This is a network protocol which enables a client in a NAT (or multiple NATs) to find out its public address, the type of NAT behind it and the internet side port associated by the NAT with a particular local port and this whole process aids to set up UDP communication between two hosts that are both behind NAT routers. STUN stands for Simple Traversal of UDP (User Datagram Protocol) through NATs (Network Address Translators).

Protocol overview

STUN is a client-server protocol. Any VoIP phone or software package includes a STUN client, which sends a request to the STUN server. As a reply the public IP address of the NAT router and the port was opened by the NAT to allow incoming traffic back in to the network is sent to the STUN client. Such a response also helps the STUN client to identify the NAT being used as different types of NATs handle incoming UDP packets vividly. Its compatible with Full Cone, Restricted Cone, and Port Restricted Cone. (Restricted Cone or Port Restricted Cone NATs, allows packets from the endpoint through to the client from the NAT once the client has send a packet to the endpoint). Symmetric NAT (also known as bi-directional NAT) which is frequently found in the networks of large companies does not work with STUN as the IP addresses of the STUN server and the endpoint is different, and therefore the NAT mapping the STUN server is different from the mapping that the endpoint uses to send packets through to the client. Network address translation could give you more information on this.

After the client discovers its external addresses communication with its peers occurs. When the NATs are full cone,either side can initiate communication and if they are restricted cone or restricted port cone both sides must start transmitting together. The techniques described in the STUN RFC does not necessarily require using the STUN protocol; they can be used in the design of any UDP protocol. STUN comes in handy in the cases of Protocols like SIP which use UDP packets for the transfer of sound/video/text signaling traffic across the Internet. As both endpoints are often behind NAT, a connection cannot be set up in the traditional way. The STUN server communicates on UDP port 3478 but the server will hint clients to perform tests on alternate IP and port number too (STUN servers have two IP addresses).