How do IP answer packets reach their destination inside of a private LAN?

ip lan routing tcp packet
38,706

Solution 1

Even though the question has been fully covered. I feel like this process should best be described step-by-step.

For this example, I sit in a private LAN connected to the Internet through a router. Because our network shares a single public IP address, we use NAT.

So when I request the page superuser.com that will generate many IP packets. Let's look at a single one.

IP Packet
Source: 192.168.1.12 (my IP)
Destination: 64.34.119.12 (superuser.com)

Now, my system is most likely set up similar to the one in question. I have my own IP address (192.168.1.12), a subnet mask (255.255.255.0) and a default gateway (192.168.1.1). Now, because my Destination field in my IP packet points to a network different than my own, it is sent to my default gateway (rather than to the computer directly).

But how can the packet get to the default gateway, if the Destination points somewhere completely else?

Ethernet

That's easy, because we use the addressing of the Ethernet protocol for that. We just set our destination IP address in the IP packet and the MAC address of our default gateway as the destination in the Ethernet Frame.

Now that will make sure our default gateway gets the packet for superuser.com. Yay!

Now the gateway has our packet and could send it right on its path. But to make sure it will get the answer, it first need to replace the packet Source address (otherwise superuser.com would try to send the answer to some (possibly) non-existent device with my IP address on their network. Now that wouldn't be very nice.)
So my router will place its public IP address in the Source field:

IP Packet
Source: 92.69.127.243 (my public IP)
Destination: 64.34.119.12 (superuser.com)

Now that same game goes on and on with all the routers on the world until the packet finally arrives at superuser.com and an answer is generated.

The Answer

Answer IP Packet
Source: 64.34.119.12 (superuser.com)
Destination: 92.69.127.243 (my public IP)

Ok, the answer got to my router, now what? How does my router now know to send the answer to 192.168.1.12?

TCP

Well, that actually works because we have only looked at the IP and Ethernet parts of the communication. What makes this work is the TCP part.

You most likely know that web servers usually run on port 80. IP has no notion of ports. That comes from TCP. In TCP we have (like in IP) a source and destination port.

My TCP Packet to superuser.com
Source: 192.168.1.12 (my IP)
Source Port: 11111 (the port my computer made up)
Destination: 64.34.119.12 (superuser.com)
Destination Port: 80

When your router sends that initial packet (that's addressed to superuser.com on port 80), he will put a new source port in there (like 12345).
And this is the important part! He will remember that replacement!

My router's TCP Packet to superuser.com
Source: 92.69.127.243 (my public IP)
Source Port: 12345 (the port my router made up)
Destination: 64.34.119.12 (superuser.com)
Destination Port: 80

So the answer packet received by the router actually looks like this:
Answer TCP Packet from superuser.com
Source: 64.34.119.12 (superuser.com)
Source Port: 80
Destination: 92.69.127.243 (my public IP)
Destination Port: 12345 (the port my router made up)

So now he gets that packet and sees that it is for a port it previously remembered was assigned to NAT operations for IP address 192.168.1.12 (my IP address).

Answer TCP Packet from my router
Source: 64.34.119.12 (superuser.com)
Source Port: 80
Destination: 192.168.1.12 (my IP)
Destination Port: 11111 (the port my computer made up)

Solution 2

Network Address Translation. Briefly, when the private LAN's gateway router replaces the private LAN source address with its own public address, it modifies the packet in some way such as assigning a unique and otherwise locally meaningless port number which it maps back to the originating LAN node and outgoing request. It remembers this port mapping so when a reply comes back to the public IP/unique port #, it (the router) knows how to unmap that back to the one of its originating node. This is also how you can run multiple tabs, browsers or browser-instances and the replies to each browser request come back to the correct browser and tab.

Share:
38,706

Related videos on Youtube

Oliver Salzburg
Author by

Oliver Salzburg

Updated on September 18, 2022

Comments

  • Oliver Salzburg
    Oliver Salzburg over 1 year

    This is a little theory question that has been confusing me for a pretty long time.

    Basically, if we are inside of a private LAN, and we want incoming packets to reach, for example, an HTTP server located on one of the machines, we forward ports so that incoming packets reach exactly that computer.

    Now, I'm quite confused as to how 'response' packets reach their destination inside of a LAN, like, when we open a web page or so. Can't really find any useful information on that topic.

    I hope someone can give me a couple of clues or link me to some information that might explain it. Thanks.

    EDIT: I think I should clarify. An example of what I'm asking would be something like this:
    1. A computer inside of a LAN with a single external IP tries to load a web-page from a web-server outside of this LAN (Basically on the Internet)
    2. The web-server responds and sends the web-page back to that computer.

    What quite confuses me at this point is, how does the router know what computer to send the incoming data (given the router is connected to a LAN with multiple computers) without previous port forwarding.

  • Scott Chamberlain
    Scott Chamberlain about 12 years
    I edited your answer, it did not clearly show what was happening to the port numbers. I added more examples on the intermediate steps and what the port numbers where each step.
  • Ahmed
    Ahmed over 11 years
    @OliverSalzburg I was looking for the same question answered and your explanation helped me recall, just a quick question on this. Wondering for how long the router would keep this reverse mappings (source port) feels like it would run out of space if it keeps doing that for so many requests, does it flush them too regularly ?
  • Oliver Salzburg
    Oliver Salzburg over 11 years
    @Ahmed: The amount of memory to keep track of that information is limited. There are 65536 possible port numbers, they are stored in 2 bytes. So, to remember an IP address (4 bytes) for each port would sum up to 65536 x 4 bytes = 262144 bytes = 256 kB. However the specifics are implemented in the router, that's not a lot of memory.
  • Jon Bentley
    Jon Bentley about 11 years
    @Oliver Great answer, exactly what I was searching for! I have a few questions - (1) "same game goes on and on with all the routers on the world" - is that accurate? Surely the source field wouldn't continue to get replaced at each step? (2) Does the router remember the opened ports longterm or does it regularly drop them for non-responding requests? (3) Does this mean a hacker can get packets past through your router's firewall with a man-in-the-middle attack: snooping your outgoing TCP packets, then targeting your router's open TCP port with a spoofed source IP matching your destination?
  • Oliver Salzburg
    Oliver Salzburg about 11 years
    @JonBentley That's quite a few questions for a comment thread :P Feel free to open a new question though. Alternatively, find me on Root Access for a chat :)
  • prM
    prM almost 11 years
    Would the response from the server really say "source port 80"? Wouldn't it be from another port? Thank you.
  • Oliver Salzburg
    Oliver Salzburg almost 11 years
    @prM: Probably, yes. But for this example we imagine that the webserver that hosts superuser.com only uses a single port for all communication ;D
  • Jean
    Jean over 10 years
    How does an ICMP ping response come back to a computer in LAN ? Does it have something similar to port for TCP ? How about other protocols ?
  • Oliver Salzburg
    Oliver Salzburg over 10 years
    @Jean: I'm not really sure how it works with ICMP. I would have to read up on it but don't have the time right now.
  • Uri
    Uri over 9 years
    @OliverSalzburg, It is more than a year. Have you had time to read it up yet? What about the 140 or so IP protocols (such as ICMP) which are not TCP or UDP? Do NAT special case each one of them?
  • Uri
    Uri over 9 years
    JRobert: What about IP protocols (e.g. ICMP), other than tcp or udp, which do not have a port number?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Minimum size of the data part of TCP segment
What happen when I assign 2 IP on one NIC?
multiple default gateways for alias interfaces
How to create a custom packet in c?
TCP/IP file transfer C++
Send Raw IP packet in C#, everything above the ethernet layer
How to get pc-name from IP address?
openssh server is refusing connections by blocking or resetting
What does iptables -j REDIRECT *actually* do to packet headers?
Use two networks at the same time?