The popularity of network address translation (NAT) devices such as home wireless routers has given rise to an increasing number of households with multiple computing devices sharing a single network connection. These devices make it difficult to distinguish the network traffic of multiple clients within a local area network, as their traffic appears to emanate from a single source Internet Protocol (IP) address.
Earlier proposed solutions have been based on operating system (OS) fingerprinting, Internet Protocol Identifier (IPID) analysis, and snooping network traffic headers and content. Tools such as p0f (refer to: ‘passive OS fingerprinting tool’, Michal Zalewski, <lcamtuf@coredump.cx>, 2000-2006; the entirety of which is hereby incorporated by reference) have been used in a non-real-time manner to gain information about distinct hosts behind a NAT. These solutions do not address the problem of tracking multiple active hosts, behind a NAT device, simultaneously in real-time.
Accordingly, a method and apparatus that enable the identification of multiple, simultaneously active clients behind a NAT device and for distinguishing their individual network activity by tracking their respective sessions remain highly desirable.