Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I'm trying to understand NAT (Network Address Translation) .
Can someone explain how can I determine if my computer is using a NAT (behind a NAT) , or
if it using its own IP address ?
What Barmar said in the comments is the easiest way. Obtaining your IP address over HTTP is indicative that you are behind either a NAT or an HTTP Proxy server. (I suppose it's possible you could have a public IP address, but your device is configured to route HTTP over a caching proxy).
Formal NAT detection and NAT classification can be done with the STUN protocol or equivalent protocol in which a UDP or TCP service echoes back the IP address back to the client that connected to it.
Another telling sign if you are behind a NAT is that your local IP address is in a private IP address range such as the 192.168.x.y range, the 10.x.y.z range, or then 172.16.0.0-172.31.255.255 range.
And pretty much any Wi-Fi setup is going to be a NAT configuration.
The NAT detection technique is based on two observations about the IP TTL (Time To Live) field.
Host operating systems have characteristic initial TTL values. This property of individual operating system implementations of TCP/IP is well known and can be used as part of a "fingerprint" to identify the operating system that a host is running merely by examining its traffic.
NAT devices or gateways decrement the TTL on packets that they forward.
For more details visit: http://www.sflow.org/detectNAT/
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have read somewhere that "if you are the remote user connecting to a web server, then your web browser would pick a random TCP port from a certain range of port numbers, and attempt to connect to port 80 on the IP address of the web server". Does that mean that a particular ip address at client side have multiple ports?
Every system which implements TCP/IP has multiple "ports". The IP address refers to the entire system, if that's all we had it would be pretty boring. One program on a system could talk to one program on another system.
Hence the idea of "ports". Ports are just a 16-bit number which "completes" the address. So, your program on system 1.2.3.4 wants to talk to the webserver running on 2.3.4.5. The webserver "binds" itself to port 80. This is an example of a "well known port". But, how is the webserver to get data back to you? Your program needs a "port" of its own. But, it can be any old number, it doesn't need to be well known, so it just tells the OS I need a port and the OS finds one not in use and your program is "bound" to that port. Say it is port 3456.
So now we have all we need: 1.2.3.4:3456 can talk to 2.3.4.5:80
and when the packets of data for port 80 arrive at 2.3.4.5, the OS delivers them to the webserver. And when the packets of data for port 3456 arrive back at your computer (1.2.3.4), your OS delivers them to your web browser.
Whereever you read that, it's wrong. The TCP implementation picks a random local port. Not the browser. There are 65535 TCP ports per IP address, and another 65535 UDP ports.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
Through this website IP to ASN lookup,I can get a series of results about the ASN,but I can't find the meaning of BGP prefix.Maybe I know what it is,however,how it works?
Is there anyone who can tell me the role BGP prefix plays in the ASN system?
A prefix announced in BGP consists of the IPv4 or IPv6 address block being announced and also a path of AS numbers, indicating which ASNs the traffic must pass through to reach the announced address block.
A BGP prefix would look something like (IPv4): 701 1239 42 206.24.14.0/24. The /24 part is referred to as a CIDR mask. The /24 indicates that the first 24 bits in the address block is the ?network? part of the address block.
Robtex provides BGP prefixes for each AS number (ex. https://www.robtex.com/as/as42.html#bgp)
First, let us clarify the relationship among an IP prefix, a route, and BGP NLRI.
The primary function of BGP protocol is to exchange network reachability information (i.e. routes) between BGP speakers. Routes are advertised between BGP peers in BGP update messages.
A route contains 1) a set of destinations as an IP prefix which is carried in the Network Layer Reachability Information (NLRI) field in a BGP update message, and 2) the attributes of the path to the destinations, which is carried in the path attributes field in a BGP update message.
Specifically, in BGP update message, an IP prefix is encoded as a 2-tuple form (length, prefix). Also, BGP has an AS_PATH path attribute which is a list of AS numbers through which the routes in this BGP update message has passed. For more details about how AS_PATH works, you can refer to RFC4271 section 5.1.2.
And of course, a BGP session (eBGP or iBGP) needs to be successfully established in order to exchange BGP update messages.
So now we can summary the answer for your question, a prefix is a part of a BGP route, and will be exchanged between BGP neighbors in a BGP update message.
BGP protocol is responsible to exchange IP blocks advertisement (IP prefixes) between Autonomous Systems.
So when you run a query on Cymru IP tool what you see is the IP blocks advertised on Internet using BGP protocol as they reach Cymru routers. In other words this is the internet routing table from their perspective.
Tools like this has a name: looking glass. There's a lot of LG's on globe as they're a very nice tool to understand how IP blocks spread around Internet. BGP play is another project that uses some LG's to mount a graphic view from the Internet prefixes. Check it: https://stat.ripe.net/bgplay
In BGP, a set of destinations is advertised as an IP prefix, eliminating the concept of network "class" within BGP.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 7 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
So, i was reading networking in depth. One concept i failed to understand was how different machines in LAN manage to access internet through one public IP address provided to company by ISP.
For eg. let's say the public address provided is 244.13.5.89. And all the machines when get to internet, they all are recognized as 244.13.5.89 despite their private address being 192.168.3.x, which is fine. But now when the router sends the request for each of these machines, how does it maps each response to respective machine?
If the answer is NAT, what entries does NAT has? Is there port no. or something else?
I will give you the idea about the complex case scenario :-
If all datagrams arriving at the NAT router from the WAN have the same
desti- nation IP address (specifically, that of the WAN-side interface
of the NAT router), then how does the router know the internal host to
which it should forward a given datagram?
The trick is to use a NAT translation table at the NAT router, and to
include port numbers as well as IP addresses in the table entries.
See more details about NAT Table here.
SORRY, don't know why it took me minutes to post an answer, it was not allowing me to add the answer...
NAT has following fields:
source computer address and website, so when it receives packet it will replace source computer address with its public address, and send it to the internet once response comes back it sees oh this come from the website and it was requested by the source computer. It will again replace destination address with source computer address and send it in LAN.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I understand that a router uses NAT to translate the public IP we get from the ISP to say 300 local IPs. Does a switch perform the same function? If not, how's it different?
No, a switch cannot perform NAT and translate public(s) IP addresses into private addresses.
A switch is a network device that filters and forwards packets between LAN segments. Switches operate at the data link layer (layer 2). So, they are not aware of IP addresses which are network layer (layer 3). A switch keeps a record of the MAC addresses of all the devices connected to it. With this information, a switch can identify which system is sitting on which port. So when a frame is received, it knows exactly which port to send it to, without significantly increasing network response times.
Routers are network devices used to interconnect two different networks (with different IP addressing schemes).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I know that when a HTTP request is made, packets are sent from a seemingly-random high-numbered port (e.g. 4575) on the client to port 80 on the server. Then the server sends the reply to the same high-numbered port, the router knows to route that to the client computer, and all is complete.
My question is: How is the return port (4575 in this example) determined? Is it random? If so, within what range? Are there any constraints on it? What happens, for example, if two computers in a LAN send HTTP requests with the same source port to the same website? How does the router know which one to route to which computer? Or maybe this situation is rare enough that no-one bothered to defend against it?
The NAT is going to decide/determine the outbound port for a NATed connection/session, via it's own internal means. Meaning, it will vary according to the implementation of the NAT. This means any responses back will come back to that same outbound port.
As for your question:
What happens, for example, if two computers in a LAN send HTTP
requests with the same source port to the same website?
It will assign different outbound ports for each. Thus, it can distinguish between the two in responses it receives. A NATs would create/maintain a mapping of translated ports, creating new outbound port numbers for new sessions. So even if if there were two different "internal" sessions, from two different machines, on the same port number, it would map to two different port numbers on the outgoing side. Thus, when packets came back in on the respective ports, it would know how to translate them back to the correct address/port on the inside LAN.
Diagram:
It depends on the NAT and on the protocol. For instance I'm writing this message behind a full cone NAT and this particular NAT is configured (potentially hard-wired) to always map an UDP private transport address UDP X:x to the public transport address UDP Y:x. It's quite easy to shed some light on this case with with a STUN server (google has some free stun servers), a cheap NAT, 2 laptops, wire shark and a really really light STUN client which uses a hard coded port like 777. Only the first call will get through and it will be mapped on the original port, the second one will be blocked.
NAT's are a hack, some of them are so bad that they actually override on return the public transport address not only in the header but even in the transported data which is kinda crazy.
ICE protocols has to xor the public address to bypass this issue.