Test the NAT type of the current network

2023-02-20

• https://www.txthinking.com
• https://www.txthinking.com/talks/
• YouTube
• Telegram

Nami needs to be installed

https://github.com/txthinking/nami

Install stuntman

nami install stuntman

One line command to test the NAT type of the current network

stunclient stun.stunprotocol.org --mode behavior

stunclient stun.stunprotocol.org --mode filtering

Why is the output not a string like Full Cone or Symmetric

You may often see NAT types like Full-cone NAT, Address-restricted-cone NAT, Port-restricted cone NAT, Symmetric NAT.

Many NAT implementations combine these types, so it is better to refer to specific individual NAT behavior instead of using the Cone/Symmetric terminology.

Go back to the output of the test command above, if you have to classify the above names:
Full Cone is Endpoint-Independent Mapping，Endpoint-Independent Filtering.
Symmetric is Address- and Port-Dependent Mapping, Address-Dependent Filtering or Address and Port-Dependent Filtering.

Which is better

• Full-cone NAT: the simplest and loosest, the least secure.
• Symmetric: the most complex and strict, the safest.