What allows ping to work for Standard users?

Hey everyone,

I've got a pretty deep question here that I hope someone can answer. In macOS, regular users can ping as well as root. Normally, root access is required to open the raw socket necessary to run ping. I've noticed on Linux that this usually accomplished by adding extended attributes to the ping program file to allow root-level access for opening raw sockets (in the past, this was done by just setting the setuid bit on the ping program, allowing it to do anything in its programming as root).

I've looked at /sbin/ping on macOS (High Sierra, specifically), and no such attributes are set, and neither is setuid. So what is macOS doing to allow Standard (non-root) users to ping? Are they sending ICMP packets over TCP or UDP? If so (or if there's another mechanism I'm just missing entirely), can you point me to some docs? Any help would be appreciated.

Thank you much,

Jason