Socket is only catching outgoing packets, not incoming ones

Question

I have based a packet sniffer on this (frequently cited) sample project. After implementing the HTTP packets I have noticed that the only HTTP packets I'm picking up are requests, I'm not receiving any responses.

I have looked at many different sources but since the code used is very often the same I am inclined to think it might be local to myself.

When I look at my logs I see that every packet has my local IP as SourceIP, both for HTTP packets as well as packets that arrive at other ports.

I have provided a working sample here which you can copy-paste into LINQPad and should demonstrate the problem (add the System.Net and System.Net.Socket assemblies). Don't forget to execute LINQPad as administrator to have access to the socket.

This results in hundreds/thousands of entries in the 192.168.0 range with a total of 3 exceptions of IP addresses that refer to my hosting provider (checked using nslookup).

private readonly byte[] _data = new byte[4096];   
private Socket _mainSocket;

public void Capture()
{
    _mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
    _mainSocket.Bind(new IPEndPoint(GetLocalIP(), 0));

    var byTrue = new byte[] {1, 0, 0, 0};
    var byOut = new byte[] {1, 0, 0, 0};

    _mainSocket.IOControl(IOControlCode.ReceiveAll, byTrue, byOut); 

    _mainSocket.EnableBroadcast = true;
    _mainSocket.BeginReceive(_data, 0, _data.Length, SocketFlags.None, OnReceive, null);
}

private void OnReceive(IAsyncResult ar)
{
    SocketError error;
    var received = _mainSocket.EndReceive(ar, out error);
    Parse(_data, received);
    _mainSocket.BeginReceive(_data, 0, _data.Length, SocketFlags.None, OnReceive, null);
}

private void Parse(byte[] data, int size)
{
     var packet = new IPHeader(data, size);
     Console.WriteLine (packet.SourceIP.ToString());
}

• Windows 8.1
• Killer e2200 Gigabit Ethernet Controller (NDIS 6.30) - Latest version of driver
  • Installed a standalone network card yesterday, it didn't change anything.

A post's description that came closest to my problem has as solution the working code that I already have.

Why am I only able to trace outbound packets?

Answer 1

Did you try looking into your OS / Standalone / Router firewall? It is often overlooked, but Firewalls have different rules for incoming and outgoing connections and that might be the cause of your issues.