For those of you who play MW2 on the PC you know it is plagued by hackers and cheaters. I would like to create a solution where the host of a multi player game can selectively firewall out a cheater.
The problem I am running into is I do not know how to locate remote IPs that are sending or receiving UDP packets.
Netstat will only show the listeners on my local machine.
IPGlobalProperties does not have any methods I can use either as UDP is connectionless.
How can I go about finding remote IPs of UDP packets?
I would like to code a solution using C#.
You'll want to write a network sniffer to start with, see this CodeProject example.
here is my source code for the admin tool i made, vac will ban you for it
it uses winpcap to read the game network traffic, and scans for key packets.
then stores the name and ip address of each user connected to you.
as well as provides an http interface to kick/ban players.
works on xp32, vista 32 64 and win7 32 64
http://sof.adivinedude.com/downloads/index.php?dir=&file=COD_ADMIN_v2.4_source_code.zip
Related
I've looked around at various C# Packet Sniffing tutorials and have built one that can parse packets sent to and from my computer. This is awesome, but I haven't found anything that relates to intercepting packets from another computer (obviously on the same network), e.g. from a different computer to a router.
Am I correct in thinking that any packets sent by a computer are visible to, not only the router, but any other computers on the same network? If this is the case, does that not mean that intercepting these packets is something we can do in C#?
To those who are desperately copying and pasting links to Wireshark etc. I appreciate your time but this is more of a learning experience for me, so I'd like answers relevant to C# if possible!
In summary, how can I intercept packets in C# that don't concern my computer? E.g. From my laptop to my router?
Assuming you're in an ethernet switched network rather than something funky like a token ring: Even the great Wireshark is limited in what it is able to see because it runs in the same confines as what you're trying to build - its host PC.
Unfortunately, your PC can only see the packets that hit its network interface. This means that in a layer 3 routed network you're unlikely to see any packets that aren't intended for you, unless of course your PC is the router.
You'll need to look into SOCKS5 proxies and the like to achieve the level of network transparency your question infers. While implying a small bit of network and configuration overhead, a proxy will provide you the most visibility into the traffic you're after.
M.Babcock already mentioned in his answer that your computer in a switched network won't see the traffic between two other computer.
Some (managed) switches and routers have the feature to send all traffic to a monitoring port. On this port you can connect your computer and use wireshark/pcap etc. to see the all the traffic that is passing through the switch/router.
Or, if you still have one reachable, put a Hub between Laptop and router and connect your pc to the hub. The Hub will forward all traffic to the other ports, as he doesn't care about the mac addresses.
So this is really not depending on any programming language but only on network management.
I have a device connected to a host computer through cradle usb. Now, I'm just wondering if I could use C# sockets to communicate with the device (ie device sending data, host computer processing it then replying back to the device). How can I accomplish this? by that, what ip address etc etc.. do I have to change so that it would connect cause I have the sockets working on wireless. If not, then is there a way to connect to the device, open and read a file (a text document to be more specific) from the device to my host application.. any ideas?
Thanks! :)
Depending on your target device, when you connect via ActiveSync it likely makes a local RNDIS network connection between teh two devices. You can resolve "ppp_peer" as the partner's network name instead of trying to use a hard-coded IP address (IIRC the IP is different on XP than on Vista).
Be aware that it's not a full connection. TCP packets gets passed through, but things like ICMP do not.
Of course, this just gives you a socket connection, just like if you were to connect between two PCs. It's not going to allow you to do file system operations unless you have an app on the other side listening for commands. If you want that type of thing, Microsoft provides the Remote API (RAPI) interface (wrapped in managed code here)for a lot of basic commands, and it can be extended (with C) to do anything you'd like.
In my company we use small application called IPMsg, a messenger kind of tool to pass messages and file to other fellows in company, even it allows to multicast the message.
And also it lists the user name, host name and IP addresses of users.
How can it do that? There is no server present for message routing and when checked through netstat command in CMD it does not show any details like what protocol and port it is using to communicate.
There is source code also available on the same site which is in VC++. I didn't understand a line of code... (I'm a C# guy)
Can anyone explain me how it can do that?
One simple way would be to let the application listen on a certain network port, and when you start your instance of it, it tries to connect to that port on each computer on the same network. If that other computer has that port open, and answers correctly, then you have found another instance of the application.
IPMsg probably multicasts a request for all clients to report their user and host details.
A similar mechanism is used when Windows Explorer attempts to find other machines on a network. A good description of this type of multicasting discovery is described here.
IPMsg is a daemon which listens to incoming connections on a specific port which is the connection port. You can find out which port it used by using Wireshark.
Start wireshark, start listening on the interface where you have connected to LAN and then start sending any message, wireshark will show you the message on the screen with the port number also.
The application is a peer-to-peer software and doesn't require a central server software to route messages. it only has a small daemon which accepts incoming connections. This is the way Jabber Instant messaging protocol also works.
As you said it lists username, hostname and ip address of users, do you mean it pings the network and finds it? If yes, then it is actually possible to find the IP addresses of computers on the Local Network which requires you to know the subnet on which you are connected.
You can use ARP/ICMP Ping to know the hosts present on your network provided you enter the correct subnet information
Multicasting a message is also nothing special. It is a feature provided with all Networking Stacks.
If you want mutlicasting in .NET, it is allowed. Check this page on Code Project which gives a nice example
I've got some c# code that is mapping processes to ip addresses, I'm basically trying to write some software that will look at a process and give me the ip address so that I can write a monitor that will allow friends to find be in games.
When running my application though it detects that a game process has a UDP connection but I can't seem to get the ip address.
I've run a packetsniffer and 78.111.229.123:32000 shows up on the router/gateway but it's not showing in my application.
Any ideas to get me up and running?
How are you setting up the socket in the game application? Can you post an example of your socket setup code?
Are you using the wildcard address and port when creating the socket? I'm guessing that if your game application doesn't bind to a specific IP address and port explicitly that may be the source of your problem.
Another question: are you trying to detect the local IP address, remote IP address or both?
If you're trying to detect the remote IP address this may be impossible unless the game application is using what's known as connected UDP sockets. This is where the client application calls connect on the UDP socket to create an association between the local and remote sockets in the underlying OS. This has certain advantages and drawbacks as listed in the above link.
Edit
Take a look at this SO post: PID from socket number on Windows?
This pretty much confirms what I thought - unless the game is using connected UDP sockets then the only way you'll be able to get the remote address is via packet sniffing.
Start up the game and run netstat -ap UDP - if you see that there aren't any remote addresses listed then that would confirm the above suspicion.
I found an article on getting active tcp/udp connections on a machine.
http://www.codeproject.com/KB/IP/iphlpapi.aspx
My issue however is I need to be able to determine active connections remotely - to see if a particular port is running or listening without tampering with the machine.
Is this possible?
Doesn't seem like it natively, otherwise it could pose a security issue. The alternative would be to query a remoting service which could then make the necessary calls on the local machine.
Any thoughts?
Nmap is what you are looking for.
There is no way to know which ports are open without the remote computer knowing it. But you can determine the information without the program running on the port knowing it (i.e. without interfering with the program).
Use SYN scanning:
To establish a connection, TCP uses a three-way handshake. This can be exploited to find out if a port is open or not without the program knowing.
The handshake works as follows:
The client performs an active open by sending a SYN to the server.
The server replies with a SYN-ACK.
Normally, the client sends an ACK back to the server. But this step is skipped.
SYN scan is the most popular form of
TCP scanning. Rather than use the
operating system's network functions,
the port scanner generates raw IP
packets itself, and monitors for
responses. This scan type is also
known as "half-open scanning", because
it never actually opens a full TCP
connection. The port scanner generates
a SYN packet. If the target port is
open, it will respond with a SYN-ACK
packet. The scanner host responds with
a RST packet, closing the connection
before the handshake is completed.
The use of raw networking has several
advantages, giving the scanner full
control of the packets sent and the
timeout for responses, and allowing
detailed reporting of the responses.
There is debate over which scan is
less intrusive on the target host. SYN
scan has the advantage that the
individual services never actually
receive a connection while some
services can be crashed with a connect
scan. However, the RST during the
handshake can cause problems for some
network stacks, particularly simple
devices like printers. There are no
conclusive arguments either way.
Source Wikipedia
As is mentioned below, I think nmap can do SYN scanning.
Using sockets for TCP port scanning:
One way to determine which ports are open is to open a socket to that port. Or to a different port which finds out the information for you like you mentioned.
For example from command prompt or a terminal:
telnet google.com 80
UDP Port scanning:
if a UDP packet is sent to a port that is not open, the system will respond with an ICMP port unreachable message. You can use this method to determine if a port is open or close. But the receiving program will know.
neouser99 (et al) has suggested NMAP. NMAP is very good if all you're trying to do is to detect ports that are open on the remote machine.
But from the sounds of your question you're actually trying to determine what ports are both open and connected on your remote machine. If you're after a general monitoring solution, including the connected ports, then you could install an snmp server on your remote machine. There are two MIBs that let you check for port status which are TCP-MIB::tcpConnectionTable and UDP-MIB::udpEndpointTable.
The daemon (server) supplied in net-snmp has most likely got support for these mibs.