1) You can see the current source or destination addresses of any IP packet in transit if you're able to sniff the traffic.
You won't be able to tell if the packet has been subject to NAT, with one exception: some application protocols make direct references to endpoint IP addresses, and in those cases the contents of the packet may reveal the NATed IP address. FTP does this (which is why NAT breaks FTP unless the NAT gateway has an FTP ALG), and so does SIP (which is why SIP clients usually have
STUN support).
2) If the subnet is NATed because RFC 1918 addresses are being used (which is usually the case) then no, you typically won't be able to scan the subnet since there's no way to route packets to hosts in such networks.
By itself, NAT does nothing to prevent scanning or otherwise improve security. It is perfectly possible to NAT outbound traffic (with or without overloading) while still accepting inbound traffic to the IP network(s) behind the NAT gateway. However, if the network consists of non-routable addresses, there's no way to get the packets to the gateway in the first place.