Menu
I want to write a port scanner in C# and I can't use SocketType.Raw as raw sockets were taken out from desktop versions of windows. I can't use SharpPcap either or other wrapper for Winpcap as I use PPPoE for internet connection and Winpcap doesn't support PPP devices.
I need to use a library which implements raw sockets and doesn't rely on winpcap.
Any ideas? Basically I need to send SYN, receive SYN/ACK or RST but don't send ACK back.
edit:
For people who doesn't believe RAW sockets are gone from desktop versions of Windows, see here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740548(v=vs.85).aspx
On Windows 7, Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows XP with Service Pack 3 (SP3), the ability to send traffic over raw sockets has been restricted in several ways:
- TCP data cannot be sent over raw sockets.
- UDP datagrams with an invalid source address cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped. This change was made to limit the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets (TCP/IP packets with a forged source IP address).
- A call to the
bindfunction with a raw socket for theIPPROTO_TCPprotocol is not allowed.
Note Thebindfunction with a raw socket is allowed for other protocols (IPPROTO_IP,IPPROTO_UDP, orIPPROTO_SCTP, for example).
957
To create a raw socket, you must use the socket function and set the type field to SOCK_RAW. The protocol field can be set to any value above IP layer, such as IPPROTO_ICMP and IPPROTO_IGMP. Protocols that are not allowed are IPPROTO_UDP and IPPROTO_TCP.
The raw socket interface provides direct access to lower layer protocols, such as the Internet Protocol (IP) and Internet Control Message Protocol (ICMP or ICMPv6). You can use raw sockets to test new protocol implementations.
In short raw sockets is restricted to root because if it otherwise it would break other rules for networking that are in place. A long standing rule is that you cannot bind on a port lower than 1024 without root's blessing. With raw sockets you can simulate a server on any port.
A raw socket is used to receive raw packets. This means packets received at the Ethernet layer will directly pass to the raw socket. Stating it precisely, a raw socket bypasses the normal TCP/IP processing and sends the packets to the specific user application (see Figure 1).
Take note on how nmap did it and that for now I believe your option would be to go to a lower level at the ethernet frame.
"Nmap only supports ethernet interfaces (including most 802.11 wireless cards and many VPN clients) for raw packet scans. Unless you use the -sT -Pn options, RAS connections (such as PPP dialups) and certain VPN clients are not supported. This support was dropped when Microsoft removed raw TCP/IP socket support in Windows XP SP2. Now Nmap must send lower-level ethernet frames instead."
So - that brings us to:
http://www.codeproject.com/KB/IP/sendrawpacket.aspx
140
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
