How does a transparent SOCKS proxy know which destination IP to use?

There are two SOCKS proxies that I know about that support transparent proxying for any outgoing TCP connection: [Tor](https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy) and [redsocks](http://darkk.net.ru/redsocks/) . Unlike HTTP proxies, these SOCKS proxies can transparently proxy **any** outgoing TCP connection, including encrypted protocols and protocols without metadata or headers. Both of these proxies require the use of NAT to redirect any outgoing TCP traffic to the proxy's local port. For instance, if I am running Tor with TransPort 9040 on my local machine, I would need to add an iptables rule like this: iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9040 To my knowledge, this would replace the original destination IP and port with 127.0.0.1 and 9040, so given that this is an encrypted stream (like SSH) or one without headers (like [whois](http://en.wikipedia.org/wiki/Whois#Protocol)) , how does the proxy know the original destination IP and port?