Internal NAT

[Sir Asvald]

I've currently setup a NAT through Windows 2008 Server. I've got a separate IP address. I just wanted to know, can someone track my LAN IP through wireshark? 

 

So, Server has public ip of 192.168.x.x (which is connected to the internet) Private has 172.16.x.x, Would anyone using wireshark be able to see what I'm doing on the 172.16.x.x network?

 

Thanks.

[Oshino Shinobu]

If it is going through NAT to external networks, then yes, there are ways to track the traffic. If it's just on the local network, then they can't see unless they've managed to get a listener into your network that sends data outside of the network. 

Even if they did have a listener, the amount of information they could get would depend on the configuration of the network and how deep into the network they've penetrated. 

[Sir Asvald]

8 minutes ago, Oshino Shinobu said:

If it is going through NAT to external networks, then yes, there are ways to track the traffic. If it's just on the local network, then they can't see unless they've managed to get a listener into your network that sends data outside of the network. 

Even if they did have a listener, the amount of information they could get would depend on the configuration of the network and how deep into the network they've penetrated. 

Well the 172.16.x.x network can access the internet. So, anyone would still be able to track it?

 

I've got the server running 192.168.1.20 as the public internet connection. I've got a 172.16.105.100 as the private network. Let's say I were to download a file from a website. They would still be able to track what I downloaded on the 172.16.105.x network?

[Oshino Shinobu]

Just now, Abdul201588 said:

Well the 172.16.x.x network can access the internet. So, anyone would still be able to track it?

 

I've got the server running 192.168.1.20 as the public internet connection. I've got a 172.16.105.100 as the private network. Let's say I were to download a file from a website. They would still be able to track what I downloaded on the 172.16.105.x network?

Technically, if they receive a request from your network, it is possible to track it back and eventually find the IP the request came from on the local network. However, it's not as simple as looking in the packet and seeing the local IP. Unless someone really wants to find the local IP, it's not readily visible. As far as most applications are concerned, your entire network is just one IP. The packets that come and go contain information that the system running NAT (normally router) needs in order to convert the registered public addresses to and from non-unique local addresses. 

[Sir Asvald]

7 minutes ago, Oshino Shinobu said:

Technically, if they receive a request from your network, it is possible to track it back and eventually find the IP the request came from on the local network. However, it's not as simple as looking in the packet and seeing the local IP. Unless someone really wants to find the local IP, it's not readily visible. As far as most applications are concerned, your entire network is just one IP. The packets that come and go contain information that the system running NAT (normally router) needs in order to convert the registered public addresses to and from non-unique local addresses. 

Local Network, as in the 172.16.105.x or the 192.168.1.0.x? 

 

 

[Oshino Shinobu]

Just now, Abdul201588 said:

Local Network, as in the 172.16.105.x or the 192.168.1.0.x? 

 

 

Well, if your public IP is 192.168.1.0, then that is what applications will see when they get a request from your network. For the majority of NAT configurations, all local addresses are converted to a single public IP, which is why your network is seen as a single IP. 

[rEaGeNeReary]

Devices on 192.168.1.X can still do MITM and monitor all traffic on that network. If a connection is going to the inner network (172.16.105.x), it still needs to get through the 192.168.1.X.

 

 

[Sir Asvald]

22 minutes ago, rEaGeNeReary said:

Devices on 192.168.1.X can still do MITM and monitor all traffic on that network. If a connection is going to the inner network (172.16.105.x), it still needs to get through the 192.168.1.X.

 

 

Yes, that I know. What I'm trying to say is, can wireshark pickup the IP address of 172.16.105.x network when listening on the 192.268.1.x network?

[rEaGeNeReary]

6 minutes ago, Abdul201588 said:

Yes, that I know. What I'm trying to say is, can wireshark pickup the IP address of 172.16.105.x network when listening on the 192.268.1.x network?

No, since the router handling NAT replaces the source IP (requesting in behalf of the client inside its network). It just keeps a table on who requested which and passes it on to the client when a response arrives.

[Sir Asvald]

7 minutes ago, rEaGeNeReary said:

No, since the router handling NAT replaces the source IP (requesting in behalf of the client inside its network). It just keeps a table on who requested which and passes it on to the client when a response arrives.

Alright thanks for the help!