table of Contents
What is NAT?
NAT (Network Address Translation, network address translation). It was originally proposed in 1994 to solve the lack of IPv4 addresses. IPv4 is 32 as the address, and the largest device is 2^32=4294967296. With the rapid development of the Internet, the address can no longer meet the needs. So how can so many users around the world be able to access the Internet? In simple terms, NAT technology is to uniformly convert a web address within a local area network into a uniform address to communicate with the external network.
Take a home router as an example. As shown in the figure below, the home router integrates routing + NAT + wireless AP. When our device is connected to the router, DHCP will automatically assign an IP address, such as 192.168.0.100, but the local area network address is If the Internet cannot be accessed directly, the NAT function of the router will convert the source IP address of the device in the LAN to the address 192.168.1.3 when the internal network device wants to access the Internet, and then communicate with the outside world. All devices in the LAN are hidden as 192.168.1.3 (wan port address). Finally, the general gateway will perform another NAT. Here 192.168.1.3 still cannot communicate directly with the outside world. After the general NAT gateway, the address is converted to 222.209.35.6. At this time, the IP of all internal network devices are hidden as 222.209.35.6 In this way, thousands of devices on the intranet may use one IP to communicate with the outside world, which solves the problem of insufficient IP.
You can query your own LAN IP address by viewing the local network properties, as follows
You can query the external IP by entering "IP address query" through the browser
NAT advantages
The biggest advantage of NAT is that the biggest contribution of NAT to us is to help us save a lot of ip resources and solve the problem of insufficient ipv4 address space.
NAT disadvantages
The equality of end-to-end communication is destroyed, users cannot be tracked based on IP addresses, and the network cannot be monitored.
How to monitor network traffic under NAT?
Take the above picture as an example, a network traffic monitoring IOTA or ProfiShark is connected between the gateway and the router,
(IOTA is a portable network analysis tool. OTA was developed to meet the needs of the industry's top network analysts and engineers. It is a multi-functional integrated solution that combines capture, storage, and analysis functions in a single device. It can be used as a portable data processing solution, or as a rack-mounted data center solution, easily deployed anywhere in the field. Get the link
ProfiShark series is part of Hongke’s series of portable and small fault diagnostics, which are used for networks Private network TAP for monitoring, traffic capture and analysis. Get link )
At this time, because the router has enabled the NAT function to hide the IP of the internal network as 192.168.1.3, then the traffic we monitor is from the address 192.168.1.3 as shown in the figure below
Unable to analyze the traffic situation of specific users on the LAN.
Solution:
Under normal circumstances, nat is necessary, so how do we monitor the traffic of all users in the local area network? Here we need to add a device-wireless AP.
Wireless AP (Access Point): the wireless access point, which is used in the wireless switch of the wireless network and is also the core of the wireless network. Wireless AP is the access point for mobile computer users to enter the wired network. It is mainly used in broadband homes, buildings and parks, and can cover tens of meters to hundreds of meters. A wireless AP can also be regarded as a wireless switch. Pay attention to the difference between a wireless AP and a wireless router. The wireless AP has no routing function and only has a LAN port.
By adding a wireless AP behind the router, let all LAN users connect to the wireless AP instead of directly connecting to the wireless router, and place the traffic monitoring capture device between the router without wireless AP, you can monitor all user traffic in the local LAN . As shown below:
