2

I am trying to implement a python traceroute that sends UDP messages and receives the ICMP responses via raw sockets. I've run into an issue where the ICMP packets seem to avoid capture at all cost. The ICMP responses show up in wireshark as exactly what I'd expect, but the socket never receives any data to read. Another complication is that I am running the code on VirtualBox running Ubuntu, as the sendto() would not get the packets on the wire in Windows 7. (I'm running wireshark in windows to capture the packets). The strange thing is that wireshark will capture the ICMP messages when I run the python script from the virtual machine. However, when I try to run the script on windows, the ICMP messages don't show up in wireshark. (The UDP packets have magically started working on windows)

I've played around with all sorts of different versions of setting up the socket from online examples, and played around with using bind() and not using it, but no configuration seems to produce a socket that reads. It will just time out waiting to read the ICMP message.

It should also be noted that if I try to read my udp sending socket, it successfully reads the udp packets. As soon as I set IPPROTO_ICMP the read times out.

receive_response method:

def receive_response(rec_socket, packetid, tsend, timeout):
    remain = timeout
    print packetid
    while remain > 0:
        ready = select.select([rec_socket], [], [], remain)
        if ready[0] == []:
            return
        print 'got something'

setting up the socket:

rec_socket = socket.socket(socket.AF_INET, socket.SOCK_RAW, ICMP_CODE)
rec_socket.setsockopt(socket.SOL_IP, socket.IP_HDRINCL, 1)
rec_socket.bind(("",0))      #played with using this statement and skipping it

call to receive is simply:

reached = receive_response(rec_socket, packetid, time.time(), timeout)
metatoaster
  • 17,419
  • 5
  • 55
  • 66
mao47
  • 967
  • 10
  • 25
  • Wireshark is such a professional tool, that sometimes for simple tasks it may even complicate things. Would you kindly try SmartSniff (http://www.nirsoft.net/utils/smsniff.html) and try again with and without WinpCap? This is for Windows... – Hanlet Escaño Dec 12 '12 at 07:05
  • Using smartsniff, the same behavior occurs in default: trying it from host/windows doesn't see icmp packets and running from vm results in sniffer seeing icmp packet, but then turning on winpcap the icmp packet is not seen in either situation. – mao47 Dec 12 '12 at 07:33
  • you should be administrator when running the program. – User Dec 12 '12 at 14:59

1 Answers1

0

It looks like the problem is VirtualBox will default to using NAT to connect to the network. This means that the virtual machine won't receive the ICMP messages by virtue of them being ICMP messages. It seems like the solution to this is to configure VirtualBox networking to use "Bridged networking" mode. Unfortunately I cannot confirm this as I can't set up the virtual machine on my university's network within bridged mode. As for the reason they didn't work in windows, it must be related to windows' lack of support for raw sockets.

mao47
  • 967
  • 10
  • 25
  • Actually this answer appears to be completely unrelated as raw sockets on Windows need additional work configuration to make the socket be able to receive ping, please refer to [this answer](https://stackoverflow.com/a/76320186/). – metatoaster May 24 '23 at 04:55