At my home, I use a Broadband connection, behind a wireless router(Netgear).
There is a certain IP address assigned to my Laptop 10.0.0.3, for e.g. on this
wireless network.
Similarly there must be some IP address for the broadband modem I use as well.
I want a tool (for windows) which helps me in clearly visualizing, what happens
when I send a request to a website and how does the data get back to me
(and not to any other laptop connected to this wireless network), i.e.
how are the IPs resolved to make sure that I receive the data which I had
requested and not anyone else.
In case there is no such tool, a clearly written explanation would also suffice.
wireless network.
Similarly there must be some IP address for the broadband modem I use as well.
I want a tool (for windows) which helps me in clearly visualizing, what happens
when I send a request to a website and how does the data get back to me
(and not to any other laptop connected to this wireless network), i.e.
how are the IPs resolved to make sure that I receive the data which I had
requested and not anyone else.
In case there is no such tool, a clearly written explanation would also suffice.
Ans :
Wireshark is indeed the best way to see how this works from a packet by packet connection. However you seem to be interested in what happens inside the router, when it is translating from the external IP address to the internal address.To see this you would need to do a wireshark capture on both sides of the router, on the client side and on the link between the cable modem(or dsl or fios) and router. You can capture this with a hub ( not a switch, they are getting harder to find now ) that you plug the cable modem, the router and a pc running the capture software into.
Basically the router performs a species of network address translation (NAT) known by several different names (cisco calls it protocol address translation or PAT.
I will explain the basics, but here is a wikipedia article.
http://en.wikipedia.org/wiki/Port_address_translation
When your pc connects to a web server , it does the dns and packet connection descried by billbach above.
It then sends a tcp packet to the resolved ip address. www.google.com resolves as 64.233.169.147 to me here...
The packet looks sort of like this. I am skipping a lot of stuff, like mac addresses, flags, data... etc.
Source ip destination ip destination tcp port source tcp port
10.0.0.3 64.233.169.147 80 1032
That source tcp port will be the key to how pat works.
Your pc keeps track of the above in it's tcp connection table. You can see the tcp connection table in windows by typing netstat -an, or just netstat -a to see the dns names, but it takes longer.
If you have connected to google from your pc you will see this in the netstat -an results.
TCP 10.0.0.3:1032 64.233.169.147:80 ESTABLISHED
Now when that packet gets to your router, the default gateway, it does a bit of trickiness to convert that packet to the external ip address handed out by your isp. Lets say that is 13.13.13.13. You can find out what it really is by going to www.whatismyip.com, or checking the status inside the router configuration gui. It changes the source ip to its external interface, and it also modifies the tcp source port to a unique identifyer. How unique is up to the router, but it only needs to be uniqe in terms of destination and tcp port. So it looks like this...
Source ip destination ip destination tcp port source tcp port
13.13.13.13 64.233.169.147 80 32234
This is how www.google.com sees the connection, and it sends packets back on this tcp connction like this.
Source ip destination ip destination tcp port source tcp port
64.233.169.147 13.13.13.13 32234 80.
This packet gets back to the router (13.13.13.13) and it then checks it's PAT table and sees that this remote ip/source port/destination corresponds to the original connection and sends it back to the pc as
Source ip destination ip destination tcp port source tcp port
64.233.169.147 10.0.0.3 1032 80.
So, in short it keeps track of the ip-tcp source port-tcp destination port combinations in a table for both sides of the connection, and manages its many internal ip addresses using them.
This is TCP, it does the same for UDP, and does something a little different for icmp (ping for instance). Icmp is a little tricky, if a lot of users are getting icmp source quenches from the same external hosts, then a router might have problems getting back to the right pc. They definitely can have problems with protocols without ports. IPSEC vpn clients can have a lot of problems, especially if there are multiple clients behind the router going to the same external vpn concentrator. You might need to flash your router with new code to make it work. I did : -) .
SO, check out the wikipedia article. It is good.
No comments:
Post a Comment