I found an interesting program written by "who knows" at bitRAKE's site:

KPing is an ICMP pinger for windows. It can work as trace router too: you can do it by hand -changing the packet TTL value-, or asking program to do it for you (faster way).
I wrotte this program 3 years ago, and let it forgotten in a forgotten folder in a forgotten HD in a forgotten... So, I found it (and touch it a little) and now I uploaded it here to share it with people like the ones that visit this site and the win32asm community.



Here is the link: http://www.bitrake.com/phpBB2/viewtopic.php?t=245

Kecol.- (It was me) :oops:

PD: So...am I "who knows"? :P
Posted on 2004-12-14 20:38:11 by Kecol

KPing is an ICMP pinger for windows. I wrotte this program 3 years ago,

it must be a art of code.

no source code.
what's function the Kping?
need more detail.

good luck.
Posted on 2004-12-15 00:15:36 by dcskm4200
dcskm4200, KPing is an ICMP Pinger.

ICMP = Internet Control Message Protocol. (RFC 792)

The program creates and send an ICMP packet (datagram) with destination IP address.
There are differents type of packet used by the protocol, but KPing use only one:

PACKET TYPE: ICMP_ECHOREQ

And then wait the response (echo echo echo echo... :) )

See RFC to see what kind of packet can you receive (just a few types).

So, send an ECHOREQ and wait for response. This is how ICMP Pinger works. Now comes: how can KPing work as traceroute? Easy: using TTL value in IP Header.

IP: Internet Protocol (RFC 791)

TTL: Time To Live field (8 bits)
COPY-PASTE from RFC 791

This field indicates the maximum time the datagram is allowed to
remain in the internet system. If this field contains the value
zero, then the datagram must be destroyed. This field is modified
in internet header processing. The time is measured in units of
seconds, but since every module that processes a datagram must
decrease the TTL by at least one even if it process the datagram in
less than a second, the TTL must be thought of only as an upper
bound on the time a datagram may exist. The intention is to cause
undeliverable datagrams to be discarded, and to bound the maximum
datagram lifetime.


- TTL take care of internet use. With out TTL, a packet would live "forever" traveling from one side to another if destination IP address does not exist.

So, the thing is that KPing start sending ICMP packets with a TTL init value of 1 and run incrementing TTL value until receive a good response.

PC: send packet with TTL = 1
GW1: receive packet, decrement TTL, and destroy it because TTL=0
GW1: response with ICMP_TTL_EXPIRED to PC
PC: receive the ICMP_TTL_EXPIRED and surprise: receive GW1 IP too!!!

PC: send a new packet with TTL=2
GW1: receive packet, decrement TTL, and send it to GW2
GW2: receive packet, decrement TTL, and destroy it because TTL=0
GW2: response with ICMP_TTL_EXPIRED to PC
PC: receive the ICMP_TTL_EXPIRED and surprise: receive GW2 IP too!!!
...
...
...
PC repeat this procedure until no receiving of ICMP_TTL_EXPIRED packet.
So, this way, KPing will print every IP where TTL expired until destination IP is reached.

It is not hard like it looks. I hope you can understand my "english" and how KPing works.

Kecol.-
Posted on 2004-12-15 01:09:09 by Kecol
Code Warrior Kecol:

Thanks your reply.
I need more times to understand slowly.
do you test it on windows XP Home Edition sp2. ?

here is a running result.


KPing will print every IP where TTL expired until destination IP is reached.

I can't understand.

best regards
Posted on 2004-12-15 01:52:49 by dcskm4200
dcskm4200,

thanks to your last post I found an error in the program. "Bytes received" must be equal to "bytes sended". I made this mistake when I "touch it a little". I already correct that, and now, I'm going to contact to bitRAKE to see if he can update the file.

Packet:
-- --------------------
IP_HEADER (here lives TTL)
ICMP_HEADER (here lives type of ICMP) <---SIZEOF ICMP packet count from here.
DATA (filled with 'k' by KPing until sizeof ICMP packet to send is reached)
----------------------

Min ICMP packet size = SIZEOF (ICMP_Header) = 12 bytes

How pinger works?

Create and send an ICMP packet with type ICMP_ECHOREQ and wait for the ICMP_ECHOREPLY

How trace router works?

PC_A <---> GW1 <---> GW2 <---> ... <---> GW_n <---> PC_B

If you made a ping from PC_A to PC_B, TTL must be >= n to reach PC_B, then PC_B will response with the ICMP_ECHOREPLY. If TTL < n, then GW_TTL will response you with ICMP_TTL_EXPIRED.

So, tracer mode creates and sends an ICMP packet with type ICMP_ECHOREQ, but setting option TTL in IP header (going from 1 to n), and wait for the ICMP_ECHOREPLY

If you trace your local machine: 127.0.0.1, then TTL=1 is enough and you will discover than your packet was at sometime in IP 127.0.0.1 . Nothing useful. But if you use and ip address like 64.233.161.147 (google), then you will receive all the places between your PC and google server (route between you and another PC). A route is not always the same. But, maybe last IP before destination IP address will be a firewall or something like that :wink: .

I will tell you when file had been updated.

Kecol.-
Posted on 2004-12-15 08:28:44 by Kecol
Code Warrior Kecol:

thanks you reply.

Most of super coder like Iczelion, Hutch, EliCZ's, Thomas, Four_F,... is not only a Great Coder, but also Great Mentor. They shared great source codes for us. In the win32asm community, every coder has benefited from them.

next time, don't forget append your source code. it let me easy understand.

best regards.
Posted on 2004-12-15 09:12:55 by dcskm4200
Most of us learn best by example. We stand apon the shoulders of giants and all that stuff. Cool, huh?
Posted on 2004-12-19 03:29:15 by Homer
EvilHomer2k:

I read a lot of your posts, accessed the web that you host, downloaded very useful stuff. I never doubt that you are a super and great coder. but, on the influence, i think they are bigger toward most newbie in the win32masm world.

Hutch built a new face Forum.
very beauty.

regards
Posted on 2004-12-19 07:39:23 by dcskm4200