Keith Woodworth wrote:
From a technical standpoint how does one detect NAT users over the network?
You can't deterministically do so, but there are some telltale signs. NAT implementations (at least the ones I've seen) tend to choose very large port numbers (above 30,000) for the ports that they generate. Of course, this can happen without NAT. And it is possible to write NAT stacks that choose low-numbered ports (it's trivially easy to make this change in the Linux IPMASQ code, for instance.) Anybody who tries to detect NAT through these kinds of heuristic methods will end up with a lot of false positives and false negatives. And if it becomes a problem, the NAT implementors will simply alter their code to make it impossible to distinguish from a single host's traffic. -- David