diff --git a/README.md b/README.md
index dc14ea6..97313fb 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,69 @@
 
 Teleport is a secure port forwarding tool that allows you to forward ports between different instances with end-to-end encryption.
 
+## How It Works
+
+```
+┌─────────────────┐    Encrypted Tunnel     ┌─────────────────┐
+│   Client A      │◄────── Port 9000 ──────►│   Teleport      │
+│                 │                         │   Server        │
+│                 │                         │                 │
+│  ┌───────────┐  │                         │  ┌───────────┐  │
+│  │teleport   │  │                         │  │teleport   │  │
+│  │client     │  │                         │  │server     │  │
+│  └───────────┘  │                         │  └───────────┘  │───────────┐
+└─────────────────┘                         └─────────────────┘           │
+       │                                           │                      │
+       │ Ports 8080,2222                           │      Ports 80,22     │
+       │ (local)                                   │       (targets)      │
+       ▼                                           ▼                      ▼ 
+┌─────────────────┐                         ┌─────────────────┐   ┌─────────────────┐
+│   User connects │                         │   Remote        │   │   Remote        │
+│   to localhost: │                         │   Web Server    │   │   SSH Server    │
+│   8080, 2222    │                         │ (192.168.1.100) │   │ (192.168.1.200) │
+└─────────────────┘                         └─────────────────┘   └─────────────────┘
+
+Flow: User → Client:8080,2222 → Encrypted Tunnel (Port 9000) → Server:80,22 → Remote Services
+```
+
+**Note:** The different ports (8080/2222 vs 80/22) are shown for demonstration purposes only. Client and service ports can be identical - teleport will handle the port mapping transparently.
+
+### Example Configuration
+
+**Server Configuration** (`server.yaml`):
+```yaml
+instance_id: teleport-server-01
+listen_address: :9000
+remote_address: ""
+ports:
+  - "tcp://192.168.1.100:80"
+  - "tcp://192.168.1.200:22"
+encryption_key: your-secure-encryption-key-here
+keep_alive: true
+read_timeout: 30s
+write_timeout: 30s
+```
+
+**Client Configuration** (`client.yaml`):
+```yaml
+instance_id: teleport-client-01
+listen_address: ""
+remote_address: server.example.com:9000
+ports:
+  - "tcp://80:8080"
+  - "tcp://22:2222"
+encryption_key: your-secure-encryption-key-here
+keep_alive: true
+read_timeout: 30s
+write_timeout: 30s
+```
+
+**Usage**: 
+- User connects to `localhost:8080` → Traffic flows through encrypted tunnel on port 9000 → Server forwards to remote web server at `192.168.1.100:80`
+- User connects to `localhost:2222` → Traffic flows through same encrypted tunnel on port 9000 → Server forwards to remote SSH server at `192.168.1.200:22`
+
+Both services share the same encrypted tunnel connection!
+
 ## Features
 
 - **Secure Encryption**: All traffic is encrypted using AES-GCM encryption with PBKDF2 key derivation