Post on 08-Jan-2018
description
Version IHL Total Length
FlagsIdentification Fragment Offset
Time To Live
Destination Address
Options Padding
Protocol = 6
Type of Service
IP H
eade
rTC
P
Destination PortSource Port
Sequence Number
Acknowledgment NumberDataoffset
FINSYN
URGACK
PSHRST
Window
Urgent PointerPaddingTCP Options
TCP Data
Source Address
Header Checksum
Checksum
10.0.0.1
Public Internet
192.9.200.1
Private Address Realm
Source: 10.0.0.1Dest: 192.9.200.1
Source: 192.9.200.1Dest: 10.0.0.1
Host AHost B
10.0.0.1192.9.200.1
Host AHost B
Site NAT
Public InternetPrivate Address Realm
Source: 10.0.0.1/2000Dest: 192.9.200.1/80
Source: 192.9.200.1Dest: 10.0.0.1/2000
Source: 139.130.1.1/3000Dest: 192.9.200.1/80
Source: 192.9.200.1/80Dest: 139.130.1.1/3000
NAT Binding
10.0.0.1 / 2000 139.130.1.1 / 3000
Host A
Host B
Site NAT
Host C
Port 90
Port 91
Port 90
Port 91
Port 2001
NAT Binding NAT Filter
Local Addr / Port External Addr / Port -- External Access Mask
A / 2001 Z / 3001 -- B / 90
Initial PacketSource: A / 2001Dest: B / 90
Source: Z / 3001Dest: B / 90
Host A
Host B
Site NAT
Host C
Port 90
Port 91
Port 90
Port 91
Port 2001
NAT Binding NAT Filter
Local Addr / Port External Addr / Port -- External Access Mask
A / 2001 Z / 3001 -- * / *
Initial PacketSource: A / 2001Dest: B / 90
Source: Z / 3001Dest: B / 90
Host A
Host B
Site NAT
Host C
Port 90
Port 91
Port 90
Port 91
Port 2001
NAT Binding NAT Filter
Local Addr / Port External Addr / Port -- External Access Mask
A / 2001 Z / 3001 -- B / *
Initial PacketSource: A / 2001
Dest: B / 90
Source: Z / 3001Dest: B / 90
Host A
Host B
Site NAT
Host C
Port 90
Port 91
Port 90
Port 91
Port 2001
NAT Binding NAT Filter
Local Addr / Port External Addr / Port -- External Access Mask
A / 2001 Z / 3001 -- * / 90
Initial PacketSource: A / 2001Dest: B / 90
Source: Z / 3001Dest: B / 90
STUN Request To alternate
Addr and Port
Response?Same IPAddr and
Port?
Same IPAddr and
Port?
STUN RequestChange Response:
Addr and Port
STUN Request
STUN RequestChange Response:Port
UDP Blocked
N Y
Response?
UDP FirewallOpen Internet
STUN RequestChange Response:
Addr and Port
Response?
Full Cone NAT
Response?
Symmetric NAT
Restricted NATPort Restricted NAT
N
N
N
N
N
Y
Y
Y
Y
Y
Host A
Site NAT
Host D
NAT Binding NAT Filter
Local Addr / Port External Addr / Port -- External Access Mask
A / 2001 Z / 3001 -- * / 2001 D / 2002 Y / 3002 -- * / 2002
Port 2001
Port 2002
Source: D / 2002Dest: Z / 3001
Source: Y / 3002Dest: Z / 3001
Source: Y / 3002Dest: A / 2001
Port y1
Host X
Host Y1
Site NAT
Host Y2
Port x
NAT Binding NAT Filter
Local Addr / Port External Addr / Port -- External Access Mask
X / x X1 / x1 -- ? / ?
Source: X / xDest: Y1 / y1
Source: X1 / x1Dest: Y1 / y1
Port y2Source: Y2 / y2Dest: X / x
Source: Y2/ y2Dest: X1 / x1
Use Address andPort X1 / x1