I can't send my packets

[Charles Chaa]

Hello,

I am on Windows 7, and actually using Virtual Studio 2012 so I had to compile the sources.

Everything works fine except PacketSender, it just does not send anything, I've check multiple times on Wireshark and I see no trace of my packet. The default interface is wrong, so I have manually specified the good one, but I still do not see my packet, I am always running it in Admin mode so there is no problems on this side. I have tried to send differents frames : Ethernet/IP or Ethernet/IP/TCP/RAW but I see no changes.

Do you guys have a solutions to this?

Thanks a lot ^^

PS : I am really sorry for the double post, i aint used to google groups.

[Matias Fontanini]

On Windows you can't send packets containing a layer 2 (Ethernet in this case) protocol. The lowest layer can be layer 3 (IP in this case). So you might want to try just sending IP + TCP + Raw and see if that works.

[Charles Chaa]

Thanks for the reply.

Ho yes, I forgot about that. As you suggested, i've tried sending IP + TCP, but when I run it, I get a debug error : "Tins::socket_write_error".

I am using this code : 

IP ip = IP("192.168.1.1") / TCP(80, 80);

PacketSender sender;

sender.send(ip);

Where am I getting wrong?

[Matias Fontanini]

Are you running this as administrator? You need admin rights to send raw packets.

[Charles Chaa]

Yes I am always starting it in admin mode ^^

Regards.

[Matias Fontanini]

Okay, so I checked this and the issue doesn't seem to be libtins, but the fact that some versions of Windows don't allow sending raw TCP packets. See the documentation, relevant info:

Limitations on Raw Sockets

On Windows 7, Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows XP with Service Pack 3 (SP3), the ability to send traffic over raw sockets has been restricted in several ways:

* TCP data cannot be sent over raw sockets.

If you send UDP, it does work. I think this might work if you use winpcap (specifically the pcap_sendpacket function). So you could open a pcap handle, serialize the packet using PDU::serialize, and then send the packet using pcap_sendpacket. 

[Charles Chaa]

Hi ! 

Thanks a lot, what you told me to do worked quit well, but in a strange way ^^ :

When I make a IP + UDP packet and send it with libtins, i will always get this debug error. If a serialize this frame, and send it with pcap it will not work, it will just not send anything. But if I make a Ethernet + IP + UDP packet and then I serialize it and send it with pcap (I open the device with pcap_open then send it with pcap_sendpacket), it will work ! I guess that, it did not work with IP + UDP because when you send it with pcap, the kernel does not add anything (here the layer 2), but i don't really know.

When i directly send a packet with PacketSender (for any frame construction), it will not work, indeed, if i make a Ethernet + IP + UDP frame, I will get no debug error but my packet won't be sent, and if I make a IP + UDP frame I will get a debug error.

But, if I open the device first with pcap_open, as I would do if I wanted to send the packet with pcap but i don't send it, then I is just use PacketSender::send() to send the packet, everything works fine, i can see my packet ! In this case I can not send a Ethernet + IP + UDP (Maybe because windows see that i want to modify my Ethernet frame and stop it, but this is strange because when I sent Ethernet + IP + UDP with pcap I could modify the ethernet protocol (personalize MAC adress) as I wish ). But if I send a IP + UDP packet with this method (Open device with pcap then send it with PacketSender), then, my packet will be send and a layer 2 protocol (Ethernet) wil be automatically added to the packet.

I don't really know how it work, maybe pcap open my interface in a right way maybe someting else, but it work ^^ This is perfect, libtins work really well and i can craft layer 2 protocols thanks to serialization and pcap. Thanks again ^^ If you got more info on what just happend I would be glad to hear them :'D

PS : I have tried it on an other Windows 7 PC and i get the same results

[Matias Fontanini]

Oh I forgot something. You need to call WSAStartup before sending packets, that was the original problem. Raw sockets are just another type of sockets, so you still need to do what you would usually do with sockets on Windows.

Glad to know it works! Winpcap can do that because it's a driver and therefore runs on kernel space, so it can bypass the restrictions. 

[Charles Chaa]

I forgot it in my last post, but TCP crafting now works (But i have to do the same steps I did for UDP crafting ^^)

[Charles Chaa]

Le mercredi 15 avril 2015 00:51:44 UTC+2, Matias Fontanini a écrit :

Oh I forgot something. You need to call WSAStartup before sending packets, that was the original problem. Raw sockets are just another type of sockets, so you still need to do what you would usually do with sockets on Windows.

Glad to know it works! Winpcap can do that because it's a driver and therefore runs on kernel space, so it can bypass the restrictions. 

Hoooo, I never thought about a WSAStartup call, everything works perfectly fine now, ty ! 

Okay ! And so, libtins use winsock that does not bypass this restriction, okok ^^

[Matias Fontanini]

Nono, actually not. You should still be able to send only UDP packets, TCP packets will fail. I might add another PacketSender variation which uses winpcap, since it seems to be pretty useful.

[Charles Chaa]

Arrr yes you are right. Fortunately, we still got your serialization fonction and pcap_send to compfort us :'D

[Matias Fontanini]

Okay, so I've just pushed a fix for this. I made added a compilation flag that allows the PacketSender to use pcap_sendpacket to send link layer PDUs. This is only enabled by default on Windows, so now you could create a packet like Ethernet() / IP() / TCP() and send it using the PacketSender. Remember that you need to supply the appropriate network interface in which you want to send the packet (you can set one by default by using PacketSender::default_interface).

[Charles Chaa]

Great ! It is gonna be much more easier, thanks ^^