NAT (Network Address Translation)
Definition
A mechanism by which a router replaces private source IP addresses with a single public IP address before forwarding packets to the internet, and reverses the mapping for returning traffic. NAT is the reason a single ISP-assigned IP may represent many users, and its internal port-mapping logs are essential for per-device attribution.
Related terms
- Anchor event
- A log entry that can be identified with high confidence across two or more log sources, used to verify relative clock offsets...
- Autonomous System (AS)
- A collection of IP networks operated under a single routing policy and identified by a unique Autonomous System Number (ASN). ISPs, large...
- BGP (Border Gateway Protocol)
- The routing protocol that autonomous systems use to advertise the IP address ranges they control to one another. BGP is the mechanism...
- CIDR (Classless Inter-Domain Routing)
- A compact notation for IP address ranges that appends a prefix length to the address, such as 192.168.1.0/24. The prefix length states...
- Clock skew
- The difference between a device's local clock and a trusted reference time such as UTC. Skew accumulates due to hardware drift, timezone...
- DHCP lease log
- A record maintained by a Dynamic Host Configuration Protocol server that maps each IP address assignment to the requesting device's MAC address,...
- IPv6 Privacy Extensions (RFC 8981)
- A mechanism defined in RFC 8981 (formerly RFC 4941) by which IPv6 hosts generate temporary randomised addresses for outbound connections, rotating them...
- Log normalisation
- The conversion of log entries from their native format into a common schema, typically a structured record with a corrected UTC timestamp,...
- RIR (Regional Internet Registry)
- One of five organisations that allocate IP address blocks by region: ARIN (Americas), RIPE NCC (Europe, Middle East, Central Asia), APNIC (Asia-Pacific),...
- Session tuple
- The five-element identifier for a network session: source IP, source port, destination IP, destination port, and protocol. The session tuple is the...
Explained in these topics
- IP Addressing and Routing Fundamentals for InvestigatorsA mechanism by which a router replaces private source IP addresses with a single public IP address before forwarding packets to the internet, and reverses the...
- Reconstructing a Network Timeline from Multiple SourcesA router function that maps one or more private IP addresses to a single public IP address. NAT means a single public-IP entry in an external log may represent...