are not supported. This support was dropped when Microsoft removed raw TCP/IP socket support in Windows XP SP2. Now Nmap must send lower-level ethernet frames instead."

So - that brings us to:

http://www.codeproject.com/KB/IP/sendrawpacket.aspx

Adam Tuliper
  • 29,982
  • 4
  • 53
  • 71
  • Thanks for the link. It is an interesting read which will keep me occupied for some time. I could use the driver the guy developed if I would have a normal ethernet connection but my internet is FTTH, I dial an PPP connection over ethernet so I don't use the NIC directly. And writing a NDIS driver for PPPoE is beyond my capabilities right now. – Mack Sep 23 '11 at 22:16
  • hmm any way you can scan against a virtual adapter that in turn routes out to the net over your ppp connection via sharing/routing/etc? I have _zero_ idea if its would work, just a thought :) – Adam Tuliper Sep 23 '11 at 22:24
  • Sure, that would be a good idea but I didn't have any success in trying to bridge the tune/tap driver or Microsoft Loopback driver with my PPPoE connection. And I want to come up with a workaround which all users of my software can use, regardless the way they connect to the internet. – Mack Sep 23 '11 at 22:28
0

Just like this:

http://www.winsocketdotnetworkprogramming.com/clientserversocketnetworkcommunication8h.html

Also, at what point was it removed from Windows? I did a chat client for a friend last week; as well, http://msdn.microsoft.com/en-us/library/system.net.sockets.sockettype.aspx , still lists it as being active.

Dave Holitish
  • 188
  • 5
  • 2
    Raw sockets are different than TCP sockets. See http://msdn.microsoft.com/en-us/library/system.net.sockets.sockettype.aspx – Jacob Sep 23 '11 at 18:33
  • No, I just mixed what I did with just following the example, nothing needs to be changed from the link given because it still works. [edit] Literally, I just now copied and pasted the code, compiled it, and ran the executable with no problems on Windows 7 – Dave Holitish Sep 23 '11 at 18:37
  • see here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740548(v=vs.85).aspx – Mack Sep 23 '11 at 18:45
  • Now I understand what's going on here. If your using C# in Windows XP 2... I have to wonder why. Not trying to be rude or anything but from Win95 -> XP sp2 it would be a lot easier to just use Winsock API calls. Like These: http://www.codeproject.com/KB/IP/rawsocket.aspx Because .Net isn't very well supported for your OS, which you can find here: http://msdn.microsoft.com/en-us/library/8z6watww.aspx This may be an instance by which you need to switch to C++, or make API calls in C# instead of relying on the .Net framework. – Dave Holitish Sep 23 '11 at 18:55
  • @Dave - raw sockets were removed for 'security' reasons although there's been much debate over this (several entries on the net I recall reading years back). There are reasons for raw sockets for various security tools, diagnostic tools, etc. – Adam Tuliper Sep 23 '11 at 19:03
  • @Adam See my original post. See the first link? How was I able to compile that with no errors on Windows 7... if they were removed? As well, and this is just a side note, if you disassemble winsock.dll and system.dll the code is still there for you to use raw sockets via API calls. Which is very confusing considering in Windows XP SP2 there are multiple applications from other developers like this one: http://www.networkactiv.com/PIAFCTMCompatibility.html which use raw sockets on XP sp2. These are very contradicting things. – Dave Holitish Sep 23 '11 at 19:15
  • @Dave, please see the link on MSDN I've posted and slowly scroll until you can see that raw sockets were removed from Windows. You can't send TCP data using raw sockets. If you don't want to believe, that's fine. And no, I am not using XP SP2 but Windows 7 Ultimate. – Mack Sep 23 '11 at 19:28
  • @Mack when you say `You can't send TCP data using raw sockets` you mean to say `You can't send TCP data using raw sockets without using some sort of external library like WinpCap`, correct? – Icarus Sep 23 '11 at 19:34
  • @Mack In the very link that you keep on posting TCP is disabled for raw sockets, which is why in the original link I posted raw sockets are performed use the UDP connection. – Dave Holitish Sep 23 '11 at 19:40
  • @Icarus I can't use a Winpcap wrapper like SharpPcap or Pcap.Net because Winpcap doesn't support PPP devices and I'm using a PPPoE connection. I need another tool/library. – Mack Sep 23 '11 at 19:42
  • @Dave UDP and TCP aren't the same thing. They are different protocol and serve different purposes. I can't use UDP to perform an TCP SYN scan to see what TCP ports are open. And besides that, raw sockets for UDP are crippled, too. – Mack Sep 23 '11 at 19:44
  • @Mack Then as I suggested stop using .Net and use C++. You know what... here's an exercise... on your system search for "ws2_32.dll" or "winsock2.dll"... you'll more than likely find the first one. Then travel to http://msdn.microsoft.com/en-us/library/ms740506%28v=VS.85%29.aspx or http://msdn.microsoft.com/en-us/library/ms737550%28v=VS.85%29.aspx and skip over everything and scroll to the bottom where the build dates are both this month, this year. .Net is crippled, yes, you would be correct. However windows isn't. – Dave Holitish Sep 23 '11 at 20:00
  • 5
    @Dave no, .Net isn't crippled but winsock is. That affects C++ also. And if I post a question about Java, you will suggest me using Python? – Mack Sep 23 '11 at 20:33
  • 1
    See "Limitations on Raw Sockets" in the third comment in this post. It is cripped on windows, nothing at all to do with .net Part of the idea from my understanding was to help prevent BOT armies on unsuspecting machines forging ip addresses such that could be used for a DoS Flood Attacks, etc. – Adam Tuliper Sep 23 '11 at 20:39
  • @Mack Now that you know the C++ based libraries that applications such Windows Firewall, which uses raw tcp sockets, either find/acquire/recompile your own ws2_32.lib. Link it to your application. C++ makes what your wanting incredibly easy. You can also do the same in C#, and it will be much more difficult. Doable, but much more difficult. – Dave Holitish Sep 23 '11 at 20:43
  • 1
    Heya @DaveHolitish - you are recommending one creates their own winsock lib as a workaround? This seems a bit complex considering the testing effort and requirement to integrate with the lower level system interface, layered service provider support, etc? Seems quite a challenge unless I'm missing what could be a simple step here? Just looking for the theory on this solution to understand it a bit more. Years back in writing ws hooking functions and stubs it was quite a testing effort then, now theres even more complexity in the layer. – Adam Tuliper Sep 24 '11 at 02:19
-9

Try running Visual Studio as Adminitrator

Right click ---> run as administrator

Then execute programs with raW sockets..

Deepthy
  • 9
  • 2
    Raw sockets does not work on non server versions of Windows. Please re-read the quoted paragraph from the MSDN in the original question. – Scott Chamberlain Jan 21 '14 at 07:10