Using raw sockets with C#

Mack picture Mack · Sep 23, 2011 · Viewed 19k times · Source

I want to write a port scanner in C# and I can't use SocketType.Raw as raw sockets were taken out from desktop versions of windows. I can't use SharpPcap either or other wrapper for Winpcap as I use PPPoE for internet connection and Winpcap doesn't support PPP devices.

I need to use a library which implements raw sockets and doesn't rely on winpcap.

Any ideas? Basically I need to send SYN, receive SYN/ACK or RST but don't send ACK back.

edit:

For people who doesn't believe RAW sockets are gone from desktop versions of Windows, see here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740548(v=vs.85).aspx

On Windows 7, Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows XP with Service Pack 3 (SP3), the ability to send traffic over raw sockets has been restricted in several ways:

  • TCP data cannot be sent over raw sockets.
  • UDP datagrams with an invalid source address cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped. This change was made to limit the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets (TCP/IP packets with a forged source IP address).
  • A call to the bind function with a raw socket for the IPPROTO_TCP protocol is not allowed.
    Note The bind function with a raw socket is allowed for other protocols (IPPROTO_IP, IPPROTO_UDP, or IPPROTO_SCTP, for example).

Answer

Adam Tuliper - MSFT picture Adam Tuliper - MSFT · Sep 23, 2011

Take note on how nmap did it and that for now I believe your option would be to go to a lower level at the ethernet frame.

"Nmap only supports ethernet interfaces (including most 802.11 wireless cards and many VPN clients) for raw packet scans. Unless you use the -sT -Pn options, RAS connections (such as PPP dialups) and certain VPN clients are not supported. This support was dropped when Microsoft removed raw TCP/IP socket support in Windows XP SP2. Now Nmap must send lower-level ethernet frames instead."

So - that brings us to:

http://www.codeproject.com/KB/IP/sendrawpacket.aspx