[windows2000] Re: OT: Checking NAT device
- From: "Eduard L. Frerking" <elf@xxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Thu, 20 May 2004 20:51:58 -0700
Thank is exactly what I thought! There is no way for the WAN (internet side)
to know which host requested or sent the packet from the MAC or IP point of
view. That information is kept within the NAT device. Summary: The WAN
(internet) even with packet snifters and such, to know how many hosts
(computers) are on the LAN!
Thanks for the confirmation.
Eduard L. Frerking
Capt. Jason M. Dahl School
San Jose, CA
elf@xxxxxx
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Jeff Malczewski
Sent: Thursday, May 20, 2004 7:30 AM
To: 'windows2000@xxxxxxxxxxxxx'
Subject: [windows2000] Re: OT: Checking NAT device
Well, according to every single thing I've EVER read, and every single
certification exam I've ever taken, the source MAC address of the packets on
the outbound interface of your NAT device MUST be the MAC address of that
device, otherwise the packets won't be able to follow their return path.
Just like with a router.. The source IP will always be that of the source
host, but with every router hop the MAC address changes to that of the last
device that it passed through... NAT just changes the IP as well as the
MAC, and then maintains a state table to remember where the hell it all
goes.
-----Original Message-----
From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx]
Sent: Thursday, May 20, 2004 8:19 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: OT: Checking NAT device
How about a simple packet sniffer on a hub between the external
interface and the rest of the world?
Take a hub, plug one port into your "WAN" connection and plug another
into the "WAN" NIC on your server.
Plug in a laptop, and load up ethereal. Start capturing packets, and
then sort by mac address.
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Eduard L. Frerking
Posted At: Thursday, May 20, 2004 8:07 AM
Posted To: Windows 2000
Conversation: [windows2000] OT: Checking NAT device
Subject: [windows2000] OT: Checking NAT device
Sorry for the slightly OT.....
Is there anyway to test which MAC addresses are being seen outside a
NAT device such as a dual honed Win2K server?
We have a Win2K box acting as a Router/Bridge and DHCP server. One NIC
is connected to the Internet (WAN side) and the other to our network (LAN
side). It works well. However, is the anyway to test easily that our LAN
side host (computers, servers, etc.) MAC addresses are not seen on the WAN
side?
In other words, We want to test the NAT function that the translation
does not reveal the number or type of LAN side host we have to the Internet
WAN.
This question could be asked of any router that provides NAT.
Eduard L. Frerking
Capt. Jason M. Dahl School
San Jose, CA
elf@xxxxxx
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail.
Other related posts:
