Previous | Next

Raw TCP sockets and WinPcap

Starting with PingPlotter 2.60, TCP packets can be used in addition to the previously available ICMP and UDP packet types. TCP traceroute allows access to some targets that were not previously available, but this comes with some caveats.

One challenge that many users will face is that Windows started blocking the ability to create TCP packets with the options needed for traceroute (starting with Windows XP SP2). See a Microsoft white paper for some more details on this.

There are several ways to "work around" this limitation in Windows, including:

  • Turn off the Windows firewall service. Issuing a "net stop sharedaccess" command from a command prompt will disable the raw socket block.
  • A piece of software (ie: PingPlotter) can use a device driver to bypass this restriction.

Since many of our users rely on Windows firewall service and/or Windows ICS (internet connection sharing), we've implemented a solution that uses a device driver to create TCP raw sockets.

Do you need to use WinPcap?

If you want to use TCP traceroute and your operating system is Windows XP SP2 or newer, then you will need to use WinPCap.

If you're using an older operating system (Windows 98, or Windows 2000 for example), then you probably don't need to use WinPcap. We'll update this page with more information if we find other situations where it's helpful.

How to install the driver

To make this as reliable as we could, we decided to use an open source (and free) driver, WinPcap to send raw sockets. This driver needs to be installed before PingPlotter can use it, and should be downloaded and installed based on the WinPcap instructions.

Install steps:

  • Visit the WinPcap site so you know what you're installing.
  • Download the driver. We recommend using the latest version. If you're using Windows Vista x64, then 4.0 or higher is required.
  • Install the driver. The WinPcap download page has reasonably good instructions. Basically, run the installer.
  • Make sure PingPlotter is configured to use WinPcap (the default configuration is to use it if its installed, so it should "just work").
  • You're done!
Shortcomings with WinPcap and PingPlotter

WinPcap allows PingPlotter to send packets directly to the network card. This is very powerful, but also means that the Windows protocol stacks don't help us with routing or validation of the packet. PingPlotter should do a good job with detecting if a gateway should be used and sending to that gateway, but might not work correctly with multiple gateways, or other complicated network setups. Please contact us if you find a network environment where PingPlotter seems to be making poor decisions or causing problems.

If you're not running as administrator (if you're using Windows Vista, for example), then you'll need to either manually start the WinPCap driver or run PingPlotter as administrator. For more details on how to do this, see the WinPCap FAQ, question 7 and question 18.