Network Address Translation (NAT) Behaviour – Final report


  1. Zincir-Heywood, A.N.
  2. Gokcen, Y.
  3. Aghaevi, V.
  4. Howes, R.
Corporate Authors
Defence Research and Development Canada, Centre for Security Science, Ottawa ON (CAN);Dalhousie Univ, Halifax NS (CAN) Faculty of Computer Science
Network Address Translation (NAT) is the mechanism, which is used to modify a packet's IP address information while it is in transit across a network routing device. Because NAT can hide a computer’s or even a network's IP address, identifying the presence of NAT in network traffic is an important task for network management and security. The aim of this work is to identify the presence of NAT in the network traffic by utilizing different approaches and evaluate the performance of these approaches under different network environments represented by the availability of different data fields. To this end, passive fingerprinting and data mining based approaches are used and evaluated under different test conditions. In these experiments, not only packet header and flow based features are employed without using source and destination IP addresses, source and destination port numbers and payload information, but also payload information is analyzed to understand how much performance gain is reached if it is available. Last but not least; experiments are also performed to identify NAT devices in encrypted as well as non-encrypted traffic.
Report Number
DRDC-RDDC-2014-C74 — Contract Report
Date of publication
01 May 2014
Number of Pages
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: