How does NAT Work on the Packet Level?

1

So I am studying for my Network + and CCNA and had some confusion about how packets work. I was reading a similar topic at

How do IP answer packets reach their destination inside of a private LAN?

And I have a question on what's included inside the Ethernet frame and IP Packet. I understand that when a packet leaves its origin computer and heads to the Default Gateway to the destination computer, it undergoes NAT from both the origin Default Gateway and the Destination Default Gateway. Inside the Ethernet Frame or TCP/IP Packets, at any point when undergoing Network Address Translation (NAT) and after, does any part of the Ethernet or TCP/IP Frames/Packets retain information of the origin computer such as the origin computer's MAC Address, origin's computer IP Address or any personal identifiable information? Will the receiving computer know all these local networking information from the sender?

etnemo

Posted 2014-10-16T23:03:29.053

Reputation: 15

https://www.wireshark.org/ - Try it and look for yourself. :) – Ƭᴇcʜιᴇ007 – 2014-10-17T00:15:25.647

Answers

1

NAT is done by the gateway or firewall. When the gateway receives the packet, it does the following:

  • Discard the frame (Layer 2) header/trailer. We can pretty much ignore the frame since every switch will discard and recreate a new frame header/trailers. They never gets reused.
  • Discard the internal transport (Layer 3) header/trailer
  • Discard the internal network (Layer 4) header/trailer

The gateway will keep track of the source's internal IP & port and assigns it a new external IP (often the gateway's own IP) & port. It's the gateway's job to remember internal/external IP and port mappings so that it will know how to return packet replies back to the source.

  • The gateway then adds new network & transport headers/trailers based on the assigned external IP port.

No part of the source computer's Ethernet or TCP/IP Frames/Packets/Source IP/MAC Address is received by the destination computer. The internal source & port is entirely discarded when the packet leaves the first gateway.

However, the destination client's can usually find out the original computer's gateway. So if the owner of the original gateway logs connection data, he can find out who sent which packet. It all depends on how long the logs are kept. That's a lot of data to be storing, so it usually isn't done by anyone except Internet service providers, college campuses, and some larger companies. Similarly, if you use a proxy or VPN, your source is safe if the proxy or VPN owner doesn't track connections.

(It's also possible that the application data contain personal information, but that's outside of the scope of networking.)

HSuke

Posted 2014-10-16T23:03:29.053

Reputation: 411

Asked: 2014-10-16T23:03:29.053

Viewed: 2 618 times

Active: 2014-10-29T09:52:13.883