Most people use these technologies every day.
Almost nobody knows they exist.
Every time you open YouTube, browse Instagram, join a Zoom meeting, or play an online game, your router is quietly performing a series of networking tricks behind the scenes.
Those tricks have names:
- NAT
- SNAT
- DNAT
- PAT
- Port Forwarding
They sound intimidating.
They're actually much simpler than they appear.
Let's break them down using something familiar: your home Wi-Fi.
The Problem the Internet Had to Solve
Imagine a family of five living in one house.
Everyone owns a device:
Laptop
Phone
Smart TV
Gaming Console
Tablet
Each device needs internet access.
The problem?
Your Internet Service Provider usually gives you only one public IP address.
Something has to manage all those devices sharing a single internet connection.
That's where NAT comes in.
NAT: The Receptionist of Your Network
NAT stands for Network Address Translation.
Think of NAT as a receptionist in an office building.
People inside the building have room numbers:
Laptop = Room 101
Phone = Room 102
TV = Room 103
But when communicating with the outside world, everyone uses the building's main address.
The receptionist keeps track of who sent what.
Your router does exactly the same thing.
What Happens When You Visit Google?
Inside your home:
Laptop
192.168.1.10
Your router:
Public IP
49.x.x.x
When you open Google:
192.168.1.10
↓
Router
↓
49.x.x.x
↓
Google
Google never sees your private IP.
It only sees your router's public IP.
That's NAT in action.
SNAT: Changing the Sender's Address
SNAT stands for Source Network Address Translation.
The keyword is:
Source
It changes the sender's address.
Before leaving your network:
Source:
192.168.1.10
After SNAT:
Source:
49.x.x.x
The router replaces your private IP with its public IP.
Without SNAT, websites wouldn't know how to send responses back to you.
Real-Life Example
Imagine mailing a letter.
Instead of writing your bedroom number as the return address, you write the house address.
That's exactly what SNAT does.
DNAT: Changing the Destination Address
DNAT stands for Destination Network Address Translation.
The keyword is:
Destination
Instead of changing who sent the packet, it changes where the packet is going.
Example
Someone on the internet visits:
49.x.x.x
Your router receives the request.
Then it says:
"This traffic actually belongs to a machine inside my network."
So it rewrites the destination.
Before:
Destination:
49.x.x.x
After:
Destination:
192.168.1.50
Now the packet reaches the correct internal device.
Real-Life Example
Think of a receptionist receiving a visitor.
The visitor asks for:
Main Office
The receptionist redirects them to:
Room 205
That's DNAT.
PAT: How Thousands of Devices Share One IP
PAT stands for Port Address Translation.
This is where the magic happens.
Imagine three devices opening Google at exactly the same time.
Laptop
Phone
Tablet
All are using the same public IP.
How does the router know which response belongs to which device?
It uses ports.
Example
Router creates temporary mappings:
Laptop -> PublicIP:5001
Phone -> PublicIP:5002
Tablet -> PublicIP:5003
Google sends responses back.
The router checks the port numbers and delivers each response to the correct device.
Without PAT, your entire family couldn't share one internet connection.
Why PAT Matters
PAT is the reason:
- Hundreds of office computers can share one public IP
- Home Wi-Fi works
- Internet costs stay reasonable
Without PAT, every device would need its own public IP address.
The internet would run out of addresses very quickly.
Port Forwarding: Opening a Door Into Your Network
Normally, devices inside your network are hidden.
The internet can't directly reach them.
But sometimes you want outside users to access an internal service.
This is where Port Forwarding comes in.
Example
You have a web server:
192.168.1.100
Running on:
Port 80
People on the internet cannot see it directly.
So you configure:
Public Port 80
↓
192.168.1.100:80
Now visitors can reach your server.
Another Example
You have a Kali Linux VM running SSH.
VM IP:
10.0.2.15
SSH:
Port 22
Create a forwarding rule:
Host Port 2222
↓
VM Port 22
Now:
ssh user@localhost -p 2222
reaches the VM's SSH service.
How Hackers and Pentesters Use This Knowledge
When security professionals see a public IP, they immediately start thinking:
- Is NAT being used?
- Are there forwarded ports?
- What internal systems exist behind this address?
- Is DNAT exposing services?
- Are unnecessary ports open?
Many real-world attacks don't target the router itself.
They target services that administrators accidentally exposed through port forwarding.
The Easy Way to Remember Everything
Think of your router as a hotel receptionist.
NAT
The receptionist manages communication between guests and the outside world.
SNAT
The receptionist replaces your room number with the hotel's address when sending mail.
DNAT
The receptionist redirects visitors to the correct room.
PAT
The receptionist keeps track of hundreds of guests using unique ticket numbers.
Port Forwarding
The receptionist allows certain visitors to go directly to a specific room.
Final Thoughts
NAT, SNAT, DNAT, PAT, and Port Forwarding sound like complicated networking concepts.
In reality, they're just different ways of directing traffic.
Every home router performs these tasks every second.
Understanding them won't just make you better at networking.
It will make concepts like VPNs, firewalls, cloud infrastructure, reverse shells, pivoting, and penetration testing much easier to understand later.
Because before you learn how attackers move through networks, you need to understand how traffic moves through networks.
Top comments (0)