Wireshark Lab: NAT v7.0 Adapted from Supplement to Computer Networking: A Top-Down Approach, 7th ed., J.F. Kurose and K.W. Ross “Tell me and I forget. Show me and I remember. Involve me and I understand.” Chinese proverb   © 2005-2012, J.F Kurose and K.W. Ross, All Rights Reserved  In this lab, we’ll investigate the behavior of the NAT protocol. This lab will be different from our other Wireshark labs, where we’ve captured a trace file at a single Wireshark measurement point. Because we’re interested in capturing packets at both the input and output sides of the NAT device, we’ll need to capture packets at two locations. Also, because many students don’t have easy access to a NAT device or to two computers on which to take Wireshark measurements, this isn’t a lab that is easily done “live” by a student. Therefore in this lab, you will use Wireshark trace files that we’ve captured for you. Before beginning this lab, you’ll probably want to review the material on NAT section 4.3.4 in the text[1].  The basic idea behind NAT is that you can re-use private IP addresses behind the NAT router and these addresses will never be sent out onto the network, but are instead 'translated' by the NAT router to use a public IP address.  Several private addresses can be mapped to a single public address and are differentiated by port number.  The NAT router builds a table that allows the packets to be translated from their external to their internal addresses.   NAT replaces private address/port with the public address/port as packets are sent onto the Internet and when responses are received, NAT looks up the address and port in the table and replaces the public address/port with the private address/port. NAT Measurement Scenario In this lab, we’ll capture packets from a simple web request from a client PC in a home network to a www.google.com server. Within the home network, the home network router provides a NAT service, as discussed in Chapter 4. Figure 1 shows our Wireshark trace-collection scenario. As in our other Wireshark labs, we collect a Wireshark trace on the client PC in our home network. This file is called NAT_home_side[2]. Because we are also interested in the packets being sent by the NAT router into the ISP, we’ll collect a second trace file at a PC (not shown) tapping into the link from the home router into the ISP network, as shown in Figure 1. (The hub device shown on the ISP side of the router is used to tap into the link between the NAT router and the first hop router in the ISP). Client-to-server packets captured by Wireshark at this point will have undergone NAT translation. The Wireshark trace file captured on the ISP side of the home router is called NAT_ISP_side. Open the NAT_home_side file and answer the following questions. You might find it useful to use a Wireshark filter so that only frames containing HTTP messages are displayed from the trace file. Looking at the NAT_Home_Side trace, what is the IP address of the client in the HTTP GET request?    --------------------------------------------------------------------------------------------------------------------------------------------- [1] References to figures and sections are for the 7th edition of our text, Computer Networks, A Top-down Approach, 7th ed., J.F. Kurose and K.W. Ross, Addison-Wesley/Pearson, 2016. [2] Download the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract the files need for this lab.