North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SlashDot: "Comcast Gunning for NAT Users"

  • From: David Charlap
  • Date: Thu Jan 31 16:48:55 2002

Keith Woodworth wrote:
> From a technical standpoint how does one detect NAT users over the
> network?

You can't deterministically do so, but there are some telltale signs. 
NAT implementations (at least the ones I've seen) tend to choose very
large port numbers (above 30,000) for the ports that they generate.

Of course, this can happen without NAT.  And it is possible to write NAT
stacks that choose low-numbered ports (it's trivially easy to make this
change in the Linux IPMASQ code, for instance.)

Anybody who tries to detect NAT through these kinds of heuristic methods
will end up with a lot of false positives and false negatives.  And if
it becomes a problem, the NAT implementors will simply alter their code
to make it impossible to distinguish from a single host's traffic.

-- David