0

Do router's normally use the ping command to discover local hosts? I ask because while I was at work my firewall on my personal laptop blocked two pings (among other things) and it said they came from the router. Is this normal or evidence of a curious/malicious user (because there are no network admins that might use it)?

Timeframe of Blocked Activity from Router's IP:

  • Ping @ 12:54 PM

    • UDP 49538 @ 4:09:17 PM
    • UDP 60655 @ 4:09:26 PM
    • UDP 1900 @ 4:09:39 PM
    • UDP 63266 @ 4:09:40 PM
    • UDP 51081 @ 4:11:15 PM

  • Ping @ 6:36:48 PM

    • UDP 1900 @ 6:39:25 PM
    • TCP 2869 @ 6:41:02 PM
    • UDP 49609 @ 6:45:24 PM

If I recall correctly, both pings occurred at about the same time that I brought my laptop out of sleep mode because I only used my laptop for a little bit before I closed it and I only used it a few times.

UnsafeUser
  • 3
  • 3
  • While there are legitimate reasons to sometimes ping devices to check liveliness, you're not giving enough information to judge that. If you can meassure the timeframes between pings, that might help. – Tobi Nary Jul 02 '19 at 05:42
  • Oi, thank you, I appended the timeline, but I responded too quickly because that was the answer to my question - whether or not routers use the ping command, my second question in the post was redundant. Sorry for any confusion. – UnsafeUser Jul 02 '19 at 13:04
  • This is no "ping". Port 1900 is UPnP and the other ports might be related to this too. – Steffen Ullrich Jul 02 '19 at 20:49

2 Answers2

0

A router often needs or wants to know what/who is on it's network. There are several routing protocols that need to know things.
If it is only two then that is strange. An attacker would likely ping or nmap the whole local network. A router likely would be doing this on an automated basis. This might be a better question for https://networkengineering.stackexchange.com/

MikeP
  • 1,159
  • 7
  • 12
  • Thank you. If a mod could move the post that would be great. Also, I'm only aware of the activity on my machine and I know that it is a LinkSys router, but I will get specific device information tomorrow. – UnsafeUser Jul 02 '19 at 03:13
0

It can be normal to see pings from a router. If you are using DHCP with conflict detection enabled it will verify if an address is in use (initiate a ping from a router to a specific IP address) before assigning it for use. If you are seeing this shortly after bringing a device on to the network - such as out of sleep mode - it's pretty normal.

If you are curious search for "DHCP conflict detection" or check this article.

Tim Brigham
  • 3,762
  • 3
  • 29
  • 35