Search code examples
c#socketspacket-snifferssniffer

Sniffer ERROR: "an attempt was made to access a socket in a way forbidden by its access permission"

I have this problem when I'm trying to sniffing, I did declare a RAW_SOCKET with addressFamily and yet I don't know what my problem 

private void btnStart_Click(object sender, EventArgs e)
{
    if (cmbInterfaces.Text == "")
    {
        MessageBox.Show("Select an Interface to capture the packets.", "MJsniffer", 
            MessageBoxButtons.OK, MessageBoxIcon.Error);
        return;
    }
    try
    {
        if (!bContinueCapturing)        
        {
            //Start capturing the packets...

            btnStart.Text = "&Stop";

            bContinueCapturing = true;

            //For sniffing the socket to capture the packets has to be a raw socket, with the
            //address family being of type internetwork, and protocol being IP
            mainSocket = new Socket(AddressFamily.InterNetwork,
                SocketType.Raw, ProtocolType.IP);

            //Bind the socket to the selected IP address
            mainSocket.Bind(new IPEndPoint(IPAddress.Parse(cmbInterfaces.Text), 0));

            //Set the socket  options
            mainSocket.SetSocketOption(SocketOptionLevel.IP,            //Applies only to IP packets
                                       SocketOptionName.HeaderIncluded, //Set the include the header
                                       true);                           //option to true

            byte[] byTrue = new byte[4] {1, 0, 0, 0};
            byte[] byOut = new byte[4]{1, 0, 0, 0}; //Capture outgoing packets

            //Socket.IOControl is analogous to the WSAIoctl method of Winsock 2
            mainSocket.IOControl(IOControlCode.ReceiveAll,              //Equivalent to SIO_RCVALL constant
                                                                        //of Winsock 2
                                 byTrue,                                    
                                 byOut);

            //Start receiving the packets asynchronously
            mainSocket.BeginReceive(byteData, 0, byteData.Length, SocketFlags.None,
                new AsyncCallback(OnReceive), null);
        }
        else
        {
            btnStart.Text = "&Start";
            bContinueCapturing = false;
            //To stop capturing the packets close the socket
            mainSocket.Close ();
        }
    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.Message, "MJsniffer", MessageBoxButtons.OK, MessageBoxIcon.Error);
    }
}

basically that's the start sniffing button

Solution

  • This is by design as a security measure. You can circumvent this by running the application as "administrator". There are also other limitations with using raw sockets on windows.

    More information about raw sockets:

    http://msdn.microsoft.com/en-us/library/windows/desktop/ms740548%28v=vs.85%29.aspx

    Winpcap is a bit more flexible to use for a sniffer. There is also a c# wrapper for winpca

    http://pcapdotnet.codeplex.com/