dcsimg
Results 1 to 15 of 15

Thread: Is it possible to send raw ethernet frames from VB6, using Windows API?

  1. #1

    Thread Starter
    Fanatic Member
    Join Date
    Oct 2008
    Posts
    997

    Is it possible to send raw ethernet frames from VB6, using Windows API?

    I know that with certain API functions from Winsock, I can access "raw" packets down to the IP level (below TCP or UDP), but that seems to be as far as I can go (at least using DOCUMENTED API functions). Is it possible at all using UNdocumented Windows API functions, to send individual network FRAMES (the Ethernet Protocol layer, below the IP Protocol layer)? This way, instead of sending the data to the destination computer by IP address, I would be selecting the destination computer by MAC address. If I knew the MAC (not IP) address of the destination PC, I would be able to send data to it.

    Is it possible to accomplish this using undocumented Windows API functions? If not, has any uber awesome software writer managed to write his own DLL file and/or kernel-level driver, which would permit such, and which would nicely interface with VB6?

  2. #2
    Fanatic Member
    Join Date
    Apr 2015
    Location
    Finland
    Posts
    672

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    May i ask, what would be 'possible' legitimate usage of such an functionality. I think there is none, what so ever - on the contrary.

  3. #3

    Thread Starter
    Fanatic Member
    Join Date
    Oct 2008
    Posts
    997

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    Quote Originally Posted by Tech99 View Post
    May i ask, what would be 'possible' legitimate usage of such an functionality. I think there is none, what so ever - on the contrary.


    I think it would be kind of neat to be able to send and receive messages at the Link level (rather than transport, or application level), using mac addresses, instead of IP addresses. It would allow one to communicate with a computer that was physically connected to a network, without actually establishing a higher level connection. Such computers would not need the router to assign them an IP address, but could still communicate with each other. It would allow stealth communications between 2 computers, while anybody using the network the normal way wouldn't even be aware that the computers using this special technique were on the network (wouldn't show up in the list of computers when checking the DHCP IP address assignment menu in the router's control panel). This would allow covert communications.

    After those Snowden leaks, I realized just how much communications are being spied on, by even our own government (which basically sees everybody as a potential suspect) through the use of unconstitutional wiretaps, not just some script kiddie hackers with keyloggers. In order to combat this unconstitutional spying, I've been looking for a way to write a spy-proof communication program, and I think that communicating at the Link level of a network might bypass most wiretaps that a hacker (whether a government, or a non-government entity) might install on a network. Wiretaps usually act like a transparent proxy, receiving and rebroadcasting network communications so that it arrives at its intended destination but also stores a copy of the communication that the hacker who installed the wiretap can then examine later. These wiretaps tend to operate at Transport (L3) or Application (L4) level, but don't usually look all the way down to the Link (L2) level. If I can write a program that uses a technique that can send raw Ethernet packets for secure communications, then I believe I might actually have a sellable product, given that a lot of people value online privacy, particularly regarding online person-to-person communications (email, chat, etc), and particularly in the wake of those Snowden leaks. My plan is to create a chat software that allows you to specify a destination MAC address, and send all packets at the Link level. The person you are communicating with will be able to send messages to you and receive messages from you, as long as you specify their MAC address as the destination and your MAC address as the source, and they specify their MAC address as the source and your MAC address as the destination. Such messages will be able to bypass any wiretaps. In fact nobody who's even looking at the router's control panel will know that your computer is physically connected to their network, because most routers only indicate a computer is connected when it uses DHCP to assign an IP address to that computer, and communicating at the Link level avoids having to have an IP address.

    With this, you could go into your PC's network settings and disable IPv4 and IPv6, and connect physically to the network and you will NOT get assigned an IP address. However, you will still be able to communicate with other computers using this software, by sending raw Ethernet packets. Think of this software I'm proposing as the network version of a submarine, unseen by all but specialized software, while normal network software (web browsers, etc) is the network equivalent of a battle ship, anybody with ordinary network software tools can find it and read all its communications.

    I've been searching the net for a while now, trying to find a component (StdCall DLL, ActiveX DLL, or OCX) that would let me add this raw Ethernet packet sending capability to VB6 software, but I haven't found any. And from what I've seen on MSDN there's no API functions that will allow this (at least not any documented ones, though there may be some undocumented ones that would). If anybody here has some ideas of where I could find something that will allow me to send and receive raw Ethernet packets, please let me know. Thanks in advance.
    Last edited by Ben321; Mar 7th, 2016 at 02:56 PM.

  4. #4
    Fanatic Member
    Join Date
    Apr 2015
    Location
    Finland
    Posts
    672

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    Rather weak explanation - as you can't communicate without destination IP address outside of your network address space.

    Sure there are covert channel data transmit consepts or communication obfuscation, but these generally are out of legitimate usage as well.

    In other words all communication could be eavesdropped - when it is way out of 'common type', the more it gains interest.

  5. #5
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    32,793

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    I have a number of issues with this thread, mostly of the ethical kind... but, putting that aside a few things to note:
    1) A network admin IS going to notice... at some point. Traffic is traffic... and when they start to see traffic w/o an associated IP start showing up in their logs...
    2) It's only going to work on direct connect computers... a router isn't going to know what to do with it. Odds are a switch isn't going to know either. Maybe... I suppose it could get the IP from its MAC tables, oh wait, there is no IP address.
    3) You can't transmit w/o somekind of protocol. So if you drop down below that point, you then have to devise your own protocol... and I don't just mean marking the data and transmitting what is what, but how the packets themselves are organized - do they all have to take the same route, and in the same order? What about nodes that store and forward? What happens when the last packet arrives before the first? The packets will need to know how to arrange themselves once they get to the other end.
    4) And here's probably the biggest issue - in order for your "black chat" to work... as you noted, IP4 and IP6 would be disabled, yes? You would also lose all other network connections and resources... shared folders, interwebtubesnet, VBF (sniff sniff, doncha like us any more?), printers, I mean everything... which really has the net effect of unplugging your computer from the network and ripping out the LAN card ... which seems a lot easier.

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  6. #6

    Thread Starter
    Fanatic Member
    Join Date
    Oct 2008
    Posts
    997

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    Quote Originally Posted by techgnome View Post
    I have a number of issues with this thread, mostly of the ethical kind... but, putting that aside a few things to note:
    1) A network admin IS going to notice... at some point. Traffic is traffic... and when they start to see traffic w/o an associated IP start showing up in their logs...
    2) It's only going to work on direct connect computers... a router isn't going to know what to do with it. Odds are a switch isn't going to know either. Maybe... I suppose it could get the IP from its MAC tables, oh wait, there is no IP address.
    3) You can't transmit w/o somekind of protocol. So if you drop down below that point, you then have to devise your own protocol... and I don't just mean marking the data and transmitting what is what, but how the packets themselves are organized - do they all have to take the same route, and in the same order? What about nodes that store and forward? What happens when the last packet arrives before the first? The packets will need to know how to arrange themselves once they get to the other end.
    4) And here's probably the biggest issue - in order for your "black chat" to work... as you noted, IP4 and IP6 would be disabled, yes? You would also lose all other network connections and resources... shared folders, interwebtubesnet, VBF (sniff sniff, doncha like us any more?), printers, I mean everything... which really has the net effect of unplugging your computer from the network and ripping out the LAN card ... which seems a lot easier.

    -tg

    From my understanding, regarding Link layer Ethernet frames, they can get around DHCP like this.
    Normally, when using IP addresses (such as with TCP/IP), Destination IP is sent, and the router has to use DHCP to resolve the Destination MAC address. It then uses this to send the packet to its destination.

    However with if I'm directly communicating with MAC address, the router can directly read the intended destination by the destination's MAC address (the first field in the Ethernet packet). And from there it knows where to relay the packet to, without looking up anything in its DHCP database. The only thing that it can't do is relay it over the internet. It should work perfectly fine for communicating between any 2 computers on a LAN. It doesn't have to be directly from one computer to the other. It can be instead computer-to-router-to-computer.

    Of course, I could be wrong in that assumption.

  7. #7
    PowerPoster
    Join Date
    Feb 2012
    Location
    West Virginia
    Posts
    13,143

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    I do not think DHCP has anything to do with it. You can turn off DHCP on the router and still send over TCP you just need to use static IP addresses in order to do so.

  8. #8
    Fanatic Member
    Join Date
    Apr 2015
    Location
    Finland
    Posts
    672

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    Quote Originally Posted by Ben321 View Post
    From my understanding...

    Of course, I could be wrong in that assumption.
    Yes you are. Router firstly removes L2 header from the packet and then looks packet destination IP address and finds MAC address for that destination ie. computer or other router/switch in network, depending on network topology - not other way around.
    Last edited by Tech99; Mar 9th, 2016 at 08:02 AM.

  9. #9
    Hyperactive Member
    Join Date
    Oct 2013
    Posts
    389

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    in my opinion, one should always code under the assumption that unauthorized users are currently eavesdropping the broadcasts.

    Would it not be easier, and more efficient,to encrypt, your data using out of the box, mathematically proven, encryption methods ?
    if its simple a chat, and latency is not an issue, why not even buff it up with junk and THEN encrypt it ?

  10. #10
    Fanatic Member namrekka's Avatar
    Join Date
    Feb 2005
    Location
    Netherlands
    Posts
    639

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    There is nothing wrong with receiving and sending raw packets.

    https://en.wikipedia.org/wiki/Pcap

    Many tools are available (legal). Even the famous Wireshark.

  11. #11
    Fanatic Member
    Join Date
    Apr 2015
    Location
    Finland
    Posts
    672

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    'Raw' (layer 2) packets contain and should contain source and destination IP addresses. What op meant, was communicating without IP addresses (at layer 1) - of course that is possible also, but such a communication is not routable.

    http://people.ece.cornell.edu/land/c...g6/mis47_ayg6/

    Internet Protocol Basics...

    <clip>
    Both the MAC address and IP of the sender and receiver are neccessary to send most types of information between two networked devices. Broadcast messages can also be sent, by specifying a blank MAC address in the "destination address" field, which are to be read by all devices. Devices that wish to send to a specific IP typically need to send a broadcast packet first, in order to find the MAC address of a specific IP. The device with that IP address is expected to respond back to the original device with a message containing its own MAC address. Since this initial broadcast is used by a machine on the server to verify the addresses of other machines, the protocol it follows is called the Address Resolution Protocol, or ARP.
    </clip>

    If one thinks that communicating at layer 1 is 'safe' or obfuscated method - in terms of sniffing, eavesdropping etc. - then 'good luck'.
    Last edited by Tech99; Mar 11th, 2016 at 08:10 AM.

  12. #12
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    32,793

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    sending and receiving packets is one thing... honestly I couldn't care less if that's what he was doing... he wants to do it sans IP... that becomes a bit trickier... He wants to do it so he can't be detected by the network... if he's on his own personal network, fine, I don't care... but then if he's on his own network he shouldn't be worried about someone seeing his traffic... which means he's not on his network, but on someone else's... I have ethical issues with that. Most networks have a clause when you log in - by continuing to use the network, you consent to potentially being monitored... if you don't want to be monitored, don't connect to the network.

    Network admins have a responsibility to ensure the safety and stability of the network - we've all been somewhere when the network goes on the fritz and know what a pill that can be. Part of ensuring this stability is tacking traffic... and if someone notices "unlogged" traffic (which by the way wouldn't be as untracable as you might think, there's still going to be a MAC address attached to it) that's going to raise red flags FAST... their first thought isn't going to be "oh someone's built a nifty little chat program" ... no... it's going to be a red alert situation... it's going to look like a virus run rampant on the network. For all they know that "innocent" looking data could be trade secrets walking out the door.

    I've seen what happens when unauthorized things like this get loose on the network... and in many cases it can be a fireable offence. I've seen what happens when a packet (or in the case a set of packets) get caught in a loop on the network (resulting from a crank email a coworker sent out - the only issue with it was the bad email address)... fortunately that incident simply resulted in a "don't. do. that. again."

    All that said, I get it... I don't necessarily care to be monitored either. But I acknowledge that my employer has that right to do so (it's their equipment after all, their VPN, their network)... and it's not a case of "Well if you're not doing anything illegal, then you have nothing to hide" because 1) that's a stupid argument in the first place, 2) company and gov't policy are different and as a private entity, the company does have that right - and what's being looked for here isn't just giving ye ol' birdie to the gov't... it's technically a breach of contract with the company. And since corporations are people too (yeah, I think that's crap too)... you're hurting people...

    Do I think Snowden is a hero? Not particularly ... Do I think he's a criminal? Not completely... When it comes to Snowden, there's a difference between a whistleblower and being an irresponsible **** (rhymes with slick). I think he falls into the latter more than the former. I think he handled it pretty badly and in the wrong manner.

    Do I think the FBI has the right to force Apple to unlock the phone in SanBerdoo? No. I've seen the argument that "well the police can force a bank to open a safety deposit box, so what's the difference?" The difference is that the bank has the means IN THE FIRST PLACE to open the safe... they have keys, spare keys, master keys... and those are already there and in place and usually have policies around their use. This is a case of "ummm... yeah, we kinda screwed up and need to you to completely rewrite a piece of your software to get around our dunderheaddedness"... completely different case. IN addition, safety deposit boxes are AT the bank, under BANK security and policy... they're not (usually) found out on the street lying around waiting for the police to come by. It is not someone's personal property. Big difference. Plus the FBI has been given help from others who say they can crack it and only it w/o having Apple open it up... so it's not like the FBI is with out options. They could go for this other option, and it bothers me that they aren't going that route. It tells me that they may take this "patch" and apply it in other cases in a less publicly manner.


    Well, shoot... when I started writing this, I didn't intend for it to become so political. It kind of got away from me... sorry...

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  13. #13
    Fanatic Member
    Join Date
    Apr 2015
    Location
    Finland
    Posts
    672

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    Personally i do not believe that 'state/authoritative level' actors are not capable of decrypting said device. I think that they are 'just' looking for juridistications/court case in this.

  14. #14
    Fanatic Member namrekka's Avatar
    Join Date
    Feb 2005
    Location
    Netherlands
    Posts
    639

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    My opinion is that sending and receiving (packet sniffing) raw packets is not something magic that opens a new world of hacking. As mentioned before if the message is encrypted its save. However its clear that with a public WiFi without an encryption its not save.
    I'm convinced that you can't break a system or get in a system with raw packets. I really don't believe these stories!

  15. #15
    Fanatic Member
    Join Date
    Apr 2015
    Location
    Finland
    Posts
    672

    Re: Is it possible to send raw ethernet frames from VB6, using Windows API?

    Raw or forked packets definitely are not something magic etc. but those certainly wake network admins to look what is going on.

    To open comms, i think it depens who 'you' are - intelligence organizations has computational power and highly skilled matemathicians and other top level technical competence.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width