Abstract
Many Internet customers use network address translation (NAT) when connecting to the Internet. To understand the extend of NAT usage and its implications, we explore NAT usage in residential broadband networks based on observations from more than 20,000 DSL lines. We present a unique approach for detecting the presence of NAT and for estimating the number of hosts connected behind a NAT gateway using IP TTLs and HTTP user-agent strings. Furthermore, we study when each of the multiple hosts behind a single NAT gateway is active. This enables us to detect simultaneous use. In addition, we evaluate the accuracy of NAT analysis techniques when fewer information is available.
We find that more than 90% of DSL lines use NAT gateways to connect to the Internet and that 10% of DSL lines have multiple hosts that are active at the same time. Overall, up to 52% of lines have multiple hosts. Our findings point out that using IPs as host identifiers may introduce substantial errors and therefore should be used with caution.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Armitage, G.J.: Inferring the extent of network address port translation at public/private internet boundaries. Tech. Rep. 020712A, Center for Advanced Internet Architectures (2002)
Bellovin, S.M.: A technique for counting natted hosts. In: Proc. Internet Measurement Workshop (IMW) (2002)
Beverly, R.: A robust classifier for passive TCP/IP fingerprinting. In: Barakat, C., Pratt, I. (eds.) PAM 2004. LNCS, vol. 3015, pp. 158–167. Springer, Heidelberg (2004)
Casado, M., Freedman, M.J.: Peering through the shroud: The effect of edge opacity on ip-based client identification. In: Proc. USENIX NSDI (2007)
Maier, G., Feldmann, A., Paxson, V., Allman, M.: On dominant characteristics of residential broadband internet traffic. In: Proc. Internet Measurement Conference (IMC) (2009)
Maier, G., Schneider, F., Feldmann, A.: A first look at mobile hand-held device traffic. In: Krishnamurthy, A., Plattner, B. (eds.) PAM 2010. LNCS, vol. 6032, pp. 161–170. Springer, Heidelberg (2010)
Miller, T. Passive OS fingerprinting: Details and techniques, http://www.ouah.org/incosfingerp.htm (last modified: 2005)
OECD. Broadband Portal (December 2009), http://www.oecd.org/sti/ict/broadband
Paxson, V.: Bro: A system for detecting network intruders in real-time. Computer Networks Journal 31, 23–24 (1999), Bro homepage: http://www.bro-ids.org
Phaal, P.: Detecting NAT devices using sFlow, http://www.sflow.org/detectNAT/ (last modified: 2009)
Xie, Y., Yu, F., Abadi, M.: De-anonymizing the internet using unreliable ids. In: Proc. ACM SIGCOMM Conference (2009)
Xie, Y., Yu, F., Achan, K., Gillum, E., Goldszmidt, M., Wobber, T.: How dynamic are IP addresses? In: Proc. ACM SIGCOMM Conference (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maier, G., Schneider, F., Feldmann, A. (2011). NAT Usage in Residential Broadband Networks. In: Spring, N., Riley, G.F. (eds) Passive and Active Measurement. PAM 2011. Lecture Notes in Computer Science, vol 6579. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19260-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-19260-9_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19259-3
Online ISBN: 978-3-642-19260-9
eBook Packages: Computer ScienceComputer Science (R0)