Suppose you are interested in detecting the number of hosts behind a NAT. You ob

Question

Suppose you are interested in detecting the number of hosts behind a NAT. You observe that the IP layer stamps an identification number sequentially on each IP packet. The identification number of the first IP packet generated by a host is a random number, and the identification numbers of the subsequent IP packets are sequentially assigned. Assume all IP packets generated by hosts behind the NAT are sent to the outside world. Based on this observation, and assuming you can sniff all packets sent by the NAT to the outside, can you outline a simple technique that detects the number of unique hosts behind a NAT? Justify your answer.

Explanation / Answer

a. Since all IP packets are sent outside, so we can use a pack sniffer to record all IP

packets generated by the hosts behind a NAT. As each host generates a sequence

of IP packets with sequential statistics and a distinct (very likely, as they are

randomly chosen from a large space) initial identification number (ID), we can

group IP packets with consecutive IDs into a bunch. The number of bunches is the

number of hosts behind the NAT.

For more practical algorithms, see the following paper. This paper has valid explaination than anyone, go finished it if possible.

“A Technique for Counting NATted Hosts”, by Steven M. Bellovin, seemed in

IMW’02, Nov. 6-8, 2002, Marseille, France.

b. However, if those identification numbers are not successively assigned but

randomly assigned, the technique suggested in part (a) won’t work, as there won’t

be clusters in sniffed data

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.