SlashDot: "Comcast Gunning for NAT Users"

David Charlap David.Charlap at
Thu Jan 31 21:44:59 UTC 2002

Keith Woodworth wrote:
> From a technical standpoint how does one detect NAT users over the
> network?

You can't deterministically do so, but there are some telltale signs. 
NAT implementations (at least the ones I've seen) tend to choose very
large port numbers (above 30,000) for the ports that they generate.

Of course, this can happen without NAT.  And it is possible to write NAT
stacks that choose low-numbered ports (it's trivially easy to make this
change in the Linux IPMASQ code, for instance.)

Anybody who tries to detect NAT through these kinds of heuristic methods
will end up with a lot of false positives and false negatives.  And if
it becomes a problem, the NAT implementors will simply alter their code
to make it impossible to distinguish from a single host's traffic.

-- David

More information about the NANOG mailing list