/ Blog /STUN Server - Everything You Need To Know
November 9, 20235 min read
STUN, an acronym for Session Traversal Utilities for NAT, is a network protocol utilized primarily for NAT traversal. Its primary function is to permit a device operating behind a NAT to ascertain its public IP address and the type of NAT it's behind. The protocol achieves this by allowing the device to send a request to an external STUN server, which then responds with details about the public IP address and port from which the request was seen. This information aids in setting up peer-to-peer communication channels, especially in voice and video call applications where direct end-to-end data transfer is essential. STUN plays a pivotal role in various real-time communication protocols, including WebRTC, by assisting in the discovery of Network Endpoint Translation (NET) public addresses.
Imagine you're in a massive hotel with thousands of rooms. You're in your room and you want to receive a special delivery, but the hotel has a unique policy: room numbers aren't shared with outsiders. So, when a delivery person arrives at the hotel, they don't know which room you're in.
To solve this, the hotel provides a concierge service. You can call the concierge and ask, "If someone from outside were to try and deliver something to me, how would they identify my room?" The concierge then gives you a unique identifier, not your actual room number, which you can share with the delivery person. The delivery arrives at the concierge with this identifier, and they can direct it to your room.
This hotel is like your home network, the room is your device, the concierge is STUN, and the unique identifier is the public IP and port you can share with others on the internet.
Before STUN, achieving peer-to-peer (P2P) communication through NAT (Network Address Translation) was complex. The primary methods before STUN were:
The challenges in achieving NAT traversal before STUN were:
STUN (Session Traversal Utilities for NAT) addressed these challenges by providing a standardized mechanism:
STUN (Session Traversal Utilities for NAT) is an integral protocol for facilitating peer-to-peer (P2P) and Voice over Internet Protocol (VoIP) communications, particularly within the context of WebRTC applications, by addressing the complexities of NAT traversal. In environments where multiple devices operate behind a single public IP address provided by a NAT, establishing direct end-to-end connections becomes problematic due to the NAT's port restrictions and the obscuring of individual device IPs.
The protocol's primary mechanism involves binding requests and responses: A STUN client sends a binding request to a STUN server on the internet, which responds with the public IP address and the port number that maps to the client's private IP and port. This information is essential for the device to share its connectivity details with external peers to enable direct communication.
STUN messages include various attributes for robust functionality. One such attribute is the XOR-MAPPED-ADDRESS, which reveals the public IP and port necessary for the communication. To ensure the messages are authentic and unaltered, the protocol also uses MESSAGE-INTEGRITY attributes, which incorporate HMAC-SHA1 hashes of the message contents.
In the specific case of WebRTC, STUN plays a pivotal role in the gathering of ICE (Interactive Connectivity Establishment) candidates, representing the potential network paths for two peers to connect. The STUN server is crucial in obtaining server-reflexive candidates, which is one type of ICE candidate necessary for establishing the connection.
However, STUN is not a one-size-fits-all solution to NAT traversal. Certain types of NATs, like symmetric NATs, dynamically assign ports for outbound traffic and are not easily handled by STUN alone. An alternative protocol such as TURN (Traversal Using Relays around NAT) is used in such instances. TURN facilitates connectivity by relaying traffic through an intermediary server, providing a reliable means of communication when STUN is unable to establish a direct path.
Yes, Google provides a public STUN server which can be accessed at
The full form of the STUN server is the "Session Traversal Utilities for NAT" server.
STUN servers primarily use UDP (User Datagram Protocol) for client communication due to its lower latency than TCP (Transmission Control Protocol).
See all articles
November 3, 20234 min read
WebRTC - Everything You Need To Know
Delve into WebRTC's evolution, core features, and its p...
November 6, 20234 min read
Session Description Protocol - Everything You Need To Know
Dive into the Session Description Protocol (SDP): its h...