Residential and business networks LANs are typically connected to the Internet using a gateway or router that uses network address translation (NAT). The NAT device maps local area network (LAN) addresses of multiple devices to a single WAN IP address enabling multiple devices to access the internet using WAN address. All traffic emerging from that network will share the same IP address that is assigned to the gateway or router and Internet service providers typically only provide one wide area network (WAN) address to a modem or connection device at the premises. The NAT device modifies network address information in datagram (IP) packet headers while in transit across a traffic routing device for the purpose of remapping one IP address space into another. From the WAN perspective it is difficult to determine which device behind a NAT device, is originating a particular stream of traffic. This is a particular problem when network based virus or malware detection is utilized where the WAN IP traffic is analyzed to determine the presence of potential malware originating from the LAN. The inability to determine a specific device means that any remediation procedures can not be applied in a focused manner.
Accordingly, systems and methods for Identifying computers behind a Network Address Translaton (NAT) device remains highly desirable.