Does NAT work as follows?
My computer 192.168.1.5 sends a request on port:5555 (for example) this request goes to my router 194.564.23.67 (public ip) the NAT then changes the port and forwards the request and port and waits for response from target IP on that port.
Is there a way to determine from my computer 192.168.1.5 what port the router is waiting for a response on.
Note that with TCP and UDP sessions, there are two ports. The source port and the destination port. So it is easier to discuss NAT when you refer to a port being sent to and a port being sent from.
So for example, when you send a request to a webserver, it is sent to port 80, and from an ephemeral port - one that is opened for the duration of the connection - that is above 1024. In your example, if read correctly, the source port is 5555. This port belongs to the application making the request, and is unique to that application until the request is complete. No other connection can be made from that source port on that machine while it is still active.
Normally, the webserver will recieve the request on port 80, and send its reply to port 5555, and from port 80.
When you have NAT involved, particularly PAT - port address translation - where many devices must share a single public IP address, the original port that each device used cannot be considered to be unique - two machines could use port 5555 as their source port, and so it would not be clear where to send reply packets once they arrive at the router back from the webserver.
So in addition to changing the source IP address to the public address of the router during NAT, the source port is also changed to one that is unique from the routers perspective. This is maintained in a state table. Any reply packets will come from the webserver to the port chosen by the router, and then the NAT will be undone and passed to the internal device using the port it opened.
Very few domestic routers will let you see the state table. On Cisco routers, you can do
show ip nat trans
This will show a list of all the NATs in effect.
The only other way would be to examine the outgoing connections from the router - this would require the traffic to pass through a device you control, which again is not likely in a domestic setting.
