At 5:52 -0700 8/30/00, jayakumar gurusamy wrote:
>hai,
>   i  am post grad student doing master in internetworking in 
>australia. i have to clarify a question with you, i will be very 
>glad if you spend some time to this mail. the question is how can i 
>test or identify that i am sitting behind a NAT box or not?. i 
>request you kindly to spare some time to answer my question. 
>expecting a positive reply from you soon.

NAT is a violation of the IP End-to-End model. The easiest way to 
detect a NAT is to set up an encrypted connection between two end 
systems, and have them exchange each other's idea of the remote 
system. If they don't match, there is a NAT in the middle, fiddling 
the packets. This works because a NAT can't translate or modify what 
it can't examine (i.e. the encrypted portion of a packet). This is 
why NAT is incompatible with IP security.

In computer network security circles, this is called the "man in the 
middle" attack.

The second easiest way to detect a NAT is to see if:

1. you can get out to any Internet site.

2. if your host has an address from Private IP address space (see RFC 1918).

If both are true, there must be a NAT involved (or a proxy) because 
Private IP addresses are not routable on the public Internet.

	Erik <fair@clock.org>
	co-author, RFC 1627.