Tunneling IP Traffic Over ICMP


We all hate it when we find an unencrypted WiFi network at our favorite coffee shop, restaurant, airport, or other venue, only to discover that there are traffic restrictions. Most limited networks allow HTTP and HTTPS traffic only, or so is the common misconception. In the majority of cases, ICMP traffic is also allowed, permitting the users to ping websites and IP addresses. You may be asking, “Ok, so why does that matter?” Well, all of your IP traffic can be piped through an ICMP tunnel, disguising all your surfing as simple ping packets. [Thomer] has a detailed guide on how to create and utilize such a tunnel using ICMPTX. So the next time you are at the local cafe and want to fire up VLC to watch TV shows from your home PC, give this guide a quick read.

21 thoughts on “Tunneling IP Traffic Over ICMP

  1. Don’t most consumer grade router/firewall combos (like the type you’d come across at your local coffee shop) have ICMP flood protection built in, from both the WAN and LAN side? Seems like that would cause a some of them to lock up and bug out.

    Neat idea though, and I could definitely see how it would be handy to do.

  2. chuck: I believe the flood protection is only to protect the device against packets addressed to it (ie. that it would normally have to respond to). I don’t think it effects any other “passing through” packets.

    Having said that, ICMP can’t properly be put through Network Address (and port) Translation because it doesn’t use port numbers, so most places will use an ICMP Proxy application on the router to keep track of all of the packet flows. (your average Linksys router has this built in) That program has to keep a state of all outgoing and incoming packets, and unlike IPtables connection tracking within the Linux kernel, I doubt it’s super efficient, so you might well find that only a few hundred packets per second could make the poor old router run out of RAM and freeze or get CPU bound and drop packets.

  3. Eh? This is neither new, or anything to do with hacking…

    Anyway, I’ve been running IP-over-DNS for over a year now, with a bit of help from the another tutorial on the same site.

    Both of these tunneling implementations also have the ability to bypass many of the gateway “login” pages, such as those seen in Starbucks. I’ve found IPoDNS to interfere less with the operations of the server it’s running on & more frequently able to bypass the above gateways.

    There are a few IPoDNS implementations out there, one of which, memorably boasted impressive speeds of ~1Mbps. I chose NSTX for the supposed better stability.

  4. That’s not new, and since most people allows HTTPS, just run OpenVPN on port 443, tweak a little the config. so as to be able to run through proxys, and you get a cleaner solution, along with authentication (no MiM against your VPN connection), confidentiality and integrity.

  5. running openvpn on port 443 is useful in a totally different situation. icmptx can be used to get internet access when http is blocked. and it is MUCH faster than ip-over-dns. the only requirement is that you have to be able to ping your server.

    by the way, there is a much better implementation here:

  6. I found an app for android phones that will let you tunnel through ICMP it is called DroidVPN. The only downside of the app is it requires you to root your phone. But overall the app is pretty much easy to use. Just install and connect. Check out their website DroidVPN for more details.

  7. hans source warned by statically compiled the following tips to ask how to solve ?
    hans -c 104.xx.xx.xx -p password -d tun0 <
    ./hans: opened tunnel device: tun0
    ./hans: could not set tun device mtu
    ./hans: detaching from terminal

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.