Solved

How can I see the NAT translation of http packets from/to my laptop's private ip with internet

Posted on 2016-07-23
9
106 Views
Last Modified: 2016-07-26
Just curious: I understand that my router does NAT between my private home network and the internet.  How can I see/follow what happens when I enter a website's url into my browser?

I've got Fiddler installed - will this show me, or do I need wireshark?
I'm trying to see things like how my Internet router tags http packets so that it know how to route return packets to my laptop's nic vs. the virtual nic in a virtual machine running on my laptop which is also using the laptop's nic to get internet access.
0
Comment
Question by:SAbboushi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 18

Expert Comment

by:Akinsd
ID: 41726213
Wireshark may be able to capture the information. Filter for NAT traffic to view activities
0
 
LVL 4

Assisted Solution

by:AlexBlinov
AlexBlinov earned 100 total points
ID: 41726214
It is better to see on the router. Do you have console access to your router?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 41726239
It is not even better but required to use packet capture and the like on the router. After applying NAT you can not see the original IP addresses anymore when looking at the packets.
0
Database Solutions Engineer FAQs

In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller single-server environments.

 

Author Comment

by:SAbboushi
ID: 41726805
>> Wireshark may be able to capture the information. Filter for NAT traffic to view activities
Can anyone confirm this?

>> It is better to see on the router. Do you have console access to your router?
Yes (Arris/Motorola NVG589)

Qlemo: sorry - I did not understand what you mean
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 400 total points
ID: 41726842
I do not know how to say it better.

NAT changes one or both of source and destinatiion IP (and probably the ports, too).
If you run a packet capture on anything different from the device performing NAT, you do not see anything of relevance, because you either see the untranslated or the translated packet, but never both.
You need the NAT table of the NAT device to have a correlation between non-tranlsated and tranlsated packet.

The router (resp. the NAT device) has complete knowledge about the packet. Nothing else does. A router usually allows for listing the table, log NAT operation and so on. So it should be the single point of information you need.
0
 

Author Comment

by:SAbboushi
ID: 41726998
Thanks.  I've found the router NAT table.  It shows sessions for each ip address on my private network.

I'm running a guest OS in VirtualBox on the laptop configured to use my laptop's wireless nic.

My suspicion is that the NAT table of my router connected to the internet would have separate sessions for when my laptop (i.e. the host) OS is browsing the internet vs. when the VirtualBox guest OS is browsing the internet, right?  How would I differentiate between those sessions in the NAT table?
NAT-Table.png
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 41727086
Both machines should have different IP addresses, so that is how you can differ between those.
0
 

Author Comment

by:SAbboushi
ID: 41728799
Sorry - I seem to be missing something.

As I understand it, the NAT table for my router (connected to the internet) shows ip addresses on my private network.  A virtual machines on my computer is not on that private network: for a VM to communicate with the internet, VirtualBox needs to pass traffic through my computer's NIC card.   That NIC card is assigned only ONE ip address by my router.  So that router's NAT table only shows sessions associated with my computer, whether the packets are originating from my (host) computer's browser  or the VM's browser.

In summary, my computer and the VM share one NIC with the same ip address.

So I'm still trying to figure out:
How, in the NAT table, would I differentiate between internet browsing sessions on my computer vs. on a VM since they are both using the same NIC / ip address?  Will any of the columns in the table I posted earlier help me answer this question?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 41728949
Your VM should have an own IP address. Yes, it is using the physical NIC of the host, but virtual it is a different NIC.
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction and Prerequisites This article describes methods for detecting whether a client browser accepts and returns HTTP cookies and whether the client browser runs JavaScript.  Most client browsers will, by default, be configured to use cooki…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question