Port scanner - icmp packets

0
votes

I wrote a UDP port scanner. I send a packet to another device in the same network but over here is a little problem, why wireshark receives only one packet if I send 10 packets on different ports(each one port is closed). I should receive 10 ICMP packects with type: 3. What should I change in my code to get these?

using PcapDotNet.Core;
using PcapDotNet.Packets;
using PcapDotNet.Packets.Ethernet;
using PcapDotNet.Packets.IpV4;
using PcapDotNet.Packets.Transport;
using System;
using System.Collections.Generic;

namespace SendingASinglePacketWithSendPacket
{
class Program
{
    static void Main(string[] args)
    {
        IList<LivePacketDevice> allDevices = LivePacketDevice.AllLocalMachine;
        PacketDevice selectedDevice = allDevices[2];


        for (int i = 1; i < 10; i++)
        {
            new Sender().SendUDPandGetStatus(selectedDevice, (ushort)i);
        }


        System.Console.ReadKey();
    }
}

class Sender
{
    public void SendUDPandGetStatus(PacketDevice selectedDevice, ushort port)
    {
        using (PacketCommunicator communicator = selectedDevice.Open(100, PacketDeviceOpenAttributes.Promiscuous, -1))
        {           
            communicator.SendPacket(BuildUdpPacket(port));
        }
    }

    private static Packet BuildUdpPacket(ushort destinationPort)
    {
        EthernetLayer ethernetLayer = new EthernetLayer
        { 
            Destination = new MacAddress("14:cc:20:2c:7e:36"),
            Source = new MacAddress("9C:4E:36:17:86:48"),

            EtherType = EthernetType.None,
        };

        IpV4Layer ipV4Layer =new IpV4Layer
        {
            Source = new IpV4Address("192.168.0.104"),
            CurrentDestination = new IpV4Address("192.168.0.105"),
            Fragmentation = IpV4Fragmentation.None,
            HeaderChecksum = null, 
            Identification = 123,
            Options = IpV4Options.None,
            Ttl = 30,
            TypeOfService = 0,
        };

        UdpLayer udpLayer = new UdpLayer
        {
            SourcePort = 4050,
            DestinationPort = destinationPort,
            Checksum = null, 
            CalculateChecksumValue = true,
        };

        PacketBuilder builder = new PacketBuilder(ethernetLayer, ipV4Layer, udpLayer);
        return builder.Build(DateTime.Now);
    }
}
}

Wireshark result: enter image description here

I would only add if I put breakpoint at line:

new Sender().SendUDPandGetStatus(selectedDevice, (ushort)i);

and push F5 button(5s interval), get correct result.

1
c#networkingudppcap.net
ICMP is a ping message and will get blocked if you have a routing loop. Try using from cmd.exe >PING 192.168.0.104 and see the response. Check the Time to Live to indicate how many routers message went through.jdweng
You may be right but in my case I have two computers connected to the same router. I checked tracert command and higher value of TTL - same. I think problem is with: "Linux 2.4.20 kernel limits destination unreachable messages to one per second". If I add " System.Threading.Thread.Sleep(1000);" inside in for loop, problem disappear. I can infer limit on the windows is same as on linux.Mroczny Arturek
Get the ip address and masks and make sure you have a route. You may want to ping each device in subnet to see which devices you can reach. Also go to destination device and ping source device. I suspect you have a route in one direction put not a return route.jdweng
Transmission works In two directions. Problem is with received ICMP packet. I cannot get it more than one per second(Case when all ports are closed).Mroczny Arturek

1 Answers

0
votes

This is what I found at Nmap documentation:

Nmap detects rate limiting and slows down accordingly to avoid flooding the network with useless packets that the target machine will drop. Unfortunately, a Linux-style limit of one packet per second makes a 65,536-port scan take more than 18 hours. Ideas for speeding your UDP scans up include scanning more hosts in parallel, doing a quick scan of just the popular ports first, scanning from behind the firewall, and using --host-timeout to skip slow hosts.

Documentation