Thank is exactly what I thought! There is no way for the WAN (internet side) to know which host requested or sent the packet from the MAC or IP point of view. That information is kept within the NAT device. Summary: The WAN (internet) even with packet snifters and such, to know how many hosts (computers) are on the LAN! Thanks for the confirmation. Eduard L. Frerking Capt. Jason M. Dahl School San Jose, CA elf@xxxxxx -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Jeff Malczewski Sent: Thursday, May 20, 2004 7:30 AM To: 'windows2000@xxxxxxxxxxxxx' Subject: [windows2000] Re: OT: Checking NAT device Well, according to every single thing I've EVER read, and every single certification exam I've ever taken, the source MAC address of the packets on the outbound interface of your NAT device MUST be the MAC address of that device, otherwise the packets won't be able to follow their return path. Just like with a router.. The source IP will always be that of the source host, but with every router hop the MAC address changes to that of the last device that it passed through... NAT just changes the IP as well as the MAC, and then maintains a state table to remember where the hell it all goes. -----Original Message----- From: Sullivan, Glenn [mailto:GSullivan@xxxxxxxxxxxxxx] Sent: Thursday, May 20, 2004 8:19 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: OT: Checking NAT device How about a simple packet sniffer on a hub between the external interface and the rest of the world? Take a hub, plug one port into your "WAN" connection and plug another into the "WAN" NIC on your server. Plug in a laptop, and load up ethereal. Start capturing packets, and then sort by mac address. Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Eduard L. Frerking Posted At: Thursday, May 20, 2004 8:07 AM Posted To: Windows 2000 Conversation: [windows2000] OT: Checking NAT device Subject: [windows2000] OT: Checking NAT device Sorry for the slightly OT..... Is there anyway to test which MAC addresses are being seen outside a NAT device such as a dual honed Win2K server? We have a Win2K box acting as a Router/Bridge and DHCP server. One NIC is connected to the Internet (WAN side) and the other to our network (LAN side). It works well. However, is the anyway to test easily that our LAN side host (computers, servers, etc.) MAC addresses are not seen on the WAN side? In other words, We want to test the NAT function that the translation does not reveal the number or type of LAN side host we have to the Internet WAN. This question could be asked of any router that provides NAT. Eduard L. Frerking Capt. Jason M. Dahl School San Jose, CA elf@xxxxxx This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.