2

Can we find a sequence of packets that a host can transmit to determine whether it is located behind a NAT box?

I mean, without any special server support like STUN.

NonalcoholicBeer
  • 227
  • 2
    If it were possible to do it without STUN, why would we have need for STUN in the first place? –  Nov 28 '09 at 11:41
  • STUN servers give the external IP to the client. It is possible with lots of protocols to determine that nat is being used without having to fallback to a stun server. – Ryaner Nov 28 '09 at 22:57

4 Answers4

3

No there isn't unless the opposite end-point (call it B) purposefully (or not) include a reference to the IP of its peer (call it A). Another requirement on top of the aforementioned is that point B must not be using NAT itself.

In short, you either need the assistance of a standard/non-standard server (e.g. STUN or "home-made) or a leak in the communication abstraction. The latter should be considered a design flaw and considered unreliable (at some point somebody will probably fix it).

jldupont
  • 1,869
  • 1
    Indeed - the whole point is that the host shouldn't notice, and most NAT implementations rewrite as much as possible to make this the case. There are protocols that do expose the IP and aren't as commonly rewritten (e.g. SIP, some P2P, anything encrypted) but I suspect this might be considered "server support" ;) – SimonJ Nov 28 '09 at 17:59
  • @SimonJ: 100% agree. It is unfortunate but such leaks do occur. We must remember that NAT is a big "bandaid that shouldn't exist" from an architectural point of view... of course, money$ comes first and we needed ways to enhance security & multiple IPv4 end-points, hence NAT. – jldupont Dec 02 '09 at 11:34
3

Well, if your interface has a RFC 1918 private address but you can still reach common Internet hosts, your host is behind a NAT somewhere. :-)

Tommy McGuire
  • 186
  • 3
1

Apparently it can be done using the TTL field in the IP packets: http://www.sflow.org/detectNAT/.

FelixM
  • 121
  • 1
  • 3
  • Not all firewalls touch TTL. On Cisco PIX/ASA, this is actually a configurable option. – Max Alginin Nov 28 '09 at 17:52
  • I don't think this helps - it's for detecting NAT routers on your network that are "hiding" other hosts behind them, whereas the OP wants to know whether the host itself is behind NAT. – SimonJ Nov 28 '09 at 17:55
0

I don't think it's possible. As far as I know, there's no real way to tell if NAT is being used.

Daniel Lo Nigro
  • 504