STUN_SERVER - Session Traversal Utilities for NAT
What is STUN_SERVER?
STUN server helps devices behind a NAT (Network Address Translation) discover their public IP address and the type of NAT they are behind. This is essential for peer-to-peer communication over the internet.
Why is STUN important in WebRTC?
STUN is crucial in WebRTC to: * Discover the public-facing IP and port of a device * Enable direct peer-to-peer connections * Facilitate NAT traversal without requiring a relay server (like TURN)
How does a STUN server work?
The client sends a binding request to the STUN server, which replies with the public IP and port it sees. This helps the client understand how it appears to the outside world.
What is the difference between STUN and TURN?
STUN: Used to discover public IP and port; works for most NATs
TURN: Used when STUN fails; relays media through a server, which is more resource-intensive
Are STUN servers free to use?
Yes, many public STUN servers are available for free. For example: * stun.l.google.com:19302 * stun1.l.google.com:19302
Can I host my own STUN server?
Yes. You can use open-source software like: * Coturn (supports both STUN and TURN) * reTurnServer
What ports do STUN servers use?
Typically, STUN uses: * UDP port 3478 (default) * Can also use TCP or TLS for secure communication
Is STUN secure?
STUN itself is not encrypted. For secure communication, use STUN over TLS or combine it with DTLS-SRTP in WebRTC.
What are common issues with STUN?
Some NAT types (e.g., Symmetric NAT) may not work well with STUN
Firewalls may block STUN traffic
STUN alone doesn’t guarantee connectivity — TURN may be needed
How do I test if a STUN server is working?
You can use tools like: * stunclient (CLI tool) * trickle ICE (WebRTC testing tool) * Browser-based WebRTC test pages
Which OSI layer does STUN belong to?
STUN is a control protocol that assists applications in NAT traversal
It operates between the Transport Layer (Layer 4) and Application Layer (Layer 7)
Most commonly considered to function at Layer 7 due to its use in signaling and real-time communication protocols
Topics in this section,
In this section, you are going to learn
Terminology
Version Info
sno |
Stun version |
RFC - Version |
Core / Contribution |
Year |
|---|---|---|---|---|
1 |
STUN (Original) |
RFC 3489 |
Introduced STUN protocol for NAT traversal; defined Binding |
2003 |
request/response. |
||||
2 |
STUN (Updated) |
RFC 5389 |
Redefined STUN as a standalone protocol; added Magic cookie |
2008 |
improved security. |
||||
RFC 5769 |
For validating implementations |
2010 |
||
RFC 5780 |
Extends STUN functionality |
|||
RFC 7350 |
Adds secure transport option |
2014 |
||
RFC 7443 |
Enables STUN/TURN over TLS |
2015 |
||
RFC 8489 |
Current STUN standard |
2020 |
Setup
Setup
Binding Request
sno. |
Protocol Packets |
Decription |
Sizeof Bytes |
|---|---|---|---|
1 |
Binding Request |
Client asks the STUN server for its public IP and port. |
56 |
Message Type |
Identifies the type of STUN message (Binding Request = 0x0001) |
2 |
|
Message Length |
Length of the message body (excluding the 20-byte header) |
2 |
|
Magic Cookie |
Fixed value (0x2112A442) to aid in distinguishing STUN packets |
4 |
|
Transaction ID |
Random identifier used to correlate requests and responses |
12 |
|
Attributes (optional) |
Additional information like username, priority, etc. (can vary) |
~36 |
Binding Success Response
2 |
Binding Success Response |
Server responds with the public IP and port. |
64 |
|---|---|---|---|
Message Type |
Identifies the type of STUN message (Binding Success Response = 0x0101) |
2 |
|
Message Length |
Length of the message body (excluding the 20-byte header) |
2 |
|
Magic Cookie |
Fixed value (0x2112A442) to aid in distinguishing STUN packets |
4 |
|
Transaction ID |
Random identifier used to correlate requests and responses |
12 |
|
XOR-MAPPED-ADDRESS |
Contains the public IP and port of the client, XORed with the magic cookie |
12 |
|
MAPPED-ADDRESS |
(Optional) Contains the public IP and port in plain format |
8 |
|
Other Attributes |
May include attributes like SOFTWARE, MESSAGE-INTEGRITY, FINGERPRINT, etc. |
~24 |
Binding Error Response
3 |
Binding Error Response |
Server indicates an error in processing the request. |
60 |
|---|---|---|---|
Message Type |
Identifies the type of STUN message (Binding Error Response = 0x0111) |
2 |
|
Message Length |
Length of the message body (excluding the 20-byte header) |
2 |
|
Magic Cookie |
Fixed value (0x2112A442) to aid in distinguishing STUN packets |
4 |
|
Transaction ID |
Random identifier used to correlate requests and responses |
12 |
|
ERROR-CODE Attribute |
Contains the error class and number (e.g., 400 Bad Request, 401 Unauthorized) |
8 |
|
Reason Phrase |
Human-readable explanation of the error |
~20 |
|
Other Attributes |
May include SOFTWARE, FINGERPRINT, etc. |
~12 |
Shared Secret Request
4 |
Shared Secret Request |
(Deprecated) Used to request a shared secret. |
60 |
|---|---|---|---|
Message Type |
Identifies the type of STUN message (Shared Secret Request = 0x0002) |
2 |
|
Message Length |
Length of the message body (excluding the 20-byte header) |
2 |
|
Magic Cookie |
Fixed value (0x2112A442) to aid in distinguishing STUN packets |
4 |
|
Transaction ID |
Random identifier used to correlate requests and responses |
12 |
|
Username Attribute |
(Optional) Username for authentication |
~20 |
|
Realm Attribute |
(Optional) Realm used in message integrity checks |
~10 |
|
Nonce Attribute |
(Optional) Used to prevent replay attacks |
~10 |
Shared Secret Response
5 |
Shared Secret Response |
(Deprecated) Server responds with the shared |
80 |
|---|---|---|---|
secret. |
|||
Message Type |
Identifies the type of STUN message (Shared Secret Response = 0x0102) |
2 |
|
Message Length |
Length of the message body (excluding the 20-byte header) |
2 |
|
Magic Cookie |
Fixed value (0x2112A442) to aid in distinguishing STUN packets |
4 |
|
Transaction ID |
Random identifier used to correlate requests and responses |
12 |
|
Username Attribute |
Contains the username to be used in future requests |
~20 |
|
Password Attribute |
Contains the password (shared secret) |
~20 |
|
Realm Attribute |
Defines the protection domain |
~10 |
|
Other Attributes |
May include SOFTWARE, FINGERPRINT, etc. |
~12 |
Shared Secret Error
6 |
Shared Secret Error |
(Deprecated) Error in shared secret request. |
60 |
|---|---|---|---|
Message Type |
Identifies the type of STUN message (Shared Secret Error = 0x0112) |
2 |
|
Message Length |
Length of the message body (excluding the 20-byte header) |
2 |
|
Magic Cookie |
Fixed value (0x2112A442) to aid in distinguishing STUN packets |
4 |
|
Transaction ID |
Random identifier used to correlate requests and responses |
12 |
|
ERROR-CODE Attribute |
Contains the error class and number (e.g., 401 Unauthorized, 420 Unknown Attr) |
8 |
|
Reason Phrase |
Human-readable explanation of the error |
~20 |
|
Other Attributes |
May include SOFTWARE, FINGERPRINT, etc. |
~12 |
STUN Server cases |
||
|---|---|---|
sno |
Use cases |
Description |
1 |
NAT Traversal for VoIP and WebRTC |
STUN helps devices behind NAT (Network Address Translation) |
discover their public IP address and port. This is essential for |
||
peer-to-peer communication in VoIP (e.g., SIP) and WebRTC |
||
applications. |
||
2 |
Peer-to-Peer (P2P) Connectivity |
STUN enables direct P2P connections by revealing the external |
IP/port of each peer, allowing them to bypass centralized |
||
servers for data transfer. |
||
3 |
WebRTC Signaling Support |
In WebRTC, STUN is used during the ICE (Interactive Connectivity |
Establishment) process to gather candidate IP addresses for |
||
media streams. |
||
4 |
Firewall and NAT Type Detection |
STUN can help determine the type of NAT or firewall a client |
is behind (e.g., full cone, symmetric NAT), which influences |
||
connection strategies. |
||
5 |
Fallback Mechanism for TURN |
If STUN fails to establish a direct connection, the system can |
fall back to TURN (Traversal Using Relays around NAT), which |
||
relays traffic through a server. |
||
6 |
Gaming and Real-Time Applications |
Online games and real-time apps use STUN to reduce latency |
by enabling direct communication between players. |
Basic Features |
||
|---|---|---|
Sno |
Features |
Description |
1 |
Public IP Discovery |
Allows a client behind NAT to discover its public IP address |
and port as seen by external servers. |
||
2 |
NAT Type Detection |
Helps determine the type of NAT (e.g., full cone, symmetric) |
the client is behind, which affects connectivity. |
||
3 |
Port Mapping Discovery |
It reveals the public port number that the NAT has assigned to |
the clients private port. This is important for routing incoming |
||
trafic correctly. |
||
4 |
Lightweight Protocol |
STUN is designed to be simple and efficient. It uses UDP (User |
|
||
suitable for real-time applications. |
||
5 |
Client-Server Architecture |
STUN operates on a client-server model where the client send |
a request to the STUN server, and the server responds with |
||
the public IP and port information. |
||
6 |
Support for IPv4 and IPv6 |
Modern STUN servers support both IPv4 and IPv6, ensuring |
compatibility with a wide range of network environments. |
||
7 |
Used in WebRTC and VoIP |
STUN is a foundational protocol in WebRTC and VoIP systems, |
enabling peer-to-peer media streaming by helping clients |
||
traverse NATs. |
Public IP Discovery - Testcases
Public IP Discovery |
|||
|---|---|---|---|
S.No |
Test Case |
Description |
Expected Result |
1 |
Basic STUN Request |
Send STUN binding request |
Public IP and port returned |
2 |
STUN Server Reachable |
STUN server is online |
Response received |
3 |
STUN Server Unreachable |
STUN server is offline |
Request times out |
4 |
STUN Server Port Blocked |
Block port 3478 |
Request fails |
5 |
STUN over UDP |
Use UDP transport |
Public IP returned |
6 |
STUN over TCP |
Use TCP transport |
Public IP returned |
7 |
STUN over IPv4 |
Use IPv4 network |
IPv4 public IP returned |
8 |
STUN over IPv6 |
Use IPv6 network |
IPv6 public IP returned |
9 |
NAT Type Full Cone |
Behind full cone NAT |
Public IP returned correctly |
10 |
NAT Type Restricted Cone |
Behind restricted cone NAT |
Public IP returned |
11 |
NAT Type Port Restricted |
Behind port-restricted NAT |
Public IP returned |
12 |
NAT Type Symmetric |
Behind symmetric NAT |
Public IP returned, port may vary |
13 |
NAT Type Detection |
Use STUN to detect NAT type |
Correct NAT type identified |
14 |
Multiple STUN Servers |
Query multiple servers |
Consistent public IP returned |
15 |
STUN Server Failover |
Primary server fails |
Secondary server used |
16 |
STUN Response Delay |
Simulate network delay |
Response received after delay |
17 |
STUN Response Timeout |
No response within timeout |
Request fails |
18 |
STUN Response Parsing |
Parse STUN response |
Public IP extracted correctly |
19 |
STUN Response Integrity |
Validate message integrity |
Message passes integrity check |
20 |
STUN Response with XOR-MAPPED-ADDRESS |
Use XOR-mapped address |
Public IP decoded correctly |
21 |
STUN Response with MAPPED-ADDRESS |
Use mapped address |
Public IP decoded correctly |
22 |
STUN Binding Request Format |
Validate request format |
Server accepts request |
23 |
STUN Binding Response Format |
Validate response format |
Client parses successfully |
24 |
STUN with Authentication |
Use long-term credentials |
Authenticated response received |
25 |
STUN with Invalid Credentials |
Use wrong credentials |
Request rejected |
26 |
STUN with No Credentials |
Send unauthenticated request |
Response received (if allowed) |
27 |
STUN with TLS |
Use STUN over TLS |
Secure response received |
28 |
STUN with DTLS |
Use STUN over DTLS |
Secure response received |
29 |
STUN with IPv6 NAT |
Behind IPv6 NAT |
Public IPv6 returned |
30 |
STUN with Dual Stack |
Use dual-stack client |
Both IPv4 and IPv6 discovered |
31 |
STUN with Mobile Network |
Use mobile data |
Public IP returned |
32 |
STUN with Wi-Fi |
Use Wi-Fi network |
Public IP returned |
33 |
STUN with Ethernet |
Use wired connection |
Public IP returned |
34 |
STUN with VPN |
Use VPN connection |
VPN-assigned public IP returned |
35 |
STUN with Proxy |
Use HTTP/SOCKS proxy |
STUN may fail or return proxy IP |
36 |
STUN with Firewall |
Behind firewall |
Public IP returned if allowed |
37 |
STUN with NAT64 |
Use NAT64 environment |
IPv6 to IPv4 mapping handled |
38 |
STUN with Carrier-Grade NAT |
Behind CGNAT |
Public IP returned (shared) |
39 |
STUN with Multiple Interfaces |
Use multiple NICs |
Correct IP per interface |
40 |
STUN with Interface Binding |
Bind to specific interface |
IP of that interface returned |
41 |
STUN with Port Mapping |
NAT port mapping enabled |
Mapped port returned |
42 |
STUN with Port Preservation |
NAT preserves port |
Same port returned |
43 |
STUN with Port Translation |
NAT changes port |
New port returned |
44 |
STUN with Packet Loss |
Simulate packet loss |
Retransmission occurs |
45 |
STUN with Retransmission |
No response initially |
Retry succeeds |
46 |
STUN with Invalid Response |
Corrupt response |
Client discards response |
47 |
STUN with Malformed Request |
Send invalid request |
Server returns error |
48 |
STUN with Rate Limiting |
Exceed request rate |
Server throttles or blocks |
49 |
STUN with Logging Enabled |
Enable client logs |
Request/response logged |
50 |
STUN with Debug Mode |
Enable debug mode |
Detailed diagnostics shown |
NAT Type Detection - Testcases
NAT Type Detection |
|||
|---|---|---|---|
S.No |
Test Case |
Description |
Expected Result |
1 |
Full Cone NAT |
Client behind full cone NAT |
STUN detects Full Cone NAT |
2 |
Restricted Cone NAT |
Client behind restricted cone NAT |
STUN detects Restricted Cone NAT |
3 |
Port Restricted Cone NAT |
Client behind port-restricted NAT |
STUN detects Port Restricted Cone NAT |
4 |
Symmetric NAT |
Client behind symmetric NAT |
STUN detects Symmetric NAT |
5 |
No NAT (Open Internet) |
Client directly on public IP |
STUN detects Open Internet |
6 |
Symmetric UDP Firewall |
Firewall blocks unsolicited UDP |
STUN detects UDP blocked |
7 |
NAT with Hairpinning |
NAT supports hairpinning |
STUN detects NAT with hairpinning |
8 |
NAT without Hairpinning |
NAT does not support hairpinning |
STUN detects lack of hairpinning |
9 |
NAT with Endpoint-Independent Mapping |
Mapping is consistent |
STUN detects endpoint-independent mapping |
10 |
NAT with Address-Dependent Mapping |
Mapping changes with destination IP |
STUN detects address-dependent mapping |
11 |
NAT with Address and Port-Dependent Mapping |
Mapping changes with IP and port |
STUN detects address+port-dependent mapping |
12 |
NAT with Endpoint-Independent Filtering |
Filtering allows any external IP |
STUN detects endpoint-independent filtering |
13 |
NAT with Address-Dependent Filtering |
Filtering allows only known IPs |
STUN detects address-dependent filtering |
14 |
NAT with Address and Port-Dependent Filtering |
Filtering allows only known IP+port |
STUN detects address+port-dependent filtering |
15 |
NAT with Static Port Mapping |
Port remains unchanged |
STUN detects static port mapping |
16 |
NAT with Dynamic Port Mapping |
Port changes per request |
STUN detects dynamic port mapping |
17 |
NAT with Port Preservation |
NAT preserves source port |
STUN detects port preservation |
18 |
NAT with Port Translation |
NAT changes source port |
STUN detects port translation |
19 |
NAT with Consistent Mapping |
Mapping remains stable |
STUN detects consistent mapping |
20 |
NAT with Inconsistent Mapping |
Mapping changes frequently |
STUN detects inconsistent mapping |
21 |
NAT with Multiple Public IPs |
NAT uses multiple external IPs |
STUN detects multiple mappings |
22 |
NAT with Single Public IP |
NAT uses one external IP |
STUN detects single mapping |
23 |
NAT with Symmetric Response |
Different IP/port for each request |
STUN detects symmetric NAT |
24 |
NAT with Cone Behavior |
Same IP/port for all requests |
STUN detects cone NAT |
25 |
NAT with UDP Timeout |
NAT closes port quickly |
STUN detects timeout behavior |
26 |
NAT with Long UDP Timeout |
NAT keeps port open |
STUN detects long timeout |
27 |
NAT with Firewall Blocking STUN |
Firewall blocks STUN packets |
STUN fails to detect NAT type |
28 |
NAT with STUN Server Unreachable |
STUN server down |
NAT type detection fails |
29 |
NAT with STUN Server Timeout |
No response from server |
NAT type detection fails |
30 |
NAT with STUN Server Error |
Server returns error |
NAT type detection fails |
31 |
NAT with STUN Server Delay |
Delayed response |
NAT type detection delayed |
32 |
NAT with STUN Server Retry |
Retry after failure |
NAT type detected on retry |
33 |
NAT with Multiple STUN Servers |
Use multiple servers |
Consistent NAT type detected |
34 |
NAT with IPv6 |
Use IPv6-only network |
NAT type detection not applicable |
35 |
NAT with Dual Stack |
Use IPv4 and IPv6 |
NAT type detected for IPv4 only |
36 |
NAT with VPN |
Use VPN connection |
NAT type reflects VPN NAT |
37 |
NAT with Mobile Network |
Use mobile data |
NAT type detected (usually symmetric) |
38 |
NAT with Wi-Fi |
Use Wi-Fi network |
NAT type detected |
39 |
NAT with Ethernet |
Use wired connection |
NAT type detected |
40 |
NAT with Carrier-Grade NAT |
Behind CGNAT |
STUN detects symmetric NAT |
41 |
NAT with Home Router |
Use typical home NAT |
STUN detects cone or restricted NAT |
42 |
NAT with Enterprise Firewall |
Use corporate network |
STUN detects restricted or symmetric NAT |
43 |
NAT with Port Forwarding |
Port forwarding enabled |
STUN may detect open internet |
44 |
NAT with DMZ Host |
Device in DMZ |
STUN detects open internet |
45 |
NAT with Static IP |
Public IP assigned |
STUN detects open internet |
46 |
NAT with Dynamic IP |
IP changes periodically |
STUN detects NAT type per session |
47 |
NAT with NAT64 |
IPv6 to IPv4 translation |
STUN may fail or detect NAT |
48 |
NAT with Proxy |
Use HTTP/SOCKS proxy |
STUN fails or gives incorrect result |
49 |
NAT with STUN over TLS |
Use secure STUN |
NAT type detected securely |
50 |
NAT with STUN over DTLS |
Use STUN over DTLS |
NAT type detected securely |
Port Mapping Discovery - Testcases
Port Mapping Discovery |
|||
|---|---|---|---|
S.No |
Test Case |
Description |
Expected Result |
1 |
Basic Port Mapping |
Send STUN request |
Public IP and port returned |
2 |
NAT with Port Preservation |
NAT preserves source port |
Same port returned by STUN |
3 |
NAT with Port Translation |
NAT changes source port |
Different port returned |
4 |
Symmetric NAT Mapping |
Different port for each destination |
STUN detects port change |
5 |
Full Cone NAT Mapping |
Same port for all destinations |
STUN detects consistent port |
6 |
Port Restricted NAT Mapping |
Port changes with destination port |
STUN detects port dependency |
7 |
Multiple STUN Requests |
Send multiple requests |
Port mapping behavior observed |
8 |
Mapping Consistency |
Send requests to same STUN server |
Port remains same if NAT preserves |
9 |
Mapping Inconsistency |
Send requests to different STUN servers |
Port changes if symmetric NAT |
10 |
Mapping Lifetime |
Wait between requests |
Port mapping may expire |
11 |
Mapping Refresh |
Send periodic requests |
Port mapping remains active |
12 |
Mapping Expiry |
Wait beyond timeout |
Port mapping expires, new port assigned |
13 |
Mapping with UDP |
Use UDP transport |
Port mapping discovered |
14 |
Mapping with TCP |
Use TCP transport |
Port mapping discovered |
15 |
Mapping with TLS |
Use STUN over TLS |
Port mapping discovered securely |
16 |
Mapping with DTLS |
Use STUN over DTLS |
Port mapping discovered securely |
17 |
Mapping with NAT64 |
Use IPv6 to IPv4 NAT |
Port mapping discovered if supported |
18 |
Mapping with Dual Stack |
Use IPv4 and IPv6 |
Mapping discovered for IPv4 only |
19 |
Mapping with VPN |
Use VPN connection |
VPN-assigned port returned |
20 |
Mapping with Mobile Network |
Use mobile data |
Port mapping discovered |
21 |
Mapping with Wi-Fi |
Use Wi-Fi network |
Port mapping discovered |
22 |
Mapping with Ethernet |
Use wired connection |
Port mapping discovered |
23 |
Mapping with Carrier-Grade NAT |
Behind CGNAT |
Port mapping discovered (shared IP) |
24 |
Mapping with Home Router |
Use home NAT |
Port mapping discovered |
25 |
Mapping with Enterprise Firewall |
Use corporate network |
Port mapping discovered or blocked |
26 |
Mapping with Port Forwarding |
Port forwarding enabled |
Public port matches internal port |
27 |
Mapping with DMZ Host |
Device in DMZ |
Public port matches internal port |
28 |
Mapping with Static IP |
Public IP assigned |
No mapping needed |
29 |
Mapping with Dynamic IP |
IP changes periodically |
Mapping changes accordingly |
30 |
Mapping with NAT Timeout |
NAT closes port quickly |
Mapping expires |
31 |
Mapping with Long NAT Timeout |
NAT keeps port open |
Mapping remains stable |
32 |
Mapping with Firewall Blocking |
Block STUN port |
Mapping discovery fails |
33 |
Mapping with STUN Server Timeout |
No response |
Mapping discovery fails |
34 |
Mapping with STUN Server Retry |
Retry after failure |
Mapping discovered on retry |
35 |
Mapping with Multiple Interfaces |
Use multiple NICs |
Mapping per interface discovered |
36 |
Mapping with Interface Binding |
Bind to specific NIC |
Mapping for that NIC discovered |
37 |
Mapping with NAT Hairpinning |
NAT supports hairpinning |
Mapping remains consistent |
38 |
Mapping with NAT Loopback |
NAT supports loopback |
Mapping remains consistent |
39 |
Mapping with NAT Filtering |
NAT filters by port |
Mapping changes with destination |
40 |
Mapping with NAT Mapping Behavior |
NAT maps based on destination |
Mapping varies accordingly |
41 |
Mapping with STUN Server Change |
Use different STUN server |
Mapping may change |
42 |
Mapping with STUN Server Load Balancer |
Behind load balancer |
Mapping may vary |
43 |
Mapping with STUN Server Cluster |
Use clustered STUN servers |
Mapping consistency tested |
44 |
Mapping with Packet Loss |
Simulate packet loss |
Mapping discovered after retry |
45 |
Mapping with Delayed Response |
Simulate delay |
Mapping discovered after wait |
46 |
Mapping with Invalid Response |
Corrupt STUN response |
Mapping discovery fails |
47 |
Mapping with Malformed Request |
Send invalid request |
Server returns error |
48 |
Mapping with Logging Enabled |
Enable logs |
Mapping details logged |
49 |
Mapping with Debug Mode |
Enable debug mode |
Detailed mapping info shown |
50 |
Mapping with NAT Type Detection |
Combine with NAT detection |
Mapping behavior explained by NAT type |
Lightweight Protocol - Testcases
Lightweight Protocol |
|||
|---|---|---|---|
S.No |
Test Case |
Description |
Expected Result |
1 |
Minimal Packet Size |
Send STUN binding request |
Packet size < 100 bytes |
2 |
Low Bandwidth Usage |
Measure bandwidth during STUN exchange |
Bandwidth usage is minimal |
3 |
UDP Transport |
Use UDP for STUN |
Request and response succeed |
4 |
TCP Transport |
Use TCP for STUN |
Request and response succeed |
5 |
Stateless Server |
STUN server does not maintain session state |
Server responds without session tracking |
6 |
Stateless Client |
Client does not store session info |
Client handles response independently |
7 |
No Authentication Required |
Send unauthenticated request |
Server responds successfully |
8 |
Simple Request Format |
Validate STUN request structure |
Request is compact and efficient |
9 |
Simple Response Format |
Validate STUN response structure |
Response is compact and efficient |
10 |
Low CPU Usage |
Monitor CPU during STUN exchange |
CPU usage remains low |
11 |
Low Memory Usage |
Monitor memory during STUN exchange |
Memory usage remains low |
12 |
Fast Request Handling |
Measure response time |
Response received in < 100ms |
13 |
No Encryption Overhead |
Use plain STUN |
No TLS/DTLS overhead present |
14 |
Minimal Dependencies |
Use STUN client library |
Few external dependencies required |
15 |
Lightweight NAT Detection |
Detect NAT type with minimal traffic |
NAT type detected efficiently |
16 |
Lightweight Port Mapping |
Discover port mapping |
Mapping discovered with minimal data |
17 |
No Persistent Connection |
STUN does not require persistent connection |
Connection closes after response |
18 |
No Session Management |
STUN does not manage sessions |
Stateless behavior confirmed |
19 |
No Keep-Alive Required |
STUN does not require keep-alive |
Connection closes after use |
20 |
Small Binary Footprint |
STUN client binary size |
Binary is < 1MB |
21 |
Embedded Device Support |
Run STUN on IoT device |
Protocol functions correctly |
22 |
Mobile Device Support |
Run STUN on mobile |
Protocol functions efficiently |
23 |
Browser Support |
Use STUN in WebRTC |
Protocol works in browser |
24 |
No Configuration Needed |
Use default STUN settings |
Protocol works out of the box |
25 |
Minimal Logging |
Enable logging |
Logs are concise and minimal |
26 |
Minimal Error Handling |
Handle invalid request |
Error response is lightweight |
27 |
Minimal Retry Logic |
Retry on timeout |
Retry logic is simple and efficient |
28 |
Minimal Header Overhead |
Inspect STUN headers |
Header size is small |
29 |
Minimal Payload Overhead |
Inspect STUN payload |
Payload is compact |
30 |
Efficient NAT Traversal |
Use STUN for NAT traversal |
Traversal succeeds with minimal traffic |
31 |
Efficient Public IP Discovery |
Discover public IP |
IP returned with minimal data |
32 |
Efficient Port Discovery |
Discover public port |
Port returned with minimal data |
33 |
Efficient Firewall Detection |
Detect UDP blocking |
Detection succeeds with minimal traffic |
34 |
Efficient Packet Parsing |
Parse STUN packet |
Parsing is fast and simple |
35 |
Efficient Packet Construction |
Construct STUN packet |
Construction is fast and simple |
36 |
Minimal RTT |
Measure round-trip time |
RTT is low |
37 |
Minimal Packet Loss Impact |
Simulate packet loss |
Protocol retries efficiently |
38 |
Minimal Impact on Network |
Monitor network load |
STUN traffic is negligible |
39 |
Minimal Impact on Application |
Run STUN alongside app |
No performance degradation |
40 |
Lightweight Library Integration |
Integrate STUN library |
Integration is simple |
41 |
Lightweight Protocol Stack |
Use STUN in protocol stack |
Stack remains small |
42 |
Lightweight Debugging |
Enable debug mode |
Output is minimal and useful |
43 |
Lightweight Testing |
Run unit tests |
Tests execute quickly |
44 |
Lightweight Deployment |
Deploy STUN server |
Setup is fast and simple |
45 |
Lightweight Client Deployment |
Deploy STUN client |
Setup is fast and simple |
46 |
Lightweight Protocol Compliance |
Validate against RFC 5389 |
Protocol conforms with minimal overhead |
47 |
Lightweight Error Codes |
Inspect error codes |
Codes are concise and standardized |
48 |
Lightweight NAT Type Detection |
Detect NAT type |
Detection uses minimal packets |
49 |
Lightweight Logging Format |
Inspect logs |
Logs are readable and compact |
50 |
Lightweight Protocol Upgrade |
Upgrade STUN version |
Upgrade process is simple |
Client-Server Architecture - Testcases
Client-Server Architecture |
|||
|---|---|---|---|
S.No |
Test Case |
Description |
Expected Result |
1 |
Client Sends Binding Request |
Client sends STUN request to server |
Server receives and processes request |
2 |
Server Sends Binding Response |
Server replies to client |
Client receives public IP and port |
3 |
Server Listens on Port 3478 |
Server listens on default port |
Client connects successfully |
4 |
Client Uses UDP |
Client uses UDP transport |
Server responds correctly |
5 |
Client Uses TCP |
Client uses TCP transport |
Server responds correctly |
6 |
Server Handles Multiple Clients |
Multiple clients send requests |
Server handles all requests concurrently |
7 |
Stateless Server Behavior |
Server does not store session state |
Each request handled independently |
8 |
Client Retries on Timeout |
No response received |
Client retries request |
9 |
Server Handles Retransmissions |
Client resends request |
Server responds without error |
10 |
Client Parses Response |
Client receives response |
Public IP and port extracted correctly |
11 |
Server Handles Malformed Request |
Client sends invalid request |
Server returns error or ignores |
12 |
Server Handles Authenticated Request |
Client sends credentials |
Server validates and responds |
13 |
Server Rejects Invalid Credentials |
Client sends wrong credentials |
Server denies request |
14 |
Server Handles Concurrent Requests |
Multiple clients send requests simultaneously |
Server responds to all |
15 |
Client Handles Delayed Response |
Server delays response |
Client waits and processes correctly |
16 |
Server Handles Packet Loss |
Simulate packet loss |
Server handles retransmission |
17 |
Client Handles Server Downtime |
Server is offline |
Client times out gracefully |
18 |
Server Restarts |
Server restarts during session |
Client reconnects successfully |
19 |
Client Handles Server IP Change |
Server IP changes |
Client reconnects to new IP |
20 |
Server Handles High Load |
Simulate high traffic |
Server remains responsive |
21 |
Client Handles Server Overload |
Server drops requests |
Client retries or fails gracefully |
22 |
Server Logs Requests |
Enable logging |
Requests logged correctly |
23 |
Client Logs Responses |
Enable client logging |
Responses logged correctly |
24 |
Server Handles IPv4 |
Client uses IPv4 |
Server responds with IPv4 mapping |
25 |
Server Handles IPv6 |
Client uses IPv6 |
Server responds with IPv6 mapping |
26 |
Client Handles NAT Mapping |
Client behind NAT |
Server returns mapped address |
27 |
Server Handles NAT Detection |
Server detects NAT type |
Client receives NAT type info |
28 |
Client Handles Port Mapping |
Client behind NAT |
Server returns mapped port |
29 |
Server Handles Binding Request Format |
Validate request format |
Server accepts valid format |
30 |
Server Handles Binding Response Format |
Validate response format |
Client parses successfully |
31 |
Client Handles Server Certificate |
Use TLS |
Client validates certificate |
32 |
Server Handles TLS Handshake |
Use secure connection |
Handshake completes successfully |
33 |
Client Handles DTLS |
Use DTLS transport |
Client receives response securely |
34 |
Server Handles DTLS |
Accept DTLS request |
Server responds securely |
35 |
Client Handles Server Timeout |
Server does not respond |
Client retries or fails |
36 |
Server Handles Client Timeout |
Client disconnects |
Server cleans up resources |
37 |
Client Handles Server Error Code |
Server returns error |
Client interprets correctly |
38 |
Server Handles Unknown Attributes |
Client sends unknown attributes |
Server ignores or returns error |
39 |
Client Handles Alternate Server |
Server redirects to another |
Client connects to alternate server |
40 |
Server Handles Alternate Server Attribute |
Include alternate server info |
Client switches server |
41 |
Client Handles Multiple Interfaces |
Client has multiple NICs |
Server returns correct mapping per interface |
42 |
Server Handles Multiple IPs |
Server has multiple IPs |
Client connects to correct one |
43 |
Client Handles NAT Rebinding |
NAT changes port |
Client re-initiates request |
44 |
Server Handles NAT Rebinding |
Client port changes |
Server responds to new port |
45 |
Client Handles Server Load Balancer |
Behind load balancer |
Client receives valid response |
46 |
Server Handles Load Balancing |
Distribute requests |
All clients served correctly |
47 |
Client Handles Server Clustering |
Server is part of cluster |
Client receives consistent response |
48 |
Server Handles Cluster Sync |
Sync state across nodes |
Responses remain consistent |
49 |
Client Handles Server Failover |
Primary server fails |
Client switches to backup |
50 |
Server Handles Client Failover |
Client reconnects |
Server accepts new session |
Support for IPv4 and IPv6 - Testcases
Support for IPv4 and IPv6 |
|||
|---|---|---|---|
S.No |
Test Case |
Description |
Expected Result |
1 |
IPv4 Client Request |
Client sends STUN request over IPv4 |
Server responds with IPv4-mapped address |
2 |
IPv6 Client Request |
Client sends STUN request over IPv6 |
Server responds with IPv6-mapped address |
3 |
Dual Stack Client |
Client supports both IPv4 and IPv6 |
Server responds based on selected protocol |
4 |
IPv4 Server Binding |
Server listens on IPv4 address |
IPv4 clients connect successfully |
5 |
IPv6 Server Binding |
Server listens on IPv6 address |
IPv6 clients connect successfully |
6 |
Dual Stack Server |
Server supports both IP versions |
Handles both IPv4 and IPv6 requests |
7 |
IPv4 NAT Mapping |
Client behind IPv4 NAT |
Server returns public IPv4 and port |
8 |
IPv6 NAT Mapping |
Client behind IPv6 NAT |
Server returns public IPv6 and port |
9 |
IPv4-only Client |
Client supports only IPv4 |
Server responds with IPv4 address |
10 |
IPv6-only Client |
Client supports only IPv6 |
Server responds with IPv6 address |
11 |
IPv4 Packet Format |
Validate IPv4 STUN packet |
Packet conforms to RFC 5389 |
12 |
IPv6 Packet Format |
Validate IPv6 STUN packet |
Packet conforms to RFC 5389 |
13 |
IPv4 DNS Resolution |
Resolve STUN server via A record |
IPv4 address returned |
14 |
IPv6 DNS Resolution |
Resolve STUN server via AAAA record |
IPv6 address returned |
15 |
IPv4 Firewall Traversal |
Client behind IPv4 firewall |
STUN request succeeds |
16 |
IPv6 Firewall Traversal |
Client behind IPv6 firewall |
STUN request succeeds |
17 |
IPv4 NAT Detection |
Detect NAT type over IPv4 |
NAT type correctly identified |
18 |
IPv6 NAT Detection |
Detect NAT type over IPv6 |
NAT type correctly identified |
19 |
IPv4 Port Mapping |
Discover port mapping over IPv4 |
Mapping returned |
20 |
IPv6 Port Mapping |
Discover port mapping over IPv6 |
Mapping returned |
21 |
IPv4 Packet Loss |
Simulate IPv4 packet loss |
Retransmission succeeds |
22 |
IPv6 Packet Loss |
Simulate IPv6 packet loss |
Retransmission succeeds |
23 |
IPv4 Latency |
Measure latency over IPv4 |
Response time recorded |
24 |
IPv6 Latency |
Measure latency over IPv6 |
Response time recorded |
25 |
IPv4 MTU Handling |
Send large IPv4 packet |
Fragmentation handled |
26 |
IPv6 MTU Handling |
Send large IPv6 packet |
Fragmentation handled |
27 |
IPv4 NAT Hairpinning |
Test hairpinning over IPv4 |
Behavior observed |
28 |
IPv6 NAT Hairpinning |
Test hairpinning over IPv6 |
Behavior observed |
29 |
IPv4 STUN over UDP |
Use UDP transport |
IPv4 response received |
30 |
IPv6 STUN over UDP |
Use UDP transport |
IPv6 response received |
31 |
IPv4 STUN over TCP |
Use TCP transport |
IPv4 response received |
32 |
IPv6 STUN over TCP |
Use TCP transport |
IPv6 response received |
33 |
IPv4 STUN over TLS |
Use TLS over IPv4 |
Secure response received |
34 |
IPv6 STUN over TLS |
Use TLS over IPv6 |
Secure response received |
35 |
IPv4 STUN over DTLS |
Use DTLS over IPv4 |
Secure response received |
36 |
IPv6 STUN over DTLS |
Use DTLS over IPv6 |
Secure response received |
37 |
IPv4 NAT Timeout |
Simulate timeout |
Mapping expires |
38 |
IPv6 NAT Timeout |
Simulate timeout |
Mapping expires |
39 |
IPv4 Address Conflict |
Duplicate IPv4 mapping |
Conflict detected |
40 |
IPv6 Address Conflict |
Duplicate IPv6 mapping |
Conflict detected |
41 |
IPv4 Server Load |
High load on IPv4 interface |
Server remains responsive |
42 |
IPv6 Server Load |
High load on IPv6 interface |
Server remains responsive |
43 |
IPv4 Server Restart |
Restart IPv4 listener |
Clients reconnect successfully |
44 |
IPv6 Server Restart |
Restart IPv6 listener |
Clients reconnect successfully |
45 |
IPv4 Client Logging |
Log IPv4 request/response |
Logs contain correct info |
46 |
IPv6 Client Logging |
Log IPv6 request/response |
Logs contain correct info |
47 |
IPv4 Server Logging |
Log IPv4 traffic |
Logs contain correct info |
48 |
IPv6 Server Logging |
Log IPv6 traffic |
Logs contain correct info |
49 |
IPv4/IPv6 Failover |
Fail IPv4, fallback to IPv6 |
Client switches to IPv6 |
50 |
IPv6/IPv4 Failover |
Fail IPv6, fallback to IPv4 |
Client switches to IPv4 |
Used in WebRTC and VoIP - Testcases
Used in WebRTC and VoIP |
|||
|---|---|---|---|
S.No |
Test Case |
Description |
Expected Result |
1 |
WebRTC Peer Connection |
Establish WebRTC call |
STUN used to discover public IP |
2 |
VoIP Call Setup |
Initiate VoIP call |
STUN resolves NAT mapping |
3 |
STUN in SDP Exchange |
Include STUN in SDP |
ICE candidates include STUN info |
4 |
STUN with TURN Fallback |
STUN fails, TURN used |
Call still connects |
5 |
STUN with ICE Framework |
Use ICE with STUN |
ICE gathers candidates via STUN |
6 |
STUN with NAT Traversal |
WebRTC behind NAT |
STUN discovers public IP and port |
7 |
STUN with Symmetric NAT |
WebRTC behind symmetric NAT |
STUN detects NAT type |
8 |
STUN with Full Cone NAT |
WebRTC behind full cone NAT |
STUN returns consistent mapping |
9 |
STUN with Port Restricted NAT |
WebRTC behind port-restricted NAT |
STUN returns mapped address |
10 |
STUN with Mobile VoIP |
Use VoIP on mobile network |
STUN returns public IP |
11 |
STUN with Wi-Fi VoIP |
Use VoIP on Wi-Fi |
STUN returns public IP |
12 |
STUN with Ethernet VoIP |
Use VoIP on LAN |
STUN returns public IP |
13 |
STUN with Browser WebRTC |
Use WebRTC in browser |
STUN request sent automatically |
14 |
STUN with Native App |
Use STUN in native VoIP app |
Public IP discovered |
15 |
STUN with IPv4 |
Use IPv4 network |
STUN returns IPv4 address |
16 |
STUN with IPv6 |
Use IPv6 network |
STUN returns IPv6 address |
17 |
STUN with Dual Stack |
Use dual-stack client |
Both IPv4 and IPv6 candidates gathered |
18 |
STUN with UDP |
Use UDP transport |
STUN request succeeds |
19 |
STUN with TCP |
Use TCP transport |
STUN request succeeds |
20 |
STUN with TLS |
Use STUN over TLS |
Secure connection established |
21 |
STUN with DTLS |
Use STUN over DTLS |
Secure connection established |
22 |
STUN Server Unreachable |
STUN server down |
ICE candidate gathering fails |
23 |
STUN Server Timeout |
STUN server slow |
ICE retries or fails gracefully |
24 |
STUN Server Failover |
Primary STUN fails |
Secondary STUN used |
25 |
STUN with ICE Restart |
ICE restarts mid-call |
STUN re-discovers candidates |
26 |
STUN with Call Reconnection |
Reconnect dropped call |
STUN re-used for new mapping |
27 |
STUN with Call Transfer |
Transfer VoIP call |
STUN resolves new path |
28 |
STUN with Call Hold/Resume |
Hold and resume call |
STUN mapping remains valid |
29 |
STUN with Call Recording |
Record VoIP call |
STUN ensures media path is stable |
30 |
STUN with Group Call |
Multi-party WebRTC call |
STUN used for each peer |
31 |
STUN with Video Call |
WebRTC video call |
STUN resolves media path |
32 |
STUN with Audio Call |
WebRTC audio call |
STUN resolves media path |
33 |
STUN with Screen Sharing |
Share screen via WebRTC |
STUN resolves media path |
34 |
STUN with NAT Timeout |
NAT closes port |
STUN re-discovers mapping |
35 |
STUN with ICE Candidate Gathering |
Gather ICE candidates |
STUN provides server reflexive candidates |
36 |
STUN with STUN Binding Request |
Send binding request |
Server returns mapped address |
37 |
STUN with STUN Binding Response |
Receive response |
Client parses public IP and port |
38 |
STUN with Call Quality Monitoring |
Monitor call stats |
STUN ensures stable connection |
39 |
STUN with Call Encryption |
Encrypt media |
STUN used only for signaling |
40 |
STUN with SIP Integration |
Use STUN in SIP call |
NAT traversal succeeds |
41 |
STUN with Jitsi Meet |
Use STUN in Jitsi |
ICE candidates gathered |
42 |
STUN with Zoom |
Use STUN in Zoom (if applicable) |
NAT traversal handled |
43 |
STUN with Google Meet |
Use STUN in Meet |
ICE candidates include STUN |
44 |
STUN with Microsoft Teams |
Use STUN in Teams |
Public IP discovered |
45 |
STUN with Discord |
Use STUN in Discord voice |
NAT traversal succeeds |
46 |
STUN with WhatsApp Web |
Use STUN in browser call |
ICE candidates gathered |
47 |
STUN with Signal |
Use STUN in Signal call |
Public IP discovered |
48 |
STUN with Telegram |
Use STUN in Telegram call |
NAT traversal handled |
49 |
STUN with SIP Trunk |
Use STUN in SIP trunking |
Public IP resolved |
50 |
STUN with VoIP Gateway |
Use STUN in VoIP gateway |
NAT traversal succeeds |
Reference links