The Basics of Troubleshooting – Part 5 – PAT

This is a new blog post in my series called Interviewing for an IT Job. If you have not read the series announcement and my previous posts, please do so.

Index of Related Posts:

1. Interviewing for an IT Job

2. What You Need to Know When Interviewing For a Job in IT

3. What to Expect When Going Through the Technical Interview

4. What You Should Know about Headhunters and Recruiters

5. Tips for Networking Success

6. 5 Tips for Successful Webcam Interviews

7. The Basics of Troubleshooting – Part 1 – Ping

8. The Basics of Troubleshooting – Part 2 – Traceroute

9. The Basics of Troubleshooting – Part 3 – Firewalls

10. The Basics of Troubleshooting – Part 4 – NAT

11. The Basics of Troubleshooting – Part 5 – PAT

12. The Basics of Troubleshooting – Part 6 – 1:1 NAT

13. The Basics of Troubleshooting – Part 7 – Port Forwarding

Last week I introduced you to Network Address Translation (NAT) and today we are going to explore Port Address Translation (PAT).

What is Port Address Translation (PAT)?

Port Address Translation (PAT) is a type of Network Address Translation (NAT), which translates communications between devices on a private network and devices on a public network.

PAT is also known as port overloading, overloaded NAT, port-level multiplexed NAT or single address NAT.

So How Does Port Address Translation (PAT) Work?

Last week I used a picture similar to the one below to illustrate how Network Address Translation (NAT) works.

This is the typical setup for a home network. Our computers are connected to a cable modem or router, which in turn is connected to our ISP.

Although I told you that our router was using Network Address Translation (NAT) to route the traffic between our PC and the Internet, I did not mention that we were actually using Port Address Translation (PAT) to send packets from one side to another.

Port Address Translation (PAT) allows multiple devices on a private network to be mapped to a single public IP address, which in the example above is 8.1.4.20, the IP address assigned by our ISP.

When our computer (192.168.1.11) connects to a web server on the Internet, the router running Port Address Translation (PAT) will do the following:

Assign a port number to our computer.

Store the computer’s IP address and assigned port number in its translation table.

Replaces the private IP address with the public one.

Assign an external port number.

Add the external IP address and port number to its translation table.

Rewrite the IP header of the outbound packet with the public IP address and assigned port number.

Send the packets to the host on the Internet.

Then when the host on the Internet replies back, our router will:

Read the packet received by the external device.

Use the external port number and look for a match on its translation table.

Rewrite the IP header of the incoming packet with the internal corresponding IP address and port number.

Send the packet to the internal network.

It looks easy, right?

In the example above, I described only one computer communicating with a web server on the Internet, using one port.

The reality is much more complex.

Most likely we will have multiple devices (computers, iPhones, PCs, TVs, TiVo, etc.) connected to our internal network and all these devices may be connecting to many other devices on the Internet, using several ports.

For example, your computer may be checking email on port 993, while you listen to Pandora on HTTP 80 and Skype maybe running on the background listening on port 37572.

As you can see, one device may be connecting to multiple devices and services on the Internet at the same time, while another device is connecting to other devices using completely different ports.

It’s up to our router to keep its translation table updated and to rewrite incoming and outgoing packets with new header information.

The Translation Table

A translation table may look like this:

Outside Global

IP Address:Port Inside Global

IP Address:Port Inside Local

IP Address:Port 74.125.227.206:80 8.1.4.20:1450 192.168.1.10:1450 173.194.64.108:993 8.1.4.20:1510 192.168.1.10:1510 74.125.227.206:80 8.1.4.20:1600 192.168.1.11:1600 173.194.64.108:25 8.1.4.20:1620 192.168.1.12:1620

Let’s try to understand what is going on.

The user on computer 192.168.1.10 is doing a search at www.google.com (74.125.227.206). As you know the web browser will connect to Google using the HTTP protocol on port 80.

You can see that in the translation table, in the Outside column the IP address and port number is 74.125.227.206:80.

Now, what most people don’t realize is that even though your destination is on port 80, your router will assign a random port number to your computer and keep tabs on it by using the translation table.

In this example, our computer has been assigned to port 1450 by the router: 192.168.1.10:1450.

Why?

Well, look once again at the translation table.

You will notice that both 192.168.1.10 and 192.168.1.11 are going to the same destination, the web server 74.125.227.206:80. Most likely both computers are running completely different searches on www.google.com.

Notice however, that each computer has a distinct internal port number assigned by the router, so that it can track the incoming and outgoing packets between the hosts and deliver them to the correct devices. This is one of the mechanisms that allow multiple PCs on your home network to use the same resources on the Internet and, yet get reliable results while communicating with multiple resources and ports at the same time.

Wrapping Up

Port Address Translation (PAT) is a type of Network Address Translation (NAT) that is prevalent both on home as well as corporate networks. It is important to understand how routers use their translation tables to deliver traffic between networks and what that means when you are troubleshooting connectivity issues.

Resource List

Below is a list of links to important concepts and information that you should be familiar with.

Local Area Network (LAN) – http://en.wikipedia.org/wiki/LAN

Wide Area Network (WAN) – http://en.wikipedia.org/wiki/Wide_area_network

Fully Qualified Domain Name (FQDN) – http://en.wikipedia.org/wiki/FQDN

Domain Name System (DNS) – http://en.wikipedia.org/wiki/DNS

Uniform Resource Locator (URL) – http://en.wikipedia.org/wiki/URL

Router – http://en.wikipedia.org/wiki/Router_(computing)

Network Switch – http://en.wikipedia.org/wiki/Network_switch

Firewall – http://en.wikipedia.org/wiki/Firewall_(computing)

Ping – http://en.wikipedia.org/wiki/Ping_(networking_utility)

Nslookup – http://en.wikipedia.org/wiki/Nslookup

Traceroute – http://en.wikipedia.org/wiki/Traceroute

Ping-of-Death – http://www.cert.org/advisories/CA-1996-26.html

Denial-of-Service (DoS) Attack – http://en.wikipedia.org/wiki/Denial-of-service_attack

Network Address Translation (NAT) – http://www.cisco.com

What’s Next?

In my next article, I am going to explore the use of One-to-One NAT, also known as Static NAT.

Don’t miss it!

Cheers!

Fabio.