Impacted NAT IP
The Impacted Network Address Translated IP address (for example, target or server).
Data Type
IP
Aliases
| Use | Alias |
|---|---|
Client Console Full Name | NAT IP Address (Impacted) |
Client Console Short Name | Not applicable |
Web Console Tab/Name | NAT IP Address (Impacted) |
Elasticsearch Field Name | impactedNatIp |
Rule Builder Column Name | DNATIP |
Regex Pattern | <dnatip> |
NetMon Name | Not applicable |
Field Relationships
- SIP
- SIPv4
- SIPv6
- SIPv6E
- Origin Hostname
- Origin Hostname or IP
- Origin NAT IP
- DIP
- DIPv4
- DIPv6
- DIPv6E
- Impacted Hostname
- Impacted Hostname or IP
- Origin Port
- Origin NAT Port
- Impacted Port
- Impacted NAT Port
- Origin MAC Address
- Impacted MAC Address
- Origin Interface
- Impacted Interface
- Origin Domain
- Impacted Domain
- Origin Login
- Impacted Account
- IANA Protocol Number
- IANA Protocol Name
Common Applications
Network equipment
Use Case
Internal host context
MPE/Data Masking Manipulations
Polyfield – Impacted Host
Usage Standards
- Do not override/overload, use <dnatip> not (?<dnatip>.*?).
- NAT Impacted is Server (In Client-Server Model).
- NAT Impacted is Target (In Attacker-Target Model).
- Use when you see an Impacted IP address IPv4 or IPv6.
Examples
- Cisco Netflow
02 19 2014 06:40:29 NetFlow V9 CONN_ID=- Src=1.1.1.1 SPort=62173 InIfc=4 Dst=1.1.1.1 DPort=8080 OutIfc=3 Prot=6 ICMP_IPV4_TYPE=- ICMP_IPV4_CODE=- XLATE_SRC_ADDR_IPV4=- XLATE_DST_ADDR_IPV4=- XLATE_SRC_PORT=- XLATE_DST_PORT=- FW_EVENT=- FW_EXT_EVENT=- EVENT_TIME_MSEC=- IN_PERMANENT_BYTES=- DETAILS=CONN_ID=1632431052 ICMP_IPV4_TYPE=0 ICMP_IPV4_CODE=0 XLATE_SRC_ADDR_IPV4=1.1.1.1 XLATE_DST_ADDR_IPV4=1.1.1.1 XLATE_SRC_PORT=61695 XLATE_DST_PORT=8080 FW_EVENT=2 FW_EXT_EVENT=2015 EVENT_TIME_MSEC=1392835229440 IN_PERMANENT_BYTES=8807 DefaultDevice TemplateID=263
XLATE-DST-ADDR (Translated) indicates an impacted IP (destination in a network context) that utilizes Network Address Translation (NAT). SIP and DIP (Origin and Impacted) are indicated here with src= and dst=.