Network Programming

Chapter 5: Raw Socket Programming

Agenda

• The ICMP Protocol– ICMP Packet Format– ICMP Packet Types– Using Raw Sockets– Creating an ICMP Class – Formatting ICMP Packets– Using ICMP to Create a Tracing Application

• SNMP– Impending SNMP– SNMP Commands– Community Names– Common Management Information Base (MIB)– SNMP Packets– SMTP Class

• Summary

Introduction

• Cover the basics of – Internet Control Message Protocol (ICMP)– Simple Network Management Protocol (SNMP)

• ICMP– Used by some network utility applications to

communicate with the remote host on the network– Examples: ping and traceroute

• SNMP– Used for network administration– Used to query and control network devices from a

central management station

The ICMP Protocol

• Network Working Group’s RFC 792• http://www.faqs.org/rfcs/rfc792.html • Allow network devices to report errors in

datagram processing (original purpose)• Today – communicates errors and network

information between hosts• ICMP uses Internet Protocol (IP) to

communicate across the network• ICMP is an indispensable part of IP and is

implemented by every IP module

The ICMP Protocol

• ICMP Packet Format– Recognised by the IP protocol type 1.– The whole ICMP packet is then contained

within the data section of the IP packet

ICMP Packet in an IP packet

0 8 16 19 32

Version Hlen Service Type

Total IP Packet Length

Identification Flags Fragment Offset

Time to Live Protocol IP Header Checksum

Source IP Address

Destination IP Address

Type Code ICMP Checksum

Message

IP H

eade

rIC

MP

P

acke

t

IP P

acke

t

ICMP Packet Fields• Type: The 1-byte type element helps to define the kind of ICMP message

that is present in the packet. Many types of ICMP packets are used to send the control request messages to the remote hosts. Each message type has its own format and data requirements.

• Code: An assorted ICMP message type requires specific control and data options. These options are defined in the single byte Code field.

• Checksum: A Checksum element is used to ensure that the ICMP packet reaches the destination without corruption or tampering. The checksum is computed on only the ICMP portion of the packet, using a specific algorithm defined in RFC 792. While computing the checksum value, the Checksum field is set to zero. The length of the checksum is 2 bytes.

• Message: The Message element holds diverse data elements that are unique to each ICMP message type. The Message data field is used to hold information that is sent to and from the remote host. The first two fields in the Message element are defined as an Identifier and Sequence number. These fields are used to uniquely identify the ICMP packet to the hosts.

ICMP Packet Types• Commonly used ICMP packet types

– Echo request and Echo Reply packets– Destination Unreachable packets

• Echo request and Echo Reply packets– ICMP type 8 with code value of 0 (zero)– Message data holds the following three elements:

• An identifier of 1 byte that uniquely identifies the Echo Request packet• A Sequence number of 1 byte that provides additional identification for the

ICMP packet in a stream• A multibyte data element containing the data that should be returned by the

receiving host– When a device receives an Echo Request packet, it should respond with

an Echo Reply packet, ICMP type 0. The Echo Reply packet must contain the same Identifier and Sequence number values as that of the Echo Request packet to which it is responding. The data element value must also be the same as that received in the Echo Request packet.

Agenda

• The ICMP Protocol– ICMP Packet Format– ICMP Packet Types– Using Raw Sockets– Creating an ICMP Class – Formatting ICMP Packets– Using ICMP to Create a Tracing Application

• SNMP– Impending SNMP– SNMP Commands– Community Names– Common Management Information Base (MIB)– SNMP Packets– SMTP Class

• Summary

Using Raw Sockets

• ICMP packets don’t use TCP or UDP• To use TcpClient and UdpClient, use

the Socket class• To create a raw socket, the SocketType.Raw socket is used when the socket is created.

• There are several protocol type values that are used to match the raw socket type itself

Protocol Type Values and Their Protocol Description

Protocol Value Protocol Description

Ggp Gateway To Gateway Protocol. 

Icmp Internet Control Message Protocol. 

Idp Internet Datagram Protocol. 

Igmp Internet Group Management Protocol. 

IP Internet Protocol. 

ND Net Disk Protocol (unofficial). 

Raw Raw IP packet protocol. 

Tcp Transmission Control Protocol. 

Udp User Datagram Protocol. 

Unknown Unknown protocol. 

Unspecified Unspecified protocol. 

Using Raw Sockets

• ICMPDemo.cs• Sending Raw Packets

– ICMP is a connectionless protocol– Need to bind the socket to a specific local port

to send a packet or use the Connect method to connect the socket to a specific remote host.

– ICMP does not use ports – so the port property of the IPEndPoint is not important

ICMP Demousing System;using System.Net;using System.Net.Sockets;

namespace RawSocket{ //SimpleICMP.cs public class SimpleICMP { static void Main(string[] args) { IPHostEntry host = null; host = Dns.GetHostEntry("localhost"); Socket tmpS = new Socket(host.AddressList[0].AddressFamily, SocketType.Raw,

ProtocolType.Icmp);

Console.WriteLine("Socket Created."); Console.WriteLine("Host information"); Console.WriteLine("Host address: {0}", host.AddressList[0]); Console.WriteLine("Socket details: "); Console.WriteLine("Address Family: {0}", tmpS.AddressFamily); Console.WriteLine("Protocol Type: {0}", tmpS.ProtocolType.ToString()); Console.WriteLine("Socket Type: {0}", tmpS.SocketType.ToString()); Console.ReadLine(); } }}

Using Raw Sockets

• Receiving data from a raw socket is more difficult than sending data

• ReceiveFrom method– Holds the whole of the IP packet contents– Extract data from raw IP packet to create

ICMP packet– IP packet data starts at byte 20– Start reading the byte array at the 20th position

in the received data packet

ICMP Demo

Creating an ICMP Class

• Formatting ICMP Packets

• Raw socket does not do formatting

• Can create an ICMP Class

ICMP Packet

Data Variable Size Type

Type 1 byte Byte

SubCode 1 byte Byte

Checksum 2 bytes Unsigned 16-bit integer

Identifier 2 bytes Unsigned 16-bit integer

SequenceNumber 2 bytes Unsigned 16-bit integer

Data Multibyte Byte array

ICMP Class public class ICMPPacket { //Type of message public Byte Type;

//Type of subcode public Byte SubCode;

//One's complement checksum of struct public UInt16 CheckSum;

//Identifier public UInt16 Identifier;

//Sequence number public UInt16 SequenceNumber;

//Data or message public Byte[] Data;

}//end of class ICMPPacket

Serialize Method

• Code a method named Serialize• Calculate the total size of the packet from

the packet information passed to it as the parameter

• Total size is calculated by converting the packet into a byte array

public static Int32 Serialize(IcmpPacket packet, Byte[] Buffer, Int32 PacketSize, Int32 PingData) { Int32 cbReturn = 0; //Serialize the struct into the array int Index = 0; Byte[] b_type = new Byte[1]; b_type[0] = (packet.Type); Byte[] b_code = new Byte[1]; b_code[0] = (packet.SubCode); Byte [] b_cksum = BitConverter.GetBytes(packet.CheckSum); Byte[] b_id = BitConverter.GetBytes(packet.Identifier); Byte[] b_seq = BitConverter.GetBytes(packet.SequenceNumber); //serialize type Array.Copy(b_type, 0, Buffer, Index, b_type.Length); Index += b_type.Length; //serialize subcode Array.Copy(b_code, 0, Buffer, Index, b_code.Length); Index += b_code.Length; //serialize cksum Array.Copy(b_cksum, 0, Buffer, Index, b_cksum.Length); Index += b_cksum.Length; //serialize id Array.Copy(b_id, 0, Buffer, Index, b_id.Length); Index += b_id.Length; Array.Copy(b_seq, 0, Buffer, Index, b_seq.Length); Index += b_seq.Length; //Copy the data Array.Copy(packet.Data, 0, Buffer, Index, PingData); Index += PingData; if (Index != PacketSize/*sizeof(IcmpPacket)*/) { cbReturn = -1; return cbReturn; } cbReturn = Index; return cbReturn; } //end of Serialize

Checksum Methodpublic static UInt16 checksum(UInt16[] buffer, int size){ Int32 cksum = 0; int counter;

counter = 0;

while (size > 0) { cksum += Convert.ToInt32(buffer[counter]); counter += 1; size -= 1; }//end of while cksum = (cksum >> 16) + (cksum & 0xffff); cksum += (cksum >> 16); return (UInt16)(~cksum);}//end of checksum

ICMP Packet Creation

• Pinging another computer– Create ICMP packet– Need an echo request packet

• ICMP Type = 8• SubCode = 0• Use the Identifier and Sequence elements to track the individual

ping packet and allow any text to be put into the data packet

– The returned ICMP packet creates a new ICMP object– If the sent packet is the a match for the received packet, the ping

was successful– You need to check for a timeout – if no ICMP packet has been

received within 10 seconds, then throw an error message

Using ICMP to Create a Tracing Application

• Need the ICMP header• Each header has a TTL field (Time To

Live)• Each time the datagram is processed, TTL

is decremented• Datagram is processed by the gateway

– When the TTL = 0, the datagram is discarded– Source host is notified of any discarded

datagrams

Tracing application “algorithm”

1. Start with a datagram with TTL = 12. At each machine reached, the gateway

sends a “time-expired” message back3. Remember machine that sent message

back4. Send another message with TTL += 15. Repeat steps 2 to 4 until an echo reply

has been received successfully (destination reached)