Origin NAT Port
The Network Address Translated (NAT) port from which activity originated (for example, client or attacker port).
Data Type
Integer
Aliases
| Use | Alias |
|---|---|
Client Console Full Name | TCP/UDP Port (Origin) |
Client Console Short Name | Not applicable |
Web Console Tab/Name | TCP/UDP Port (Origin) |
Elasticsearch Field Name | originNatPort |
Rule Builder Column Name | SNATPort |
Regex Pattern | <snatport> |
NetMon Name | Not applicable |
Field Relationships
- SIP
- SIPv4
- SIPv6
- SIPv6E
- Origin Hostname
- Origin Hostname or IP
- Origin NAT IP
- DIP
- DIPv4
- DIPv6
- DIPv6E
- Impacted Hostname
- Impacted Hostname or IP
- Impacted NAT IP
- Origin Port
- Origin NAT Port
- Impacted Port
- Impacted NAT Port
- Origin MAC Address
- Impacted MAC Address
- Origin Interface
- Impacted Interface
- Origin Domain
- Impacted Domain
- Origin Login
- Impacted Account
- IANA Protocol Number
- IANA Protocol Name
Common Applications
Any network connected application or device.
Use Case
Host and application contexts.
MPE/Data Masking Manipulations
Used to help in determining Application.
Usage Standards
- Use to indicate the Network Address Translated (NAT) origin port number associated with a client or attacker host where Origin is Client (In Client-Server Model).
- Origin is Attacker (In Attacker-Target Model).
Examples
- Cisco Netflow
02 19 2014 06:40:29 NetFlow V9 CONN_ID=- Src=1.1.1.1 SPort=62173 InIfc=4 Dst=1.1.1.1 DPort=8080 OutIfc=3 Prot=6 ICMP_IPV4_TYPE=- ICMP_IPV4_CODE=- XLATE_SRC_ADDR_IPV4=- XLATE_DST_ADDR_IPV4=- XLATE_SRC_PORT=- XLATE_DST_PORT=- FW_EVENT=- FW_EXT_EVENT=- EVENT_TIME_MSEC=- IN_PERMANENT_BYTES=- DETAILS=CONN_ID=1632431052 ICMP_IPV4_TYPE=0 ICMP_IPV4_CODE=0 XLATE_SRC_ADDR_IPV4=1.1.1.1 XLATE_DST_ADDR_IPV4=1.1.1.1 XLATE_SRC_PORT=61695 XLATE_DST_PORT=8080 FW_EVENT=2 FW_EXT_EVENT=2015 EVENT_TIME_MSEC=1392835229440 IN_PERMANENT_BYTES=8807 DefaultDevice TemplateID=263
XLATE_SRC_PORT shows the translation IP’s source (origin) port. In a network flow context, origin and source are synonymous.