stun

Make a STUN request

$ stun [stun.1und1.de]

$ stun [stun.1und1.de] -p [4302]

stunclient [OPTIONS] STUN_SERVER_ADDRESS[:PORT]

--help, -h
    Display help message and exit.

--verbose, -v
    Enable verbose output, showing more details about the STUN process.

--port=, -p
    Specify the STUN server port. The default is usually 3478.

--bind=

STUN (Session Traversal Utilities for NAT) is a protocol that allows applications operating behind a Network Address Translator (NAT) to discover their public IP address and the type of NAT they are behind. The stun command (typically implemented as stunclient) facilitates this discovery by sending requests to a STUN server.

The server responds with the client's observed public IP address and port, enabling the client to understand how the NAT modifies its connections. This information is crucial for establishing direct peer-to-peer communication, especially in Voice over IP (VoIP), video conferencing, and online gaming, where endpoints need to know each other's reachable addresses. Without STUN, applications behind complex NATs might struggle to establish direct connections, often resorting to relay servers, which add latency and consume bandwidth.

The "stun" command is most commonly implemented as stunclient on Linux systems. It requires a functioning STUN server to query.

While STUN helps in many NAT scenarios, it is less effective with Symmetric NATs, which change the mapped port for each new destination. For such complex NATs, TURN (Traversal Using Relays around NAT) might be required, which involves relaying media through a server.

The exact options and their behavior might vary slightly depending on the specific stunclient implementation or version installed (e.g., from libnice-tools or stuntman packages).

To test your NAT type against a public STUN server (e.g., stun.l.google.com:19302), you would typically run:
stunclient stun.l.google.com
Or, for a more detailed test:
stunclient -f stun.l.google.com
The output will usually show your observed external IP address and the detected NAT type.

The stunclient output typically indicates the 'Mapped Address' (your public IP and port) and the 'NAT Type' (e.g., 'Full Cone', 'Restricted Cone', 'Port Restricted Cone', or 'Symmetric NAT'). Understanding your NAT type helps in configuring applications for optimal peer-to-peer connectivity.

The Session Traversal Utilities for NAT (STUN) protocol was originally specified in RFC 3489 in 2003, with an updated, more robust version defined in RFC 5389 in 2008. Its development was driven by the increasing need for applications like VoIP and peer-to-peer file sharing to function reliably behind NAT devices, which became ubiquitous with the rise of broadband internet. Early implementations of STUN clients and servers emerged to address these connectivity challenges, making it a fundamental component in many real-time communication protocols like SIP and WebRTC. The stunclient utility became a common command-line tool for developers and network administrators to test and understand NAT traversal behavior.

turnclient(1), netstat(8), ss(8), ip(8)