Packetman saysMost network observability tools test from your endpoints to a fixed cloud probe — they tell you "Dallas is slow to AWS" but can't tell you whether your radiologist at home can actually open a CT scan from your hospital's PACS server. DataStun does that. Every agent in your fleet can test against every other agent directly, peer-to-peer, NAT-punched via the STUN protocol — the same firewall traversal that powers FaceTime, Zoom, and WebRTC. With 100 agents, that's about 4,950 unique paths measured continuously. With 1,000 agents, about 499,500. The data density is two orders of magnitude higher than synthetic-probe tools. And the path being measured is the path your users are actually on, not the path to a CDN node in the next data center.DataStun is the network-observability platform built on the STUN protocol — the same NAT-traversal technology that powers FaceTime and WebRTC. Every agent in your fleet can measure the actual path to every other agent, peer-to-peer, across any firewall, in seconds. The radiologist on hotel wifi to your hospital’s PACS server. The trader at home to your trading floor. The engineer at a client site to your design servers. Measured continuously, reported in plain English, across NATs no synthetic probe can cross.
Packetman saysThe radiologist story isn't hypothetical. Every healthcare CIO has a version of this: a remote employee depending on a backend application accessed across firewalls, NAT, hotel wifi, and the public internet. Their only signal that the connection is broken is a help-desk ticket from a frustrated user — usually hours into the problem, sometimes after a missed deadline. DataStun replaces "did the radiologist's connection just degrade?" with "yes, fifteen minutes ago, here's the path that slowed, here's the leg where the latency added up."She opens a 50 MB CT scan on her laptop in the airport lounge. The DICOM images need to render fast enough for her to read them between flights. Her hospital’s PACS server sits behind layers of firewall, accessible only through the hospital VPN. Her laptop is on hotel wifi behind their NAT.
No existing tool can tell her, her IT team, or her department head whether she can actually read that scan from that location right now. Help-desk tickets are lagging and anecdotal. Synthetic probes test the wrong path entirely. VPN logs show connection but not quality.
DataStun does. The agent on her laptop and the agent on the PACS-adjacent server STUN-punch through both firewalls, establish a direct peer connection, measure latency and throughput against the real path between them, and write the result to the dashboard. The hospital’s IT director sees, in real time, which of their seventy remote radiologists currently have a usable connection to the PACS system. If one degrades, they know within five minutes — not when the radiologist files a ticket two hours into a stuck case.
Every category leaves a gap that the radiologist scenario falls into. The gap is “measurement from the actual user’s actual device to the actual application server, continuously, across firewalls and NATs.”
Lagging. Anecdotal. Biased toward complainers. By the time you have a ticket, the user has already lost productivity for hours.
Subjective, low response rate, retrospective. “The VPN feels slow today” is not actionable.
Measures the wrong path entirely. Tells you the path from a probe location to a CDN node, not from your user’s laptop to your application server.
Says nothing about the last mile. Reports server-side latency from your data center outward; the path the user actually traverses is invisible.
Show that a connection was made. Say nothing about whether the connection is usable for reading a CT scan, running a CAD model, or working a trading terminal.
Hurls 600 MB of test traffic at a CDN node. Useful for “how fast is the line right now to one CDN” — useless for “can I open a 50 MB DICOM from my hospital”.
Continuous n² mesh testing between your own agents, NAT-traversed via the STUN protocol, on a scheduled cycle. The path being measured is the path your users are actually on.
Not “an agent against a cloud probe.” Direct, peer-to-peer measurement between two of your agents — in both directions independently, scheduled, continuous. With N agents, you get N² − N independent path readings per cycle.
The STUN protocol (RFC 8489) is the same NAT-traversal technique that powers FaceTime, Zoom, Teams, and every modern voice-over-IP system. DataStun applies it to network measurement instead of media transit. If your firewall lets your CEO take a Teams call from a hotel, it can let DataStun agents measure the path between them.
The agent runs on your radiologist’s laptop in the airport lounge, your trader’s machine at home, your engineer’s workstation at a client site. The measurement starts where the user starts. The path measured is the path the user’s traffic takes.
The other end of the measurement is an agent next to your PACS, EHR, trading system, design server, document review platform — the actual backend the user depends on. Not a synthetic endpoint in the cloud.
A scheduled cadence runs continuously; on-demand mesh tests in seconds when you need a number now. The dashboard always has fresh data — you don’t need to ask a user to run a speed test for you.
“Of your seventy remote radiologists, sixty-eight currently have a usable connection to the PACS server. Two have degraded latency — the radiologist in Atlanta and the one in Phoenix. Drill down to see the path.”
Packetman saysThe natural reaction to "DataStun punches through your firewall" is alarm. The right reaction is to look at the security model. It's the same one your video conferencing platform already uses, and that your IT team already trusts. The traversal pattern was designed for voice and video where the security stakes are arguably higher than measurement metadata — DataStun applies it to a strictly narrower payload (path measurements, not application data) with an even tighter scope (per-test, scoped to authorized agents).The natural reaction to “DataStun punches through your firewall” is alarm. The right reaction is to look at the security model — which is the same one your video conferencing platform already uses, and that your IT team already trusts.
DataStun’s STUN-based mesh testing uses the same security model that already lets Zoom, Teams, FaceTime, WebRTC, and your enterprise voice-over-IP system traverse corporate firewalls every day. It’s not a new category of network risk — it’s an established traversal pattern your IT department already trusts for video, voice, and screen sharing, applied to network measurement instead of media transit.
A stronger framing if you want to be precise: DataStun’s traversal is strictly more restrictive than the alternatives. The other ways to understand remote-user performance to backend apps all require more exposure: opening inbound ports on your firewall, running a corporate VPN that pulls users onto your network, deploying synthetic probes inside your DMZ. DataStun’s STUN-mediated pinhole is an outbound-initiated, short-lived, metadata-only connection between two agents you authorized. Compared to opening a VPN tunnel to your corporate network, the DataStun approach is dramatically tighter scope.
Anyone who has remote workers depending on backend applications across firewalls and NATs.
Hospital CIOs need to know whether their remote radiologists can read CT scans from wherever they are, in real time. EHR access from clinicians’ homes. Telehealth video sessions from clinics with hostile networks. DataStun measures the actual path between the actual device and the actual PACS or EHR.
Trading from a road-warrior laptop, terminal access from a client’s office, back-office systems reached from home. Every leg between the trader and the trading floor measured continuously — with the latency that matters when a millisecond costs money.
Document review platforms accessed from anywhere — airports, hotels, client sites, expert witness offices. Quality of the connection drives the productivity of the review. DataStun gives the firm a real number per attorney per site.
Engineers at client sites running CAD/CAM against your design servers, remote workstations dependent on file servers across the WAN. DataStun measures the workstation-to-server path — not the workstation-to-Speedtest path that says nothing about whether the model loads.
Contractors on approved devices accessing classified-adjacent systems from approved locations. The compliance question is “can they actually do the work?” — DataStun answers it with measurement and an attribution trail.
Service providers serving any of the above need to prove SLA compliance for fleets of remote users across regions. DataStun ships the proof as a continuous fleet-wide measurement that the client can audit at any time.
Mesh diagnostics is one of four lanes. Each lane is built on the same agent install and the same metadata-only constraint — safe to deploy on every machine in the fleet.
Process-attributed traffic, A–F destination grading, blocklist refusal at the OS firewall, multi-source executable reputation, AI governance, Hop Starvation.
Kernel-native passive grading from every TCP session your apps already run. Included on every tier; the daily-driver answer to “is anything wrong?”
Continuous n² agent-to-agent testing via STUN-traversed peer connections. The path the user actually traverses, measured.
Where did your data go, where can it go from here, where does the platform itself sit. Audit + enforcement + residency, three layers.
For the deeper technical view of mesh primitives, connection ladder, probe cycles, and Advanced Packet Diagnostics, see /diagnostics.
Sign up free, enroll three agents, and the mesh lights up on day one. Individual tier covers 10 agents with 30 days of history. Mesh testing scales with your tier.