I'm using a sniffer (such as Wireshark) to monitor network traffic.
I have no prior knowledge of the network topology. My purpose is to identify IPs as load balancers or NAT entry points.
How can I identify that a particular packet originated from a load balancer or has come through a firewall and has had port based network address translation (NAT) performed on it?
What identifying characteristics are there for either use case?