Inbound traffic is coming from router IP, not internet IP. Why?

5 pts.
Tags:
grc
Hamachi
Network security
packet analysis
Packet Sniffing
Packets
Shields Up
syn
VPN
Hello, thank you for your time. I have recently noticed a strange occurence going on with inbound traffic. The other day, I helped my friend set up his network. icmp ping was good. while sniffing, I first noticed inbound tcp traffic to me was not coming from my friend's IP address, but coming from my switch. (we used a simple udp tunnel to connect the LANs) I tested it using GRC.com's shieldsup utility. My port tested closed, which was the proper setting for the test. The packet trace indicated a ton of https traffic during grc.com visit between me and grc.com, then two small syn and syn+ack packets in the middle, the syn of which was grc.com's test packet. The problem is, that syn packet said it came from my home switch IP, not a grc.com IP. My syn+ack response, the second packet, also had the router ip as the destination address, yet grc picked it up as a closed port indication. My question is, even though traffic seems to behave correctly for the most part, why is my network spy v2.0 seeing all inbound traffic as originating from my router, not the internet IP it did come from? (it used to indicate the internet host the traffic came from. i have not tried a second sniffer.) The behavior confuses apps. using hamachi, when my friend logs in, hamachi indicates the tunnel is up on my router's ip, not his ip, a departure from previous behavior. I am using cox cable internet, which does block many typical service ports. I don't know if this is another way the isp found to hose up inbound traffic.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Is it possible that you are using some type of network address translation or mapped IP? If the router is acting on behalf of the client then the behavior you see would be expected.

—————

Agreed… A routers job is to transfer packets from network to another. In doing so, most of the time it will typically strip off the “source/destination” info of packets and reapply its own information as the “source” as it forwards packets to your LAN, for example…

Not sure what the “hamachi” program you mentioned is, but the behavior you mentioned is typical, as stated above, of routers/L3 devices…

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following