In the output of 'show session all', some sessions will show a flag:
admin@anuragFW> show session all
16752 dns ACTIVE FLOW NS 192.168.125.120[57002]/Inside/17 (172.16.9.8[54745])
vsys1 8.8.8.8[53]/Outside (8.8.8.8[53])
16880 web-browsing ACTIVE FLOW *NS 192.168.125.120[51297]/Inside/6 (172.16.9.8[53511])
vsys1 192.82.210.130[443]/Outside (192.82.210.130[443])
The session flags are as follows:
NS (NAT Source) means the source address was translated.
ND (NAT Destination) means the destination address was translated.
NB (NAT Bidirectional) means both the source and destination addresses were translated.
Note:A flag with an asterisk * indicates that the session was decrypted.