Click here to Skip to main content
Click here to Skip to main content

Trace Route using raw sockets

, 28 Jul 2003
Rate this:
Please Sign up or sign in to vote.
This Article Looks at a way to Trace Route by Raw Sockets
<!-- Article image -->

Sample Image - TraceRoutes.jpg

<!-- Add the rest of your HTML here -->

Introduction

This Project was undertaken on the needs to explore Sockets and its different Uses . I started by making a Ping program which pinged the Network Addresses . The ping program was inspired by FAQs at http://tangentsoft.net/wskfaq/ and mostly used their Functions!!!. The Route Program is an enhancement of same program (Ping program ) which used Raw Sockets.

What and Why?

Ping program basically sends ICMP Packets to Remote Host and asks it to send back an reply and calculates the Time to get the reply back. Trace Route traces the Route of our packets via network , identifying the IP Address of every host .

How To Run it ?

The standard Trace Route (tracert.exe) which comes with Windows Operating System was basically an example for me to emulate. The short comings ( which is my point of view ) with the standard Trace Route was the delay it had which takes three (and I presume ICMP Packet replies ) . My program takes 1 ICMP reply. As soon as I get ICMP_ECHO( integer 0 ) reply, I know that the packet has reached the destination and the program exits.

Go to Command Prompt : in the Dos Prompt Type the Path of the EXE and with space type the URL or ip Address like C:\>TracesRoutes.exe x.x.x.x timeout(Optional). Remember to type a valid IP Address otherwise an error message "Destination Unreachable " would be given.

The Code

All of the code is the same except a few changes here and there. The main function is Decode_Reply
int decode_reply( IPHeader* reply, int bytes, sockaddr_in* from ) 
{
......
    // Make sure the reply is sane
    if (bytes < header_len + ICMP_MIN) 
  {
        cerr << "too few bytes from " << inet_ntoa(from->sin_addr) << endl;
        return -1;
    }
    else if ( icmphdr->type != ICMP_ECHO_REPLY ) 
  {
        if ( icmphdr->type != ICMP_TTL_EXPIRE ) 
    {
            if ( icmphdr->type == ICMP_DEST_UNREACH ) 
      {
                cerr << "Destination unreachable" << endl;
            }
            else 
      {
                cerr << "Unknown ICMP packet type " << int(icmphdr->type) <<
                        " received" << endl;
            }
            return -1;
        }
        // If "TTL expired", fall through.  Next test will fail if we
        // try it, so we need a way past it.
    }
    else if (icmphdr->id != (USHORT)GetCurrentProcessId()) 
  {
        // Must be a reply for another pinger running locally, so just
        // ignore it.
        return -2;
    }

 
    // Okay, we ran the gamut, so the packet must be legal -- dump it
    if (( icmphdr->type == ICMP_TTL_EXPIRE ) || 
        ( icmphdr->type == ICMP_ECHO_REPLY ) ) 
  {
    in_addr in;
    in.S_un.S_addr = reply->source_ip; 
    cout << "\n Source IP " << inet_ntoa( in ) ; 
    int nTime = GetTickCount () - ulTimestamp ;
    if ( nTime < 0 )
    {
      cout << "  Time: " << "<10 ms." << endl;
    }
    else
    {
      cout << "  Time: " << ( GetTickCount() - ulTimestamp ) 
         << " ms." << endl;
    }
    }
.........
    return 0;
}

Problems?

If you are facing problems, contact your system administrator . I have tested this Software on both Private and Public IPs . Mostly System Administrators disable this functionality.If you are on a network you can trace some other Computer on same network to test it.

Changes

I have added Destination Unreachable Case. The code is messy so if you find anything which can make it better do send in a line at my Web Site or my Email.

Comments?

Kindly Send ur Comments through http://babarq.netfirms.com/. Thanks.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Babar Qaisrani
Web Developer
Canada Canada
Smile | :)

Comments and Discussions

 
General[Message Deleted] Pinmemberit.ragester2-Apr-09 21:50 
GeneralRouter connection blocking PinmemberEru8727-Nov-07 12:59 
GeneralA Big Mistake PinmemberPrasshhant Pugalia11-Nov-07 18:53 
Look at this carefully...
 
else if (icmphdr->id != (USHORT)GetCurrentProcessId())
{
// Must be a reply for another pinger running locally, so just
// ignore it.
return -2;
}
Simple logic...but the program will never return even if the two compared values are different...because this condition is "NEVER" evaluated.
 
why ?...because of this
 
else if ( icmphdr->type != ICMP_ECHO_REPLY )
...
 
The above condition always evaluates to true...because all intermediate nodes reply with a TTL expired and not echo reply...so the next condition which is :
else if (icmphdr->id != (USHORT)GetCurrentProcessId())
is never evaluated.
 
proof?
 
make it...
 
else if (icmphdr->id != (USHORT)GetCurrentProcessId())
{
// Must be a reply for another pinger running locally, so just
// ignore it.
return -2;
}
cout<<" ID : "<<icmphdr->id<<" "<<(USHORT)GetCurrentProcessId();
 
...and my point will be clear.
 
make it...
 
if (icmphdr->id != (USHORT)GetCurrentProcessId())
{
// Must be a reply for another pinger running locally, so just
// ignore it.
return -2;
}
 
...and the program will fail
 
Then why does the program give correct output...?
 
Apparently the program will give correct output as long as it is running as the only traceroute program...It will give correct output even when another ping program is running since then
 
else if ( icmphdr->type != ICMP_ECHO_REPLY )
 
...will be false and
if (icmphdr->id != (USHORT)GetCurrentProcessId())
{
// Must be a reply for another pinger running locally, so just
// ignore it.
return -2;
}
will be tested properly
 
But if another traceroute program runs in parallel then the output of will be wrong. Yes I have tested this!
 
Where is the problem ?
 
Turn up Ethereal and see the packets.
A TTL Expired ICMP message has "NO" id field in the ICMP header.
But a ECHO Reply "HAS" an id field
 
So checking the icmphdr->id for a ttl expired message is useless.
 
then ?
 
A TTL Expired message contains IP Header + ICMP Header + Initial Transmitted ICMP Packet.
 
In the Initial Transmitted ICMP Packet section the id is present...mostly!
I didnt find any standard specification for this though...comments on this are appreciated.
 
Now that id field can be tested to ensure that you catch "your own" packets and not of other programs.
 
Hope that Helps!
Prasshhant
Generalusing c# Pinmemberx_sanctus14-Nov-05 14:23 
QuestionPlagiarize? PinsussAnonymous22-May-04 15:03 
AnswerRe: Plagiarize? PinsussAnonymous22-May-04 15:15 
QuestionCan you give me a copy of src? Pinmemberdeer@webmail.hebut.edu.cn2-Jun-03 17:09 
AnswerRe: Can you give me a copy of src? PinmemberBabar Qaisrani7-Jun-03 3:08 
AnswerRe: Can you give me a copy of src? Pinmemberthreebochen14-Jul-03 16:23 
GeneralRe: Can you give me a copy of src? PinmemberBabar Qaisrani28-Jul-03 19:01 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web04 | 2.8.140709.1 | Last Updated 29 Jul 2003
Article Copyright 2002 by Babar Qaisrani
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid