Listen for ICMP packets in C#

前端 未结 7 853
礼貌的吻别
礼貌的吻别 2020-12-03 00:30

I have a SIP application that needs to send UDP packets to set up the SIP calls. SIP has a timeout mechanism to cope with delivery failures. An additional thing I would like

相关标签:
7条回答
  • 2020-12-03 00:43

    Nearly 3 years later and I stumbled across http://www.codeproject.com/Articles/17031/A-Network-Sniffer-in-C which gave me enough of a hint to help me find a solution to receiving ICMP packets on Windows 7 (don't know about Vista, which the original question was about but I suspect this solution would work).

    The two key points are that the socket has to be bound to a single specific IP address rather than IPAddress.Any and the IOControl call which sets the SIO_RCVALL flag.

    Socket icmpListener = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.Icmp);
    icmpListener.Bind(new IPEndPoint(IPAddress.Parse("10.1.1.2"), 0));
    icmpListener.IOControl(IOControlCode.ReceiveAll, new byte[] { 1, 0, 0, 0 }, new byte[] { 1, 0, 0, 0 });
    
    byte[] buffer = new byte[4096];
    EndPoint remoteEndPoint = new IPEndPoint(IPAddress.Any, 0);
    int bytesRead = icmpListener.ReceiveFrom(buffer, ref remoteEndPoint);
    Console.WriteLine("ICMPListener received " + bytesRead + " from " + remoteEndPoint);
    Console.ReadLine();
    

    I also had to set a firewall rule to allow ICMP Port Unreachable packets to be received.

    netsh advfirewall firewall add rule name="All ICMP v4" dir=in action=allow protocol=icmpv4:any,any
    
    0 讨论(0)
  • 2020-12-03 00:43

    Just use connected udp sockets and the OS will match the icmp unreachable and return an error in the udp socket.

    Google for connected udp sockets.

    0 讨论(0)
  • 2020-12-03 00:44

    So you want to pick up the dest unreachable return icmp packet programmatically? A tough one. I'd say the network stack soaks that up before you can get anywhere near it.

    I don't think a pure C# approach will work here. You'll need to use a driver level intercept to get a hook in. Take a look at this app that uses windows' ipfiltdrv.sys to trap packets (icmp,tcp,udp etc) and read/play with them with managed code (c#).

    http://www.codeproject.com/KB/IP/firewall_sniffer.aspx?display=Print

    • Oisin
    0 讨论(0)
  • 2020-12-03 00:45

    There are a number of posts on the web mentioning the problem of ICMP Port Unreachable packets no longer being accessible on Vista.

    • http://www.eggheadcafe.com/software/aspnet/31961998/icmp-port-unreachable-and.aspx
    • http://social.msdn.microsoft.com/Forums/en-US/Offtopic/thread/5bd8b275-cc6f-43cd-949d-7c411973b2f3/

    The stack should give you back an exception when it receives the ICMP. But it doesn't, at least on Vista. And hence you are trying a workaround.

    I don't like answers that say it's not possible, but it seems that way. So I suggest you go back a step to the original problem, which was long timeouts in SIP.

    • You could let the user configure the timeout (hence sort of complying with the spec).
    • You can start doing other things (like checking other proxies) before the timeout ends.
    • You could cache known bad destinations (but that would need good management of the cache.
    • If icmp, and udp don't give proper error messages, try tcp or another protocol. Just to elicit the desired information.

    (Anything is possible, it just may take a lot of resources.)

    0 讨论(0)
  • 2020-12-03 00:50

    Icmp is using an identifier which seems to be different for every icmp "session" (for every icmp socket). So the reply to an icmp packet not sent by the same socket is helpfully filtered out for you. This is why that piece of code won't work. (I'm not sure about this. It's just an assumption after looking at some ICMP traffic.)

    You could simply ping the host and see whether you can reach it or not and then try your SIP thing. However that won't work if the other host is filtering out icmp.

    An ugly (but working) solution is using winpcap. (Having this as the only working solutions just seems to be too bad to be true.)

    What I mean by using winpcap is the you could capture ICMP traffic and then see if the captured packet is about your UDP packet being undeliverable or not.

    Here is an example for capturing tcp packets: http://www.tamirgal.com/home/SourceView.aspx?Item=SharpPcap&File=Example6.DumpTCP.cs (It shouldn't be too hard to do the same with ICMP.)

    0 讨论(0)
  • 2020-12-03 00:57

    I am writing this as a separate answer, since the details are completely different from the one I wrote earlier.

    So based on the comment from Kalmi about the session ID, it got me to thinking about why I can open up two ping programs on the same machine, and the responses don't cross over. They are both ICMP, therefore both using port-less raw sockets. That means something in the IP stack, has to know what socket those responses were intended for. For ping it turns out there is an ID used in the data of the ICMP package as part of ECHO REQUEST and ECHO REPLY.

    Then I ran across this comment on wikipedia about ICMP:

    Although ICMP messages are contained within standard IP datagrams, ICMP messages are usually processed as a special case, distinguished from normal IP processing, rather than processed as a normal sub-protocol of IP. In many cases, it is necessary to inspect the contents of the ICMP message and deliver the appropriate error message to the application that generated the original IP packet, the one that prompted the sending of the ICMP message.

    Which was elaborated on (indirectly) here:

    The internet header plus the first 64 bits of the original datagram's data. This data is used by the host to match the message to the appropriate process. If a higher level protocol uses port numbers, they are assumed to be in the first 64 data bits of the original datagram's data.

    Since you are using UDP, which uses ports, it is possible the network stack is routing the ICMP message back to the original socket. This is why your new, and separate, socket is never receiving those messages. I imagine UDP eats the ICMP message.

    If I am correct, one solution to this is to open a raw socket and manually create your UDP packets, listen for the anything coming back, and handle UDP and ICMP messages as appropriate. I am not sure what that would look like in code, but I don't imagine it would be too difficult, and may be considered more "elegant" than the winpcap solution.

    Additionally this link, http://www.networksorcery.com/enp/default1003.htm, appears to be a great resource for low level network protocols.

    I hope this helps.

    0 讨论(0)
提交回复
热议问题