Raw TCP sockets with Windows XP SP2

Starting with PingPlotter 2.60, TCP packets can be used in addition to the previously available ICMP and UDP packet types.

TCP traceroute allows access to some targets that were not previously available, but this comes with some caveats.

One challenge that many users will face is that Windows XP, with service pack 2, started blocking the ability to create TCP packets with the options needed for traceroute. This now also applies to Windows 2003 SP1 and Windows Vista. See a Microsoft white paper for some more details on this.

There are several ways to "work around" this limitation in Windows XP, including:

  • Turn off the Windows firewall service. Issuing a "net stop sharedaccess" command from a command prompt will disable the raw socket block.
  • A piece of software (ie: PingPlotter) can use a device driver to bypass this restriction.

Since many of our users rely on Windows ICS (internet connection sharing) and/or Windows firewall service, we've implemented a solution that uses a device driver to create TCP raw sockets.

Do you need to use WinPcap?

If you want to use TCP traceroute and you're using Windows XP SP2, Windows 2003 SP1 or Windows Vista, then you will need to use WinPCap.

If you're using an older operating system (Windows 98, or Windows 2000 for example), then you probably don't need to use WinPcap. We'll update this page with more information if we find other situations where it's helpful.

How to install the driver

To save development effort and to make this as reliable as we could in the shortest time, we decided to use an open source (and free) driver, WinPcap to send raw sockets. This driver needs to be installed before PingPlotter can use it, and should be downloaded and installed based on the WinPcap instructions.

Install steps:

  • Visit the WinPcap site so you know what you're installing.
  • Download the driver. We recommend using the latest version (4.0 as of February 2007). If you're using Windows Vista x64, then 4.0 or higher is required.
    (Here is the direct link to the 4.0 install).
  • Install the driver. The WinPcap download page has reasonably good instructions. Basically, run the installer.
  • Make sure PingPlotter is configured to use WinPcap (the default configuration is to use it if its installed, so it should "just work").
  • You're done!

Shortcomings with WinPcap and PingPlotter

WinPcap allows PingPlotter to send packets directly to the network card. This is very powerful, but also means that the Windows protocol stacks don't help us with routing or validation of the packet. PingPlotter should do a good job with detecting if a gateway should be used and sending to that gateway, but might not work correctly with multiple gateways, or other complicated network setups. Please contact us if you find a network environment where PingPlotter seems to be making poor decisions or causing problems.

If you're not running as administrator (if you're using Windows Vista, for example), then you'll need to either manually start the WinPCap driver or run PingPlotter as administrator. For more details on how to do this, see the WinPCap FAQ, question 7 and question 18.