Sunday, March 20, 2011

Cisco NAT and FTP


This testing shows that Cisco IOS NAT not only performs address translation, it can even modify the packet payload – it modifies the FTP PORT command in this case.

Below shows the packet payload captured on Client:


Below shows the packet payload captured on Server:

2 comments:

  1. Hi yap,

    can you please re-frame the sentence.. am so sorry I didnt understand the above :(

    ReplyDelete
  2. We often thought that NAT is only translating the IP addresses at the OSI Layer #3 - Network layer. In fact, it must be able to perform IP address translation for the packet payload carried in L3 IP packets, in order for the application layer to perform correctly. Packet payload refers to OSI Layer #4 to #7 data.

    ReplyDelete