STUN, Simple Traversal of UDP Through NAT

Description Glossary RFCs Publications Obsolete RFCs


Protocol suite: TCP/IP.
Protocol type:Application layer protocol.
Port:3478 (TCP, UDP).
MIME subtype:
Working groups: behave, Behavior Engineering for Hindrance Avoidance.
Links: IANA: STUN parameters.

STUN is a lightweight protocol that allows applications to discover the presence and types of NATs and firewalls between them and the public Internet. It also provides the ability for applications to determine the public IP addresses allocated to them by the NAT. STUN works with many existing NATs, and does not require any special behavior from them. As a result, it allows a wide variety of applications to work through existing NAT infrastructure.

MAC header IP header TCP | UDP header STUN header Data :::

STUN header:

0001020304050607 0809101112131415 1617181920212223 2425262728293031
0 0 Type Length
Magic cookie
Transaction ID
Data :::

Type. 14 bits.
Message type.

0x0001Binding Request.
0x0002Shared Secret Request.
0x0101Binding Response.
0x0102Shared Secret Response.
0x0111Binding Error Response.
0x0112Shared Secret Error Response.

Length. 16 bits.
The size of the message in bytes not including the STUN header.

Magic cookie. 32 bits.
Always set to 0x2112A442.

Transaction ID. 16 bits.

Data. Variable length.


The STUN term for a Type-Length-Value (TLV) object that can be added to a STUN message. Attributes are divided into two types: comprehension-required and comprehension-optional. STUN agents can safely ignore comprehension-optional attributes they don't understand, but cannot successfully process a message if it contains comprehension-required attributes that are not understood.

Long-Term Credential.
A username and associated password that represent a shared secret between client and server. Long-term credentials are generally granted to the client when a subscriber enrolls in a service and persist until the subscriber leaves the service or explicitly changes the credential.

Long-Term Password.
The password from a long-term credential.

Mapped Address.
Same meaning as reflexive address. This term is retained only for historic reasons and due to the naming of the MAPPED-ADDRESS and XOR-MAPPED-ADDRESS attributes.

Reflexive Transport Address.
A transport address learned by a client that identifies that client as seen by another host on an IP network, typically a STUN server. When there is an intervening NAT between the client and the other host, the reflexive transport address represents the mapped address allocated to the client on the public side of the NAT. Reflexive transport addresses are learned from the mapped address attribute (MAPPED-ADDRESS or XOR-MAPPED-ADDRESS) in STUN responses.

RTO, Retransmission TimeOut.
The initial period of time between transmission of a request and the first retransmit of that request.

Short-Term Credential.
A temporary username and associated password that represent a shared secret between client and server. Short-term credentials are obtained through some kind of protocol mechanism between the client and server, preceding the STUN exchange. A short-term credential has an explicit temporal scope, which may be based on a specific amount of time (such as 5 minutes) or on an event (such as termination of a SIP dialog). The specific scope of a short-term credential is defined by the application usage.

Short-Term Password.
The password component of a short-term credential.

STUN Agent.
An entity that implements the STUN protocol. The entity can be either a STUN client or a STUN server.

STUN Client.
An entity that sends STUN requests and receives STUN responses. A STUN client can also send indications. In this specification, the terms STUN client and client are synonymous.

STUN Indication.
A STUN message that does not receive a response.

STUN Server.
An entity that receives STUN requests and sends STUN responses. A STUN server can also send indications. In this specification, the terms STUN server and server are synonymous.

Transport Address.
The combination of an IP address and port number (such as a UDP or TCP port number).


[RFC 5389] Session Traversal Utilities for NAT (STUN).


Obsolete RFCs:

[RFC 3489] STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs).

Description Glossary RFCs Publications Obsolete RFCs