7

Possible Duplicate:
Why does ping work without administrator privileges?

From a MSDN article on TCP/IP Raw Sockets:

... It is important to understand that some sockets of type SOCK_RAW may receive many unexpected datagrams. For example, a PING program may create a socket of type SOCK_RAW to send ICMP echo requests and receive responses....

This passage suggests that in order to perform a ICMP ping, one must use raw sockets on Windows platforms. However, the same article also says:

Note: To use a socket of type SOCK_RAW requires administrative privileges. Users running Winsock applications that use raw sockets must be a member of the Administrators group on the local computer, otherwise raw socket calls will fail with an error code of WSAEACCES. On Windows Vista and later, access for raw sockets is enforced at socket creation. In earlier versions of Windows, access for raw sockets is enforced during other socket operations.

I certainly don't need to be an Administrator to ping other hosts. So does ping.exe get special treatment, does it even use raw sockets or is there something else I am missing?

Community
  • 1
  • 1

1 Answers1

5

As Uwe commented, ping just doesn't use raw sockets. It uses specific API that sends echo requests called IcmpSendEcho, or IcmpSendEcho2.

You can use Dependency Walker on c:\windows\system32\ping.exe to see it yourself.

kichik
  • 33,220
  • 7
  • 94
  • 114
  • 2
    I expect the real reason is history; on unix based systems ping often does require that the user be in a special group, or more typically the ping program has a special bit to run as that group (but internally will not permit ordinary users to generate ping floods). Windows inherits from earlier windows versions without a concept of user accounts or privileges, so there's probably an expectation among users that ping should work like it used to. – Chris Stratton Jul 11 '12 at 18:51