Origin NAT Port | LogRhythm Documentation

The Network Address Translated (NAT) port from which activity originated (for example, client or attacker port).

Data Type

Integer

Aliases

Use	Alias
Client Console Full Name	TCP/UDP Port (Origin)
Client Console Short Name	Not applicable
Web Console Tab/Name	TCP/UDP Port (Origin)
Elasticsearch Field Name	originNatPort
Rule Builder Column Name	SNATPort
Regex Pattern	<snatport>
NetMon Name	Not applicable

Field Relationships

SIP
SIPv4
SIPv6
SIPv6E
Origin Hostname
Origin Hostname or IP
Origin NAT IP
DIP
DIPv4
DIPv6
DIPv6E
Impacted Hostname
Impacted Hostname or IP
Impacted NAT IP

Origin Port
Origin NAT Port
Impacted Port
Impacted NAT Port
Origin MAC Address
Impacted MAC Address
Origin Interface
Impacted Interface
Origin Domain
Impacted Domain
Origin Login
Impacted Account
IANA Protocol Number
IANA Protocol Name

Common Applications

Any network connected application or device.

Use Case

Host and application contexts.

MPE/Data Masking Manipulations

Used to help in determining Application.

Usage Standards

Use to indicate the Network Address Translated (NAT) origin port number associated with a client or attacker host where Origin is Client (In Client-Server Model).
Origin is Attacker (In Attacker-Target Model).

Examples

Cisco Netflow

02 19 2014 06:40:29 NetFlow V9 CONN_ID=- Src=1.1.1.1 SPort=62173 InIfc=4 Dst=1.1.1.1 DPort=8080 OutIfc=3 Prot=6 ICMP_IPV4_TYPE=- ICMP_IPV4_CODE=- XLATE_SRC_ADDR_IPV4=- XLATE_DST_ADDR_IPV4=- XLATE_SRC_PORT=- XLATE_DST_PORT=- FW_EVENT=- FW_EXT_EVENT=- EVENT_TIME_MSEC=- IN_PERMANENT_BYTES=- DETAILS=CONN_ID=1632431052 ICMP_IPV4_TYPE=0 ICMP_IPV4_CODE=0 XLATE_SRC_ADDR_IPV4=1.1.1.1 XLATE_DST_ADDR_IPV4=1.1.1.1 XLATE_SRC_PORT=61695 XLATE_DST_PORT=8080 FW_EVENT=2 FW_EXT_EVENT=2015 EVENT_TIME_MSEC=1392835229440 IN_PERMANENT_BYTES=8807 DefaultDevice TemplateID=263

XLATE_SRC_PORT shows the translation IP’s source (origin) port. In a network flow context, origin and source are synonymous.