Does NAT leave a trace of the internal source?

Sam

4/4/23, 9:41 AM

I was wondering if there is any trace left of the original source when a packet leaves NAT.

Let’s say I do a series of DNS requests from my machine to a public server. I’m behind NAT. Can the server somehow see that these requests originate from the same machine? For example, does NAT reuse the source port when it’s coming from the same machine?

0 + 0

domain-name-system

nat

Tero Kilkanen

4/4/23, 9:54 AM

It depends on the NAT implementation.

NiKiZe

4/4/23, 11:44 AM

Does the client OS reuse DNS connections, in most cases it's UDP so no, if so you get a new request, real traces are not there but analyzing data might give patterns, also if for example a website really wanted to trace you then they could use some of in each DNS name which could be traceable.

Score:5

Server

TomTom

4/4/23, 9:54 AM

That question has no good answer because you ask a very specific question - for a generic term.

NAT is an approach, not a program. Every router implementing NAT - may do so differently. Implementation detail.

So, there is no generic answer.

IIRC back in the day you could not only identify NAT was used, but also certain router producer (based on such implementation details) though that was YEARS ago - things have cleaned up then. Seriously, this requires analysis for every router and possibly differs even between firmware versions over the years.

Oh, and another one - your example is bad. REALLY bad:

Let’s say I do a series of DNS requests from my machine to a public server

In any network setup I hever have seen, you would not do that - your machine would do the DNS request to the router, which also acts as a local DNS server. Any request it can not fulfill would be forwarded. The reason for this is i.e. finding local assets also registered in the DNS... which the remote DNS would not know. Anyhow, using this (normal) setup, there would be no NAT involved as any outside DNS request would really come from the same device.