Friday, February 10, 2006

 

NAT Translation entry. (Question #9)

After pinging through a box doing NAT, one might see a NAT entry like the following. The protocol is "icmp" as one expects but there is also a number after the colon in the IP addresses listed in the inside/outside global/local addresses. In the case of UDP or TCP the number after the colon would the port number involved. What does that number signify for the ICMP case?


R3#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.16.1.5:8 10.1.1.1:8 155.55.55.55:8 155.55.55.55:8


Comments:
The colon in this case... which is without TCP or UDP port numbers is the ICMP type of 8 echo, echo-reply type 0 would be expected to return.
 
No, that is not the right answer. With translated ICMP packets, you will see numbers other than 8 also.
 
ICMP uses IP Protocol for addressing information.
As the packets have a chance to be fragmented and the only way to identify if the packet is of the same stream is to use the IPID
(Identification) field.

This is the 16 bit field being used
with flags and in conjunction with the Fragment Offset field.

So the number next to the ip is the IPID of the ICMP packet.
 
Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?