Raw TCP sockets and WinPcap

TCP traceroute allows access to some targets that were not previously available, but this comes with some caveats.

One challenge that many users will face is that most operating systems today (all Windows versions XP or newer) block the ability to create TCP packets with the options needed for traceroute. See a Microsoft white paper for some more details on this.

The best way to get around this problem is to use a custom network driver. PingPlotter supports the use of WinPcap (and spinoff/clone variants) for this.

How to install the driver

Install steps:

  • Visit the WinPcap site so you know what you're installing.
  • Download the driver. We recommend using the latest version. If you're using Windows Vista x64, then 4.0 or higher is required.
  • Install the driver. The WinPcap download page has reasonably good instructions. Basically, run the installer.
  • Use the TCP packet type in PingPlotter.
  • You're done!
Shortcomings with WinPcap and PingPlotter

WinPcap allows PingPlotter to send packets directly to the network card. This is very powerful, but also means that the Windows protocol stacks don't help us with routing or validation of the packet. PingPlotter should do a good job with detecting if a gateway should be used and sending to that gateway, but might not work correctly with multiple gateways, or other complicated network setups. Please contact us if you find a network environment where PingPlotter seems to be making poor decisions or causing problems.

If you're not running as administrator (or using PingPlotter as a service), then you'll need to configure WinPCap to start automatically (which is its default install mode). For more details on how to do this, see the WinPCap FAQ, question 7 and question 18.