How do ping packets get to the ping utility in a NATed network?

Antonio9000Antonio9000 Member Posts: 5 ■■□□□□□□□□
I did this test from two PCs at home that are connected to a typical SOHO router, so the router is doing Network Address Translation.

I pinged successfully an IP address from the two computers:
ping 8.8.8.8.

My doubt is, if ICMP doesn’t use port numbers, as it is only layer 3, how can the router send the replies to my computers?   

My understanding of NAT is that the port numbers help the router identify the computer that initiated the Ping.

Any insights much appreciated.

Tagged:

Comments

  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,820 Admin
    Ports are used in Layer 4 to route packet traffic to specific networked applications connected at Layer 7. ICMP is a protocol service in the TCP/IP stack that lives in Layer 3 and never interacts with the Application layers 5 through 7, so it never uses the concept of ports. Therefore, when NATting is used, only IP addresses are needed to allow a host to send and receive an ICMP ECHO messages.
  • Antonio9000Antonio9000 Member Posts: 5 ■■□□□□□□□□
    Thank you JDMurray, as explained in the post below, NAPT uses the ICMP Query ID the same way it would use a TCP or UDP port number. 
    https://superuser.com/questions/135094/how-does-a-nat-server-forward-ping-icmp-echo-reply-packets-to-users

  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,820 Admin
    I see what you are talking about. Always go to the source:
    From RFC 3022: Traditional NAT

    "In addition to TCP/UDP sessions, ICMP messages, with the exception of REDIRECT message type may also be monitored by NAPT router. ICMP query type packets are translated similar to that of TCP/UDP packets, in that the identifier field in ICMP message header will be uniquely mapped to a query identifier of the registered IP address. The identifier field in ICMP query messages is set by Query sender and returned unchanged in response message from the Query responder. So, the tuple of (Local IP address, local ICMP query identifier) is mapped to a tuple of (registered IP address, assigned ICMP query Identifier) by the NAPT router to uniquely identify ICMP queries of all types from any of the local hosts."

    Of course, if two programs on the same host sending ICMP ECHO REQUESTS through the same NAT router happen to use the same ICMP ident values then how those packet will be processed by the NAT router or source host's TCP/IP stack is undetermined.
Sign In or Register to comment.