I have seen another program provide traceroute functionality within it but without needing root (superuser) privileges? I've always assumed that raw sockets need to be root, but is there some other way? (I think somebody mentioned "supertrace" or "tracepath"?) Thanks!
Asked
Active
Viewed 8,937 times
5 Answers
4
Ping the target, gradually increasing the TTL and watching where the "TTL exceeded" responses originate.
moonshadow
- 86,889
- 7
- 82
- 122
-
3That is actually what traceroute does. – Ferruccio Sep 16 '08 at 21:03
-
1How do you increase the TTL without using raw sockets in C? – brian Sep 16 '08 at 21:04
-
You don't need raw sockets to do a ping or to set the options. How precisely you do it will depend on your target platform. See http://msdn.microsoft.com/en-us/library/system.net.networkinformation.ping.aspx for .net for instance. – moonshadow Sep 19 '08 at 17:00
1
Rather than using raw sockets, some applications use a higher numbered tcp or udp port. By directing that tcp port at port 80 on a known webserver, you could traceroute to that server. The downside is that you need to know what ports are open on a destination device to tcpping it.
akraut
- 536
- 1
- 4
- 17
-
I have tried finding a single tool that did this without needing root. I was not able to. Do you have an example that does not need root where I can traceroute to, say, google.com? – Ole Tange Oct 05 '15 at 19:27
-
1
ping and traceroute use the ICMP protocol. Like UDP and TCP this is accessible through the normal sockets API. Only UDP and TCP port numbers less than 1024 are protected from use, other than by root. ICMP is freely available to all users.
If you really want to see how ping and traceroute work you can download an example C code implementation for them from CodeProject.
In short, they simple open an ICMP socket, and traceroute alters the increments the TTL using setsockopt until the target is reached.
Andrew Johnson
- 7,277
- 4
- 23
- 27
0
You don't need to use raw sockets to send and receive ICMP packets. At least not on Windows.
Ferruccio
- 98,941
- 38
- 226
- 299
-
-
99.99% wrong. You DO need raw sockets to forge&send ICMP messages, but there is an exception for ICMP echo requests messages on some Linux systems that is disabled by default that makes you not 100% wrong. – jean-loup Feb 02 '15 at 14:43
-
@jean-loup - I based my comment on a network monitoring system I worked on years ago which implemented ICMP internally to keep an eye on servers. It did not use raw sockets. This would have been almost ten years ago, so things may have changed. Also keep in mind that not all versions of Windows actually support raw sockets. I don't remember when Microsoft actually enabled them, but they did disable them in XP SP2 because of security concerns. I don't know what they did since then. – Ferruccio Feb 02 '15 at 15:03
-2
If you have a modern Linux distro you can look at the source for traceroute (or tracepath, which came about before traceroute went no setuid) and tcptraceroute. None of those require RAW sockets -- checked on Fedora 9, they aren't setuid and work with default options for the normal user.
Using the code that tcptraceroute does might be esp. useful, as ICMP packets to an address will not necessarily end up at the same place as a TCP connection to port 80, for example.
Doing an strace of traceroute (as a normal user) shows it doing something like:
int opt_on = 1;
int opt_off = 0;
fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)
setsockopt(fd, SOL_IP, IP_MTU_DISCOVER, &opt_off, sizeof int)
setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP, &opt_on, sizeof int)
setsockopt(fd, SOL_IP, IP_RECVTTL, &opt_on, sizeof int)
...and then reading the data out of the CMSG results.
James Antill
- 2,825
- 18
- 16
-
The source code of traceroute.c expects the user to be root in order to rewrite the TTL of the packet - if you look at your distro traceroute is most likely setuid root. – brian Sep 16 '08 at 21:19
-