I'm working on a website testing framework, and I'd like to be able to spoof the user ip. I've read, that software like Loadrunner can do this, and I'd like to be able to do this as well.
A tutorial on how to use a socket normally can be found here, but I if I want to spoof the ip, I'll have to somehow edit ip header. Is this done on socket level, or is there an other, deeper level in .Net, which would let me do this?
You can't anymore, as access to raw sockets has been restricted in the desktop versions of Windows:
On Windows 7, Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows XP with Service Pack 3 (SP3), the ability to send traffic over raw sockets has been restricted in several ways:
TCP data cannot be sent over raw sockets.
UDP datagrams with an invalid source address cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped. This change was made to limit the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets (TCP/IP packets with a forged source IP address).
A call to the bind function with a raw socket for the IPPROTO_TCP protocol is not allowed.
Note The bind function with a raw socket is allowed for other protocols (IPPROTO_IP, IPPROTO_UDP, or IPPROTO_SCTP, for example).
(From Dev Center - Desktop - TCP/IP Raw Sockets)
You can create a raw socket fairly easily:
Socket s = new Socket(ip.AddressFamily, SocketType.Raw, ProtocolType.Ip);
At which point its on you to construct the appropriate datagram (which would be a separate question if you don't have the documentation on how to do this to hand)
LoadRunner can spoof IP addresses only when the actual IP address exists on the Load Generator. So, if I have 200 IP addresses assigned to my host then I can distribute my load across these IP addresses instead of having least cost routing or primary vs secondary network interfaces come into play in the operating system. This is true not only of LoadRunner but other application performance testing tools that spoof, the address needs to be assigned to the host generating the load.
If you are looking for raw spoofing solutions where the IP address need not be assigned to the host for testing purposes then you might consider network performance testing tools, particularly the chassis-based solutions, from companies such as Spirent and Ixia. These network solutions can also generate tens of thousands of unique bogus MAC addresses to go with the bogus IP addresses if needed.
Related
I have hardware based on a microcontroller with Ethernet communication.
There is a TCP server in the microcontroller.
To configure the hardware, I have an application made in C# for android.
The application, in turn, has a TCP client.
For the app to find my hardware, what I'm doing is pinging each of the addresses of the same network segment of my mobile.
That is, if the IP address of my mobile is 192.168.0.xx, I ping from the address 192.168.0.1 to the address 192.168.0.255.
Those addresses that respond, I try to open a socket and send a data frame, if the answer is correct, I assume that I have found a hardware in my local network (there could be more than one connected)
Obviously those IP addresses that don't respond, or that the socket cannot be opened or that they respond to something wrong are discarded.
Those valid addresses are displayed in a list for the user to choose with which to interact.
Also, these valid addresses are saved in the application so that the next time the app is opened, it will automatically connect to the stored addresses, avoiding the scanning of the IP addresses.
This seems correct to me the first time the user installs the hardware and configures with the app
The problem is that I was informed that there are users that their routers are configured to renew their IP addresses once a month.
If this happens, the app should again perform a scan of all the IP addresses again, and this is somewhat cumbersome, since scanning all the IPs takes some time, I don't think users are happy configuring their app and hardware once a month.
Another cumbersome solution could be to use static IP addresses, but I don't think that's a good idea either.
Any suggestions on how to improve this?
You need to take subnets into account. You are assuming that the subnet you are connected to is a /24. You are also pinging the broadcast address (.255) which is unnecessary. A host doesn't reside there.
DHCP assignments will renew their lease halfway through the lease period. If your hardware is still on the network it will most likely get the same IP assigned as it did prior from most modern DHCP implementations.
Finally, consider lowering any timeout values in your scan. Scanning a /24 for hosts to respond on a specific port should complete in seconds.
The solution is explained by #Charlieface in the comments of the question.
I'm going to implement a UDP server on the microcontroller with an IP address within the range of 224.0.0.0-239.255.255.255 (Multicast IP addresses).
When connecting to said server and sending a data frame, the ip and other parameters will be returned so that the app can connect directly to the hardware without having to perform a scan of all the IP addresses.
More details of the solution, in the following freeRTOs thread:
How can I create a UDP server with static IP?
Scenario:
Developing an application targeting a Win CE 5.0 powered device. The application is being developed using .NET Compact Framework 3.5 (C#).
Question:
Just like when you connect a computer to a LAN and you can see all the other active computers and their respective IP Address, we would like to implement something similar in our application where only the IP Addresses will be listed.
Considering that it is an existent Windows feature, I guessed it would be possible to easily implement in out application. What's the best approach considering my scenario?
First you will have to define what you mean by active IP Addresses.
A host may block ICMP_ECHO (commonly reffered to as ping) but allow TCP, UDP etc. connections on specific ports.
Depending on what type of service you require of your hosts you could
send ICMP_ECHO requests to all the IP Addresses in your subnet.
- To calculate the IP range of your subnet you may want to use the address space bitmask
- For ICMP request you could also use a broadcast address. But most hosts do not respond to broadcast requests in order to prevend flooding.
attempt to open connections on specific TCP ports (again on the whole ip range)
ask your router to provide you with a list of hosts using it via dns query
send arp requests to an ethernet broad cast address
Essentially there are too many ways to get a list of hosts in a specific ip range or subnet to give a general answer.
First you need to define what you need that host list for.
you can write a function that ping on about 20 or more IPAdresses going from 192.168.1.1 to 192.168.1.20 and call it in different threads with defferent ofssets exmple :
one going from 192.168.1.1
other one going from 192.168.1.21
.......
call them on defferent threads but dont call them a lot it would slow down the CPU and maybe freez the computer
I'm currently developing unit tests for a device (a radio encoder) that my company is developing.
It's possible to access various statistics via SNMP (v1 only), where you can get amongst other things the number of discarded UDP datagrams for various reasons.
I want to be able to send a datapacket wrapped in a faulty UDP header with various errors (checksum errors, wrong IP address in header etc) to make sure the error counters behave correctly.
I was not able to find any information on how to accomplish this, most highlevel networking functions I was able to find (obviously) calculate the checksum correctly and automatically.
You have to resort to Raw Sockets :
http://www.winsocketdotnetworkprogramming.com/clientserversocketnetworkcommunication8f_3.html
and
http://www.winsocketdotnetworkprogramming.com/clientserversocketnetworkcommunication8h.html
Just be aware of limitations : http://msdn.microsoft.com/en-us/library/windows/desktop/ms740548(v=vs.85).aspx
On Windows 7, Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows XP with Service Pack 3 (SP3), the ability to send traffic over raw sockets has been restricted in several ways:
TCP data cannot be sent over raw sockets. UDP datagrams with an
invalid source address cannot be sent over raw sockets. The IP source
address for any outgoing UDP datagram must exist on a network
interface or the datagram is dropped. This change was made to limit
the ability of malicious code to create distributed denial-of-service
attacks and limits the ability to send spoofed packets (TCP/IP packets
with a forged source IP address). A call to the bind function with a
raw socket for the IPPROTO_TCP protocol is not allowed. Note The bind
function with a raw socket is allowed for other protocols (IPPROTO_IP,
IPPROTO_UDP, or IPPROTO_SCTP, for example)
I'm finding surprisingly little information about sockets on the internet. Maybe it's because of my search strategy.
Will binding a socket to an end point chosen by the operating system/NAT (what is it actually chosen by?) ensure that packets sent using it will always have the same source port?
For example if I were to create socket and bind it to a port chosen by Windows (i.e. pass new IPEndPoint(IPAddress.Any, 0)) and then send two packets to different hosts, will the source port of the two packets be the same?
If yes, what's "NAT port randomisation"? I've heard that it makes the NAT select a new port for each host you're sending data to ... is that the case?
For example if I were to create socket and bind it to a port chosen by Windows (i.e. pass new IPEndPoint(IPAddress.Any, 0)) and then send two packets to different hosts, will the source port of the two packets be the same?
Let's say on your local PC computer you binded to a specific port (or even port 0 - such that the operation system picks a port for you). All packets leaving the PC will have the same source port. Guaranteed.
But the NAT - may do something entirely different. The NAT will definitely translate the IP address to the external IP address it was assigned. And the "source port" will undergo a "mapping" translation.
Most, but not all, well behaved NATs will try to do the following. This does not include behaviors setup via port-forwarding rules that the user may have setup manually or via UPNP.
Some NATs will try to "map" the source port of the internal host to the same port value when retransmitting UDP or making a TCP connection. This isn't always possible if another host behind the same NAT is already using that port. In that case, another port is picked.
For outbound TCP connections, the port mapping will occur as the outbound SYN packet leaves the NAT. The source port mapping will remain consistent for the lifetime of the TCP connection.
If a host behind a NAT sends consecutive UDP packets to the same remote IP:port pair within a given internal, a well behaved NAT will maintain the same port mapping. That is, the source port remains the same.
And most well behaved NATs will maintain the same source port mapping independent of what the destination IP or destination port is. That is, if a PC behind the NAT sends UDP packets from local port 3000 to two different IP:port addresses, the NAT will translate the source port the same. This is called "address independent mapping" and is an important characteristic with setting up P2P connections with other hosts that might be behind a NAT.
If yes, what's "NAT port randomisation"? I've heard that it makes the NAT select a new port for each host you're sending data to ... is that the case?
There are NATs that are not so well behaved. The primary fault they have is this:
When the NAT maintains "Address and port dependent" mapping (aka "symmetric NAT"). This is where the NAT picks a random source port for each unique IP:port pair that a host behind the NAT communicates with. As such, it becomes very difficult for two hosts (both behind different symmetric NATs) to communicate with each other without a relay service. I am told that most mobile devices communicating over 3G exhibit this behavior.
Some not-so-well-behaved NATs will even sniff the data of the packets looking for protocols that might contain internal IP addresses and then attempt to "fix" the packet such that the internal IP address communicated in the packet data is now the external IP address. This fixes problems for legacy protocols like FTP. But for other applications, this can be create more problems.
There is a set of technologies for traversing NATs. Please read up on STUN, TURN, and ICE.
Binding is used to open a port for listening on the computer. Webservers bind to port 80 for instance so all incoming packets to port 80 access that service. It is essentially a way to reserve a port for a service in the OS. So in that sense, your source port will be the port you bound to. If you are the one accessing the service you typically don't bind at all because it doesn't matter what port you are using, only what port you are connecting to.
Hopefully that answers your question. If not, I think I'm not understanding the post as well as I should.
I'm developing an application of multiple socket connections (a TCP alarm watcher). Currently, in order to mock the alarms, i made small applications running on a VM Machine (that is, because the Vm have a different IP) that simulate the alarm endpoints.
What I want to do is to mock the alarms in the same machine I'm running my "server" (i.e. the first application), except that I want these mock alarms to have a different IP. I don't want my mocks running with the same IP that the first App (e.g. The server is 192.168.1.4; I want a mock to be 192.168.1.10, other being 192.168.1.11, etc.; all living in the same machine, just the way VM's can do that).
Virtual Machines in 'bridged network' mode can get a different IP from the DHCP server (that's where I get this idea). So, I'm a little dissoriented on where to investigate to complete the task, my question is:
How Can I make , programaticaly, my mock applications to get its own IP addresses via DHCP?
(or, Is it impossible, given the .NET Framework?)
Haj.-
You can certainly talk to the DHCP server -- the packet format is documented in RFC 2131. Doing this from C# is relatively simple.
However, all this does is "steal" an IP address from the DHCP server's pool. It doesn't actually bind it to the network stack.
It sounds like you still need to get your application to listen on this IP address. Unless this IP address is assigned to the network adapter on the machine, this won't work.
In short: you need multiple network adapters, or a multi-homed network adapter. In which case, you'd be better off letting it sort itself out with DHCP.
On the other hand, if all of your traffic is local, install the "Microsoft Loopback Adapter", and assign a bunch of IP addresses to that.
You will certainly be able to do this in C#, but I doubt that there is an existing class for doing this (its not a normal thing to do!)
You will probably end up having to do it yourself by recieving / sending the packets yourself.
I managed to find the following link which might be useful:
http://social.msdn.microsoft.com/Forums/en-US/wsk/thread/836c2150-583c-43a6-93b3-0e3202c2e2f5
(I know it says creating a DHCP server, but it could be a good place to start in terms of looking up the DHCP protocol workings)
Having said that I suppose you might have some problems requesting a lease for an IP address from a different IP address.