<div dir="ltr"><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><div class="gmail_default">Hi,</div><div class="gmail_default"><br></div><div class="gmail_default">We are building a service where we need to detect NAT when the clients register to our server. We are struggling in analyzing NAT status of some clients which modify their IP addresses/ports in the headers according to the value of "received" parameter sent during "401 Unauthorized" response.</div><div class="gmail_default"><br></div><div class="gmail_default">Here's the flow:</div><div class="gmail_default"><br></div><div class="gmail_default">Client->Server</div><div class="gmail_default">REGISTER sip:...</div><div class="gmail_default">Via: SIP/2.0/TLS 192.168.0.1:41157;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias</div><div class="gmail_default">Contact: <sip:user@192.168.0.1:42251;transport=TLS;ob></div><div><div class="gmail_default">...</div><div class="gmail_default"></div><div class="gmail_default"></div><div class="gmail_default">Server->Client</div><div class="gmail_default">SIP/2.0 401 Unauthorized<br></div><div class="gmail_default"><div class="gmail_default">Via: SIP/2.0/TLS 192.168.0.1:41157;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias;received=1.2.3.4</div><div class="gmail_default">WWW-Authenticate: ...<br></div><div class="gmail_default">...</div><div class="gmail_default"><br></div><div class="gmail_default">Client->Server</div><div class="gmail_default"><div class="gmail_default">REGISTER sip:...</div><div class="gmail_default"></div></div><div class="gmail_default"><div class="gmail_default">Via: SIP/2.0/TLS 1.2.3.4:6201;rport;branch=z9hG4bKPj30093e5d-550d-4d4c-a9a2-22c3bd1cda7e;alias</div><div class="gmail_default">Contact: <sip:user@

1.2.3.4:6201;transport=TLS;ob></div><div class="gmail_default">Authorization: ...<br></div><div><div class="gmail_default">...</div><div class="gmail_default"></div><div class="gmail_default"></div></div></div><div class="gmail_default"><br></div><div class="gmail_default">By the time the client is authenticated, there is no way to detect whether the request was coming from a natted device or not by just analysing the Via or Contact headers.</div><div class="gmail_default"><br></div><div class="gmail_default">Thanks in advance.</div><div class="gmail_default"><br></div><div class="gmail_default"></div></div></div></div><div><br></div></div>