What is PAT - Port Address Translation (NAT Overload)

Before continuing, learn why we need Network Address Translation (NAT), if you are new to the concept.

Port Address Translation (PAT) is another type of dynamic NAT which can map multiple Private IPv4 addresses to a single public IP address by using a technology known as Port Address Translation. Port Address Translation (PAT) is also called as NAT Overloading. Port Address Translation (PAT/NAT Overload) is the NAT technology which prevents IPv4 Address depletion.

Port Address Translation (PAT/NAT Overload) can map multiple Private IPv4 addresses to a single public IP address by using different source ports.

In NAT Overloading, when a computer from a inside network (configured with a Private IPv4 address) communicate to another computer in the internet, the NAT Device (Router) changes the source port number (TCP or UDP) with another port number. These TCP or UDP port mappings are kept in a table in Router memory. Later when the NAT device (Router) gets a reply from internet, router can use the table which the port mappings are kept and forward the IPv4 data packet back to the original sender.

Let us consider a real-time example to understand the concept of Port Address Translation (PAT / NAT Overload) more clearly. Refer below network topology. Computer 1 and Computer 2 are two devices inside our network configured with Private IPv4 addresses. Computer 1 and Computer 2 are going to establish a TCP connection to a Server located in the Internet, configured with an IP address of 1.23.28.43.

We will analyze IPv4 traffic before and after PAT (NAT Overload), as it flows from Inside Network to Outside Network. We have an inside network, configured with IPv4 network address 192.168.0.0/24. The device performing Port Addredd Translation PAT (NAT Device) is a Cisco IOS Router. IP Addresses of two computers (Inside network) we use to analyse traffic are 192.168.0.12/24 (Computer 1) and 192.168.0.13/24 (Computer 2).

Please note that "A" is a point marked inside our network where we capture the inside network traffic, before Port Address Translation (PAT). "B" is another point marked outside our network where we capture outside network traffic, after Port Address Translation (PAT).

IP Address of the Router interface facing inside network is 192.168.0.1/24.

IP Address of the Router interface facing outside network is 137.186.57.8/24.

IPv4 Traffic from Computer 1 (192.168.0.12) to 1.23.28.43, before and after Port Address Translation (PAT)

Below Wireshark screen shown is TCP SYN request from Computer 1 (IP Address 192.168.0.12) to 1.23.28.43, captured at point "A", before Port Address Translation (PAT). We can see that the Source IPv4 Address is 192.168.0.12 and Destination IP Address is 1.23.28.43. Source port number is 41897 and Destination port number is TCP 22 (SSH).

Below capture from point "A" shows the original IP Datagram before Port Address Translation (PAT).

Below Wireshark screen shown is the same TCP SYN request from Computer 1 (IP Address 192.168.0.12) to 1.23.28.43, captured at point "B", after Port Address Translation (PAT).

We can see from below Wireshark screenshot that the Source IPv4 Address is translated to the only one public IPv4 address available on NAT Device, that is 137.186.57.8. Destination IPv4 address is 1.23.28.43.

Please note that there is a change in Source TCP Port Number, after Port Address Translation (PAT). Source port number is translated to 4096 and Destination port number is same, TCP 22 (SSH). BeforePort Address Translation (PAT), the source TCP Port Number was 41897.

Below capture from point "B" shows the translated IPv4 Datagram, after Port Address Translation (PAT).

IPv4 Traffic from Computer 1 (192.168.0.13) to 1.23.28.43, before and after Port Address Translation (PAT)

Below Wireshark screen shown is TCP SYN request from Computer 2 (IPv4 Address 192.168.0.13) to 1.23.28.43, captured at point "A", before Port Address Translation (PAT). We can see that the Source IPv4 Address is 192.168.0.13 and Destination IP Address is 1.23.28.43. Source port number is 45834 and Destination port number is TCP 22 (SSH).

Below capture from point "A" shows the original IP Datagram before Port Address Translation (PAT).

Below Wireshark screen shown is the same TCP SYN request from Computer 2 (IP Address 192.168.0.13) to 1.23.28.43, captured at point "B", after Port Address Translation (PAT).

We can see from below Wireshark screenshot that the Source IPv4 Address is translated to the only one public IPv4 address available on NAT Device, that is 137.186.57.8. Destination IPv4 address is 1.23.28.43.

Please note that there is a change in Source TCP Port Number, after Port Address Translation (PAT). Source port number is translated to 4097. Destination port number is the same, TCP 22 (SSH). Before Port Address Translation (PAT), the source TCP Port Number was 45834.

Below capture from point "B" shows the translated IPv4 Datagram, after Port Address Translation (PAT).

Port Address Translation (PAT) allows us to connect large number of computers with private IPv4 address to the Internet using only one public IPv4 address. NAT Overload is the real reason why we still have enough IPv4 addresses on the Internet.

Following screen shot is from the NAT Device (Cisco IOS Router), shows the Port Address Translation (PAT) Table.