Thursday, February 24, 2011

NAT and PAT Bacics

Well I am sorry you did not have the a ha moment. I did already get my Net+ cert so I guess I did have some additional info to draw from. It was a dry technical video. There were some key words in it that were network specific.
I will attempt to restate the thrust of the video in my own way. This should help you get the video.
As you know a PC needs a nic to get online. It contains sensative unique identifying information. With this info an attacker can have a clear line of sight into your machine. So the point of NAT and PAT is to take that unique MAC address info and re classify it into a scheme of corresponding substatute numbers. Not unique ones like ro 105 or 106 and so on. 
Now if you can visualize exiting a toll road where there are several lanes you might choose from. All the lanes will be marked 104 or 105 or 106 you must use your specific lane. Once you have gotten through the lane all of the traffic will be assigned another IP address. It will also get converged into 1 ramp to get on to the road that the exit was made for. This address (ramp) is unique to this Internet facing router but not to 104 105 or 106 they will all share this one number (or ramp). 104 goes to Google 105 goes to facebook and 106 goes to Angel Bryant Stratton (is a good student). These will be 2 way conversations. Google will reply to the unique IP that goes to the Internet facing router (ramp) the router will put the traffic back into the lane marked 104 or 105 or 106 since that is where it came from. Same for Facebook will put traffic on the router IP when it gets to the router it will be put into the 105 lane same for BS traffic will go on the 106 lane . 
The only difference is how the lane will be marked. If it is,105,106 that is a NAT using private network numbers. The router also has 65000+ ports to work with. So the sign in the lane would be PORT 22450 or PORT 43586 or whatever. They would be unique to the nic on the client workstation. It is a 3 part process either way. real MAC to 192 or 22450 to unique router IP which the ISP would assign to the site of choice and back to the router through the toll road lane marked 104 105 106 or port 22450 or 42586 and then back to you. Your real 48 bit MAC address would have never been sent out of your network. It would have been Translated.I hope this helps. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.