Network Address Translation (NAT) Behaviour – Final report
- Authors
- Corporate Authors
- Defence Research and Development Canada, Centre for Security Science, Ottawa ON (CAN);Dalhousie Univ, Halifax NS (CAN) Faculty of Computer Science
- Abstract
- Network Address Translation (NAT) is the mechanism, which is used to modify a packet's IP address information while it is in transit across a network routing device. Because NAT can hide a computer’s or even a network's IP address, identifying the presence of NAT in network traffic is an important task for network management and security. The aim of this work is to identify the presence of NAT in the network traffic by utilizing different approaches and evaluate the performance of these approaches under different network environments represented by the availability of different data fields. To this end, passive fingerprinting and data mining based approaches are used and evaluated under different test conditions. In these experiments, not only packet header and flow based features are employed without using source and destination IP addresses, source and destination port numbers and payload information, but also payload information is analyzed to understand how much performance gain is reached if it is available. Last but not least; experiments are also performed to identify NAT devices in encrypted as well as non-encrypted traffic.
- Report Number
- DRDC-RDDC-2014-C74 — Contract Report
- Date of publication
- 01 May 2014
- Number of Pages
- 55
- DSTKIM No
- CA039188
- CANDIS No
- 539336
- Format(s):
- Electronic Document(PDF)
Document 1 of 1
- Date modified: