NAT - Understanding debug nat detailed output

When debugging NAT, the command ip debug nat detailed can be used. Output similar to the following will be presented:

Router# debug ip nat detailed
NAT: i: udp (192.168.1.95, 1493) -> (172.31.2.132, 53) [22399]
NAT: o: udp (172.31.2.132, 53) -> (172.31.233.193, 1493) [63671]
NAT*: i: tcp (192.168.1.95, 1135) -> (172.31.2.75, 23) [22400]
NAT*: o: tcp (172.31.2.75, 23) -> (172.31.233.193, 1135) [22002]
NAT*: i: tcp (192.168.1.95, 1135) -> (172.31.2.75, 23) [22401]
NAT*: i: tcp (192.168.1.95, 1135) -> (172.31.2.75, 23) [22402]
NAT*: o: tcp (172.31.2.75, 23) -> (172.31.233.193, 1135) [22060]
NAT*: o: tcp (172.31.2.75, 23) -> (172.31.233.193, 1135) [22071]

The value that appears after each IP address within the brackets is the Transport layer port number.

• The first entry shows a DNS request being sent from an inside host to a destination of 172.31.2.132 and a port number of 53, which is the well known port for DNS service.
• The third entry shows a Telnet session from an inside host to 172.31.2.75, with a destination port number of 23, which is the well known port for Telnet.

The values in square brackets at the end are the IP identification numbers found within the packet. The Identification field is used to aid in IP packet fragmentation and reassembly, but is also used here to allow for the correlation of this debug information with other packet traces and protocol analyzers.

Links:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/debug/command/i1/db-i1-cr-book/db-i2.html#wp5866500300

https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/ipv4-packet-header