tags:

views:

3174

answers:

5
+2  Q: 

Listen for ICMP packets in C#

+2  A: 

Icmp is using an identifier which seems to be different for every icmp "session" (for every icmp socket). So the reply to an icmp packet not sent by the same socket is helpfully filtered out for you. This is why that piece of code won't work. (I'm not sure about this. It's just an assumption after looking at some ICMP traffic.)

You could simply ping the host and see whether you can reach it or not and then try your SIP thing. However that won't work if the other host is filtering out icmp.

An ugly (but working) solution is using winpcap. (Having this as the only working solutions just seems to be too bad to be true.)

What I mean by using winpcap is the you could capture ICMP traffic and then see if the captured packet is about your UDP packet being undeliverable or not.

Here is an example for capturing tcp packets: http://www.tamirgal.com/home/SourceView.aspx?Item=SharpPcap&File=Example6.DumpTCP.cs (It shouldn't be too hard to do the same with ICMP.)

Kalmi  2009-03-15 07:20:55
I agree. If nothing else is available that's a good solution. I just can't help thinking there is another way. Really the UDP Send should be throwing an exception when the ICMP message is received.
sipwiz  2009-03-15 08:55:03
UDP is stateless, so I don't think it should.
Kalmi  2009-03-15 13:55:16
Upvoting to make sure the right person gets the bounty, not that this post diserves it.
Joshua  2009-03-20 04:40:12
+1  A: 

I am writing this as a separate answer, since the details are completely different from the one I wrote earlier.

So based on the comment from Kalmi about the session ID, it got me to thinking about why I can open up two ping programs on the same machine, and the responses don't cross over. They are both ICMP, therefore both using port-less raw sockets. That means something in the IP stack, has to know what socket those responses were intended for. For ping it turns out there is an ID used in the data of the ICMP package as part of ECHO REQUEST and ECHO REPLY.

Then I ran across this comment on wikipedia about ICMP:

Although ICMP messages are contained within standard IP datagrams, ICMP messages are usually processed as a special case, distinguished from normal IP processing, rather than processed as a normal sub-protocol of IP. In many cases, it is necessary to inspect the contents of the ICMP message and deliver the appropriate error message to the application that generated the original IP packet, the one that prompted the sending of the ICMP message.

Which was elaborated on (indirectly) here:

The internet header plus the first 64 bits of the original datagram's data. This data is used by the host to match the message to the appropriate process. If a higher level protocol uses port numbers, they are assumed to be in the first 64 data bits of the original datagram's data.

Since you are using UDP, which uses ports, it is possible the network stack is routing the ICMP message back to the original socket. This is why your new, and separate, socket is never receiving those messages. I imagine UDP eats the ICMP message.

If I am correct, one solution to this is to open a raw socket and manually create your UDP packets, listen for the anything coming back, and handle UDP and ICMP messages as appropriate. I am not sure what that would look like in code, but I don't imagine it would be too difficult, and may be considered more "elegant" than the winpcap solution.

Additionally this link, http://www.networksorcery.com/enp/default1003.htm, appears to be a great resource for low level network protocols.

I hope this helps.

grieve  2009-03-18 16:53:45
Your point about ICMP session id's makes perfect sense to me. That's actually the crux of the problem, why aren't the ICMP messages indicating the non-deliverable UDP packets delivered to my appliation? For some reason Windows doesn't seem to match them to the app becuase they were for a UDP packet.
sipwiz  2009-03-18 22:31:54
I did think about trying to multi-plex UDP and ICMP over the same raw socket but you'd probably need to do all the UDP processing but apart from that when you create a raw socket with Windows you have to select whether it's IP or ICMP, you can't have both.
sipwiz  2009-03-18 22:33:55
Yes I think you would have to make it a raw IP socket, and handle all the ICMP messages. This may be more complex than it is worth, but from what I was able to read about IP and ICMP it may be the only non-winpcap style answer.
grieve  2009-03-19 01:58:52
To clarify: I think your application is getting the ICMP message, but the UDP stack is suppressing it. OF course this is guesswork, since I didn't see how you created and used the socket for the original UDP message.
grieve  2009-03-19 15:59:14
+1  A: 

So you want to pick up the dest unreachable return icmp packet programmatically? A tough one. I'd say the network stack soaks that up before you can get anywhere near it.

I don't think a pure C# approach will work here. You'll need to use a driver level intercept to get a hook in. Take a look at this app that uses windows' ipfiltdrv.sys to trap packets (icmp,tcp,udp etc) and read/play with them with managed code (c#).

http://www.codeproject.com/KB/IP/firewall_sniffer.aspx?display=Print

  • Oisin
x0n  2009-03-18 17:14:19
+2  A: 

UPDATE: I think I'm going crazy.... That piece of code that you posted is also working for me...

The following piece of code works fine for me(xp sp3):

using System;
using System.Net;
using System.Net.Sockets;

namespace icmp_capture
{
    class Program
    {
        static void Main(string[] args)
        {            
            IPEndPoint ipMyEndPoint = new IPEndPoint(IPAddress.Any, 0);
            EndPoint myEndPoint = (ipMyEndPoint);
            Socket socket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.Icmp);            
            socket.Bind(myEndPoint);
            while (true)
            {

                /*                
                //SEND SOME BS (you will get a nice infinite loop if you uncomment this)
                var udpClient = new UdpClient("192.168.2.199", 666);   //**host must exist if it's in the same subnet (if not routed)**              
                Byte[] messagebyte = Encoding.Default.GetBytes("hi".ToCharArray());                
                int s = udpClient.Send(messagebyte, messagebyte.Length);
                */

                Byte[] ReceiveBuffer = new Byte[256];
                var nBytes = socket.ReceiveFrom(ReceiveBuffer, 256, 0, ref myEndPoint);
                if (ReceiveBuffer[20] == 3)// ICMP type = Delivery failed
                {
                    Console.WriteLine("Delivery failed");
                    Console.WriteLine("Returned by: " + myEndPoint.ToString());
                    Console.WriteLine("Destination: " + ReceiveBuffer[44] + "." + ReceiveBuffer[45] + "." + ReceiveBuffer[46] + "." + ReceiveBuffer[47]);
                    Console.WriteLine("---------------");
                }
                else {
                    Console.WriteLine("Some (not delivery failed) ICMP packet ignored");
                }
            }

        }
    }
}
Kalmi  2009-03-20 02:00:57
When you say works do you mean you are receiving ICMP packets if you send a ping or something? I'm pretty sure that's what I was using when I was doing UDP sends to unreachbale ports and wasn't able to receive the ICMP. I'll have to check again.
sipwiz  2009-03-20 02:23:25
I only tested with unreachable hosts and tcp... I will try ports
Kalmi  2009-03-20 02:42:59
yep... works fine with udp and existing hosts... I added that commented out part for testing..
Kalmi  2009-03-20 03:05:10
It's a vista issue.
Conor OG  2009-03-20 09:15:40
I can confirm this as well. The code I was using and Kalmi's sample work on XP and 2k3 but not on Vista. My app is destined for 2k3 so that's good news!
sipwiz  2009-03-20 13:22:16
+2  A: 

There are a number of posts on the web mentioning the problem of ICMP Port Unreachable packets no longer being accessible on Vista.

The stack should give you back an exception when it receives the ICMP. But it doesn't, at least on Vista. And hence you are trying a workaround.

I don't like answers that say it's not possible, but it seems that way. So I suggest you go back a step to the original problem, which was long timeouts in SIP.

  • You could let the user configure the timeout (hence sort of complying with the spec).
  • You can start doing other things (like checking other proxies) before the timeout ends.
  • You could cache known bad destinations (but that would need good management of the cache.
  • If icmp, and udp don't give proper error messages, try tcp or another protocol. Just to elicit the desired information.

(Anything is possible, it just may take a lot of resources.)

Conor OG  2009-03-20 09:25:19

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?