Why does it require Administrative rights? about powerping HOT 11 OPEN

Summary

PowerPing has its own implementation of ICMP and sents custom ICMP/Ping packets. To send these custom packets we need to use Raw sockets and in order to create a raw socket you need administrative rights on Windows.

Technical reasoning

Our current flow

Our ICMP implementation can be found in ICMP.cs. At runtime we open a raw socket and send our ICMP packet in bytes via that socket.

Raw sockets enables us to send our custom Ping packets with whatever ICMP or IP properties we want.

Why do Raw sockets require Administrative Rights?

On Windows, Microsoft restricted Raw sockets access due to security concerns in Windows XP and have required a user to have administrative rights in order to create them ever since:

Raw sockets offer the capability to manipulate the underlying transport, so they can be used for malicious purposes that pose a security threat. Therefore, only members of the Administrators group can create sockets of type SOCK_RAW on Windows 2000 and later. (From Microsoft Docs)

Why not TCP or UDP?

ICMP is a protocol that exists in the network layer of the OSI model, it is not designed to be used with a transport layer protocol such as TCP and UDP (which are a layer above). Instead it is designed to be used as its own protocol and transported within IP packets.

Despite the fact that TCP and UDP sockets can be created without administrative rights they are not and cannot really be used to transport ICMP packets (more about that below).

Why not use the Ping class in .NET?

The Ping class in both .NET 4.8 and .NET Core use iphlpapi.dll to send ICMP packets. They provide a safe wrapper around the library and do not require administrative rights to send pings.

Unfortunately, the actual interface isn't really good enough for our needs, it does not allow for the level of customisation that we want. We can't perform actions like the following:

• Changing and reading the ICMP type
• Changing and reading the content of the ICMP message field
• Reading and manipulating checksums of packets
• Artificially inflating the size of the ICMP message
• Custom timeouts
• Changing the configuration of the IP packet (such as TTL and Don't Fragment headers)

Plus the performance overhead of sending lots of ICMP packets quickly (like we do in the Flood mode) is pretty severe when dealing with all the marshalling and safe guards around the iphlpapi.dll library.

Possible solutions

• I think some ping tools use UDP to send ping packets, we could try and implement something like this but I haven't researched too much into the posibility of this working.
• We could use the iphlpapi.dll library like .NET Core and .NET Framework, to send our ICMP packets instead of RawSockets. We could abstract our socket implementation to allow us to use RawSockets or native libraries to send the code (this option seems quite viable, although requires quite a bit of work)

Conclusion

I hope this helps you understand why PowerPing requires admin rights. I know it is kind of inconvenient but at this point it is with Raw sockets (and therefore administrative rights) that we have been able to get the level of functionality, customisatibility and performance that PowerPing has had since it's earliest versions.

I'll pin this issue and add a link to it in PowerPing for future reference.

from powerping.

I understand your concerns, it annoys me too that PowerPing can't be used in more enviroments, isn't immediately accessible to more users and requires people to trust a ping program with administrative rights but this is just how PowerPing has been built. Adding a method of sending pings without administrative rights is certainly possible but, you're right, it would require a fair amount of work.

I would say leave the issue open because it is something that I want to be properly addressed, it just will take a while for me to personnally get round to working on it. I am open to any solutions that people might have in the meantime, it's definitely something that I want resolved just as much as you and others.

from powerping.

1.) PowerPing is a console application, you use arguments to tell it what to do. Arguments for a program are entered on the commandline after the executable name. To ping something you type this in a console in whatever directory PowerPing is in:

PowerPing.exe 8.8.8.8

2.) This is not a virus, PowerPing runs in the process PowerPing.exe. It does not use any subprocesses.

from powerping.

Hi, what is about creating a docker image to avoid elevating privileges?

It's not a solution that I would personnally be happy with, I'll leave that as an excersise to the use if that is something they want to do.

By the looks of things the next version .NET (.NET 6+) seems to allow using raw sockets without admin rights so that is potentially the perfect solution to this problem.

from powerping.

I have updated PowerPing to .NET 6 and it doesn't seem to require admin rights anymore. You can test out the new version of the build here: https://github.com/Killeroo/PowerPing/releases/tag/v1.3.4

I'll keep this issue open for a few weeks to catch any potential issues or edgecases but will look to close this as the upgrade seems to have addressed this requirement.

from powerping.

hey thanks for this text, it explains a lot. My concern is that 1) a lot of people in many offices have restrictive PCs with no administrative rights, if they wanted to use PowerPing they wont be able to so it limits its use, 2) a process running as admin getting hacked is far worse then an attack on a non-administrative process for obvious reasons, so before running anything as administrative a person like me first evaluates if this app's working really qualifies to be run as an admin (ie if its important enough to be run as an admin). A process like "ping" is a fairly simple process (for people who dont really understand what goes on behind the scenes) so I was like "wait, why on earth is this console ping requiring admin rights", so I had to ask. Now I trust it so I have no prob running it as an admin. But a lot of people wont come here and ask for the why part of this, they may simply use another executable which doesnt require admin rights. See if some interesting work out can be figured for this, maybe some features if invoked require admin rights (condition based elevation) and if not using those it simply continues with normal rights, I am guessing it will require a lot of work.

from powerping.

should I close this issue because its really not an issue for me anymore and others can read to understand why this needs admin rights?

from powerping.

I just downloaded and executed the file and using run as administrator and using my System User name and Password. The PingPower popped up and then after pressing any button it disappears!
My system is: Windows 10 Enterprise (64bit)

from powerping.

This is intended behaviour to stop the new console from closing too quickly. You will also need to enter an address as an argument to ping or nothing will happen. The wording in the text could probably be clearer though.

from powerping.

I tried it on two windows 10 and 8.1 system and after executing using run as administrator both:

• PowerPing.exe
• PowerPing.x86.exe

I'm still facing the following issue and can't even type anything an argument including ping with an IP address.
In the first look whoever uses the last release of PowerPing concerned about Malware in the system.
Is there any explanation for this?  
Even I checked in Task Manager to see where it processes but I couldn't find that if it is processing behind of other running windows or like services runs as threads under a svchost process.

from powerping.

Hi, what is about creating a docker image to avoid elevating privileges?

from powerping.