[Mono-dev] Strange behaviour when using raw sockets.

Julia Cornish cornish.julia at googlemail.com
Wed Apr 11 06:16:30 EDT 2007 

Hi,

I'm writing a port scanning application that sends a SYN packet to a port on
a host, identifying the status of the port by whether it returns a SYN/ACK,
an ACK/RST or nothing at all.  In the example code below, I'm sending a SYN
to port 80 and the source port of my machine is 2126.  When I use a remote
host (such as one of Google's IP addresses in the example below), the
SYN/ACK from Google port 80 is received by my machine on port 2126, as
expected.   However, when I try to send a SYN packet to port 80 on my own
computer using any of the available IPs that identify my machine, locSocket
on port 2126 receives the packet I sent that was intended for port 80.  In
other words, I send a packet to port 80 on my machine and it shows up on
port 2126 instead.

When I use Wireshark to see what is happening in the network layer, I don't
see this discrepancy - Wireshark identifies my SYN packet going from port
2126 to port 80 and the response packet going from port 80 to port 2126.
Can anyone help explain what is happening - basically why my application
behaves as expected when I try to scan a server half way across the globe
but when I try to scan my own machine the packets aren't making their way to
my application the way they should?

I've attached code below showing what I'm doing with the remote endpoint.
 The code I've skipped deals with building a TCP SYN packet and computing
its checksum.

IPAddress remoteIP = IPAddress.Parse ("64.233.187.99");
IPEndPoint remoteEndPoint = new IPEndPoint (remoteIP, port);

System.Net.Sockets.Socket locSocket = new System.Net.Sockets.Socket
(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.Tcp);
System.Net.Sockets.Socket remSocket = new System.Net.Sockets.Socket
(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.Tcp);
locSocket.Bind (new IPEndPoint (locIP, 2126));

/*

   Code to create a packet of data (byte[] datagram) goes here

 */
byte[] receivedPacket = new byte[96];
Console.WriteLine ("Sending packet...");
remSocket.SendTo (datagram, remoteEndPoint);
Console.WriteLine ("Packet sent");
locSocket.Receive (receivedPacket);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ximian.com/pipermail/mono-devel-list/attachments/20070411/86487caf/attachment.html

More information about the Mono-devel-list mailing list