The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "FaceTime"
(→How does Apples (FaceTime) Server know the IP Address of the 2nd (to be called) iPhone ?: on iphone, it is always connected, so no point in proccess all over again on 3g) |
m |
||
(12 intermediate revisions by 9 users not shown) | |||
Line 1: | Line 1: | ||
== General == |
== General == |
||
− | FaceTime is iChat AV for |
+ | FaceTime is iChat AV for [[iPad 2]] and newer, [[iPad mini]] and newer, [[N81AP|iPod touch (4th generation)]] and newer, [[iPhone 4]] and newer. Jobs presented an "alphabet soup" of technologies that were involved in making FaceTime work, many of which are shared with iChat AV, including: |
* H.264 and AAC, its ISO/MPEG video and audio codecs (just like iChat). |
* H.264 and AAC, its ISO/MPEG video and audio codecs (just like iChat). |
||
Line 12: | Line 12: | ||
FaceTime uses ports 53, 80, 443, 4080, 5223, and 16393-16472 (UDP). |
FaceTime uses ports 53, 80, 443, 4080, 5223, and 16393-16472 (UDP). |
||
+ | |||
+ | A Mac Client for FaceTime is available on The Mac app store. More info can be found at http://www.apple.com/mac/facetime/ |
||
== FaceTime Activation / Registration == |
== FaceTime Activation / Registration == |
||
− | FaceTime is activated by sending a couple of SMS text messages in the background between the iPhone and an Apple server. If your carrier does not officially support the iPhone 4, you may be charged for sending the activation SMS to an international (UK) number. Your carrier might also have issues delivering the SMS correctly which will prevent FaceTime from activating. |
+ | FaceTime is activated by sending a couple of SMS text messages in the background between the iPhone and an Apple server. If your carrier does not officially support the [[iPhone 4]], you may be charged for sending the activation SMS to an international (UK) number. Your carrier might also have issues delivering the SMS correctly which will prevent FaceTime from activating. |
After enabling FaceTime in iPhone settings, your iPhone will attempt to send a "silent text message" (i. e. a text you don't know about) to Apple, that registers your telephone number on Apple's servers used for FaceTime. Apple then returns a "silent coded text message" to your iPhone, that activates the FaceTime within iOS4. |
After enabling FaceTime in iPhone settings, your iPhone will attempt to send a "silent text message" (i. e. a text you don't know about) to Apple, that registers your telephone number on Apple's servers used for FaceTime. Apple then returns a "silent coded text message" to your iPhone, that activates the FaceTime within iOS4. |
||
Line 177: | Line 179: | ||
102 8.258196 192.168.0.128 192.168.2.106 STUN2 Binding Request |
102 8.258196 192.168.0.128 192.168.2.106 STUN2 Binding Request |
||
103 8.286606 192.168.0.128 192.168.2.106 STUN2 Binding Request |
103 8.286606 192.168.0.128 192.168.2.106 STUN2 Binding Request |
||
− | 104 8.303893 192.168.0.128 72.81.200.200 |
+ | 104 8.303893 192.168.0.128 72.81.200.200 STUN2 Binding Request |
105 8.313353 192.168.0.128 192.168.2.106 STUN2 Binding Request |
105 8.313353 192.168.0.128 192.168.2.106 STUN2 Binding Request |
||
− | 106 8.313582 72.81.200.200 |
+ | 106 8.313582 72.81.200.200 192.168.0.128 STUN2 Binding Request |
− | 107 8.316909 192.168.0.128 72.81.200.200 |
+ | 107 8.316909 192.168.0.128 72.81.200.200 STUN2 Binding Success Response |
− | 108 8.333677 192.168.0.128 72.81.200.200 |
+ | 108 8.333677 192.168.0.128 72.81.200.200 STUN2 Binding Request |
− | 109 8.344419 72.81.200.200 |
+ | 109 8.344419 72.81.200.200 192.168.0.128 STUN2 Binding Request |
− | 110 8.350980 192.168.0.128 72.81.200.200 |
+ | 110 8.350980 192.168.0.128 72.81.200.200 STUN2 Binding Success Response |
− | 111 8.360852 192.168.0.128 72.81.200.200 |
+ | 111 8.360852 192.168.0.128 72.81.200.200 STUN2 Binding Request |
− | 112 8.374294 72.81.200.200 |
+ | 112 8.374294 72.81.200.200 192.168.0.128 STUN2 Binding Request |
− | 113 8.376750 192.168.0.128 72.81.200.200 |
+ | 113 8.376750 192.168.0.128 72.81.200.200 STUN2 Binding Success Response |
114 8.467002 192.168.0.128 192.168.2.106 STUN2 Binding Request |
114 8.467002 192.168.0.128 192.168.2.106 STUN2 Binding Request |
||
115 8.496083 192.168.0.128 192.168.2.106 STUN2 Binding Request |
115 8.496083 192.168.0.128 192.168.2.106 STUN2 Binding Request |
||
− | 116 8.528156 72.81.200.200 |
+ | 116 8.528156 72.81.200.200 192.168.0.128 STUN2 Binding Request |
− | 117 8.530139 192.168.0.128 72.81.200.200 |
+ | 117 8.530139 192.168.0.128 72.81.200.200 STUN2 Binding Request |
− | 118 8.530765 192.168.0.128 72.81.200.200 |
+ | 118 8.530765 192.168.0.128 72.81.200.200 STUN2 Binding Success Response |
− | 119 8.553316 72.81.200.200 |
+ | 119 8.553316 72.81.200.200 192.168.0.128 STUN2 Binding Request |
− | 120 8.555467 192.168.0.128 72.81.200.200 |
+ | 120 8.555467 192.168.0.128 72.81.200.200 STUN2 Binding Request |
− | 121 8.556032 192.168.0.128 72.81.200.200 |
+ | 121 8.556032 192.168.0.128 72.81.200.200 STUN2 Binding Success Response |
− | 122 8.626234 72.81.200.200 |
+ | 122 8.626234 72.81.200.200 192.168.0.128 STUN2 Binding Success Response |
− | 123 8.629896 72.81.200.200 |
+ | 123 8.629896 72.81.200.200 192.168.0.128 STUN2 Binding Success Response123 |
− | 124 8.730361 192.168.0.128 72.81.200.200 |
+ | 124 8.730361 192.168.0.128 72.81.200.200 SIP/SDP Request: INVITE sip:user@72.81.200.200:50925, with session description |
− | 125 8.748746 72.81.200.200 |
+ | 125 8.748746 72.81.200.200 192.168.0.128 STUN2 Binding Success Response |
126 8.771618 192.168.0.128 192.168.2.106 STUN2 Binding Request |
126 8.771618 192.168.0.128 192.168.2.106 STUN2 Binding Request |
||
127 8.797557 192.168.0.128 192.168.2.106 STUN2 Binding Request |
127 8.797557 192.168.0.128 192.168.2.106 STUN2 Binding Request |
||
− | 128 8.925571 72.81.200.200 |
+ | 128 8.925571 72.81.200.200 192.168.0.128 STUN2 Binding Success Response |
− | 129 8.927723 72.81.200.200 |
+ | 129 8.927723 72.81.200.200 192.168.0.128 STUN2 Binding Success Response |
− | 130 9.232700 192.168.0.128 72.81.200.200 |
+ | 130 9.232700 192.168.0.128 72.81.200.200 SIP/SDP Request: INVITE sip:user@72.81.200.200:50925, with session description |
131 9.258562 192.168.0.128 192.168.2.106 STUN2 Binding Request |
131 9.258562 192.168.0.128 192.168.2.106 STUN2 Binding Request |
||
− | 132 9.262926 72.81.200.200 |
+ | 132 9.262926 72.81.200.200 192.168.0.128 SIP Status: 100 Trying |
− | 133 9.268831 72.81.200.200 |
+ | 133 9.268831 72.81.200.200 192.168.0.128 SIP Status: 180 Ringing |
134 9.296692 192.168.0.128 192.168.2.106 STUN2 Binding Request |
134 9.296692 192.168.0.128 192.168.2.106 STUN2 Binding Request |
||
− | 135 9.320586 72.81.200.200 |
+ | 135 9.320586 72.81.200.200 192.168.0.128 SIP/SDP Status: 200 OK, with session description |
− | 136 9.326857 192.168.0.128 72.81.200.200 |
+ | 136 9.326857 192.168.0.128 72.81.200.200 SIP Request: ACK sip:user@72.81.200.200:50925 |
− | 137 9.334699 192.168.0.128 72.81.200.200 |
+ | 137 9.334699 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 |
− | 138 9.688477 72.81.200.200 |
+ | 138 9.688477 72.81.200.200 192.168.0.128 SIP/SDP Status: 200 OK, with session description |
− | 139 9.716567 192.168.0.128 72.81.200.200 |
+ | 139 9.716567 192.168.0.128 72.81.200.200 SIP Request: ACK sip:user@72.81.200.200:50925 |
− | 140 9.834542 192.168.0.128 72.81.200.200 |
+ | 140 9.834542 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 |
− | 141 10.216053 72.81.200.200 |
+ | 141 10.216053 72.81.200.200 192.168.0.128 SIP Status: 200 OK |
− | 142 10.230152 192.168.0.128 72.81.200.200 |
+ | 142 10.230152 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 |
− | 143 10.442848 72.81.200.200 |
+ | 143 10.442848 72.81.200.200 192.168.0.128 SIP Status: 200 OK |
− | 144 10.491689 72.81.200.200 |
+ | 144 10.491689 72.81.200.200 192.168.0.128 SIP Status: 200 OK |
− | 145 10.727812 192.168.0.128 72.81.200.200 |
+ | 145 10.727812 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 |
− | 146 11.229984 192.168.0.128 72.81.200.200 |
+ | 146 11.229984 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 |
− | 147 11.318007 72.81.200.200 |
+ | 147 11.318007 72.81.200.200 192.168.0.128 SIP Status: 200 OK |
− | 148 11.367565 192.168.0.128 72.81.200.200 |
+ | 148 11.367565 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 |
− | 149 11.618986 72.81.200.200 |
+ | 149 11.618986 72.81.200.200 192.168.0.128 SIP Status: 200 OK |
− | 150 11.866691 192.168.0.128 72.81.200.200 |
+ | 150 11.866691 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 |
− | 151 11.998932 192.168.0.128 72.81.200.200 |
+ | 151 11.998932 192.168.0.128 72.81.200.200 UDP Source port: 16402 Destination port: 50925 |
− | 152 12.035444 72.81.200.200 |
+ | 152 12.035444 72.81.200.200 192.168.0.128 SIP Status: 200 OK |
− | 153 12.063916 192.168.0.128 72.81.200.200 |
+ | 153 12.063916 192.168.0.128 72.81.200.200 UDP Source port: 16402 Destination port: 50925 |
− | 154 12.129174 192.168.0.128 72.81.200.200 |
+ | 154 12.129174 192.168.0.128 72.81.200.200 UDP Source port: 16402 Destination port: 50925 |
− | 155 12.180258 192.168.0.128 72.81.200.200 |
+ | 155 12.180258 192.168.0.128 72.81.200.200 UDP Source port: 16402 Destination port: 50925 |
− | 156 12.183416 192.168.0.128 72.81.200.200 |
+ | 156 12.183416 192.168.0.128 72.81.200.200 UDP Source port: 16402 Destination port: 50925 |
− | 157 12.187093 72.81.200.200 |
+ | 157 12.187093 72.81.200.200 192.168.0.128 SIP Status: 200 OK |
− | 158 12.195043 192.168.0.128 72.81.200.200 |
+ | 158 12.195043 192.168.0.128 72.81.200.200 UDP Source port: 16402 Destination port: 50925 |
− | 159 12.200932 72.81.200.200 |
+ | 159 12.200932 72.81.200.200 192.168.0.128 SIP Request: BYE sip:user@192.168.0.128:16402 |
− | 160 12.206181 192.168.0.128 72.81.200.200 |
+ | 160 12.206181 192.168.0.128 72.81.200.200 SIP Status: 200 OK |
</pre> |
</pre> |
||
Line 255: | Line 257: | ||
== How does Apples (FaceTime) Server know the IP Address of the 2nd (to be called) iPhone ? == |
== How does Apples (FaceTime) Server know the IP Address of the 2nd (to be called) iPhone ? == |
||
− | Easy, every iPhone registers itself at Apple whenever |
+ | Easy, every iPhone registers itself at Apple's push notification server whenever WiFi is available ("calls" Home). |
Basic Process: |
Basic Process: |
||
− | * iPhone |
+ | * iPhone detects Wi-Fi Connection |
− | * iPhone gets IP |
+ | * iPhone gets IP address via DHCP (if not set to static in Settings) |
− | * iPhone sends HTTP |
+ | * iPhone sends a HTTP request to www.apple.com/library/test/success.html |
− | * |
+ | * Apple's servers send back a HTML page containing only the word "Success" in the title and body |
* iPhone knows it is connected to the Internet |
* iPhone knows it is connected to the Internet |
||
− | * |
+ | * iPhone gets iphone-wu.apple.com/7day/v2/latest/lto2.dat to enable a quick GPS fix for Location Services; LTO stands for long-term orbit. This is unrelated to FaceTime. |
− | * iPhone contacts init.ess.apple.com |
+ | * iPhone contacts the FaceTime server, init.ess.apple.com |
− | * iPhone |
+ | * iPhone downloads EVIntl-aia.verisign.com/EVIntl2006.cer |
− | * iPhone joins |
+ | * iPhone joins Apple's Jabber server at 17.149.36.99 |
− | * Apple knows |
+ | * Apple knows the iPhone's IP, which is then used for FaceTime and other push notifications. |
== Additional Information == |
== Additional Information == |
||
Line 275: | Line 277: | ||
* Excellent Analysis: http://www.packetstan.com/ |
* Excellent Analysis: http://www.packetstan.com/ |
||
* Highly Rumorous: http://www.addictivetips.com/mobile/apple-gathering-facetime-information-ability-to-see-video-calls/ |
* Highly Rumorous: http://www.addictivetips.com/mobile/apple-gathering-facetime-information-ability-to-see-video-calls/ |
||
+ | |||
+ | [[Category:Software]] |
Latest revision as of 10:12, 26 March 2017
Contents
General
FaceTime is iChat AV for iPad 2 and newer, iPad mini and newer, iPod touch (4th generation) and newer, iPhone 4 and newer. Jobs presented an "alphabet soup" of technologies that were involved in making FaceTime work, many of which are shared with iChat AV, including:
- H.264 and AAC, its ISO/MPEG video and audio codecs (just like iChat).
- SIP (Session Initiation Protocol), the open IETF signaling protocol for VoIP used by iChat AV.
- STUN (Session Traversal Utilities for NAT), an IETF standard for dealing with lots of different kinds of NAT.
- TURN (Traversal Using Relay NAT), an IETF standard for allowing a client behind NAT to receive incoming requests like a server.
- ICE (Interactive Connectivity Establishment) an IETF standard which helps set up connections through NAT firewalls.
- RTP (Real-time Transport Protocol), an iETF standard for delivering media streams in VoIP.
- SRTP (Secure RTP) an IETF standard designed to provide encryption, message authentication and integrity for the data streams.
FaceTime uses ports 53, 80, 443, 4080, 5223, and 16393-16472 (UDP).
A Mac Client for FaceTime is available on The Mac app store. More info can be found at http://www.apple.com/mac/facetime/
FaceTime Activation / Registration
FaceTime is activated by sending a couple of SMS text messages in the background between the iPhone and an Apple server. If your carrier does not officially support the iPhone 4, you may be charged for sending the activation SMS to an international (UK) number. Your carrier might also have issues delivering the SMS correctly which will prevent FaceTime from activating.
After enabling FaceTime in iPhone settings, your iPhone will attempt to send a "silent text message" (i. e. a text you don't know about) to Apple, that registers your telephone number on Apple's servers used for FaceTime. Apple then returns a "silent coded text message" to your iPhone, that activates the FaceTime within iOS4.
After being activated, FaceTime will happily operate solely over WiFi. However, FaceTime activation currently requires the iPhone to be activated, have an active SIM card with the ability to send and receive SMSes. If there's an issue sending or receiving SMS messages, FaceTime can't be enabled or activated.
FaceTime will work successfully in Airplane Mode over WiFi, however it requires FaceTime to be activated, and a SIM card inserted in your device.
FaceTime Registration Request
The iPhone sends a Registration Request SMS silently to this UK number (as identified by the +44 country code): +44 7786 205094. AT&T customers have their own local number for FaceTime activations: 28818773. In Bell and Telus carrier bundles, version 7.2 the number is: 49988.
The Activation Servers number (PhoneNumberRegistrationGatewayAddress) is set in carrier.plist in System/Library/Carrier Bundles/<Your carrier>.bundle (or Unknown.bundle):
<key>PhoneNumberRegistrationGatewayAddress</key> <string>+447786205094</string>
You can change this to i. e. your own number and FaceTime will send the FaceTime Registration Request SMS to your own number.
Some carrier bundles (i.e. T-Mobile Germany Carrier Update 7.1) also contain the following key, which displays a warning that SMS charges might be applied when trying to activate FaceTime.
<key>RegistrationOptInRequired</key> <true/>
Registration Request:
REG-REQ?v=2;t=char[64];i=char[40];r=char[8]
Registration Request Example:
REG-REQ?v=2;t=0C11F1ACF776391387797F5EEC1B87E9FC33DAD9 B86583270B8E8DDE78A7A23C;i=2CFA805D9A0D1D43CE57429 B4DA8E454B9AADB5D;r=5917c44d
It was noticed the last portion i= has different character for every FaceTime request.
The Request is saved on:
- /var/wireless/spool/MobileOriginated/s.sms.1073741825 (or another identifier)
FaceTime will continue to retry sending the activation SMS multiple times before failing. [1][2]
FaceTime Registration Response
If your carrier doesn't officially support silent SMS messages, you may see the FaceTime Registration Response messages displayed.
Registration Response:
¿¿¿¿y¿¿REG-RESP?v=2;r=XXXXXXX;n=+XXXXXXXXX;s=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
(X are numbers and codes received, it looks like a password and a hash code).
Packet Capture - original from FryGuy's Blog
- 1st iPhone IP Private – 192.168.0.128
- 1st iPhone IP NAT – 216.164.100.100
- 2nd iPhone IP Private 192.168.2.106
- 2nd iPhone IP NAT – 72.81.200.200
Note: NATs changed to protect the guilty
Packets
No. Time Source Destination Protocol Info 1 0.000000 192.168.0.128 17.155.5.251 UDP Source port: 16402 Destination port: connected 2 0.431054 17.155.5.251 192.168.0.128 UDP Source port: connected Destination port: 16402 3 0.715713 192.168.0.128 17.155.5.251 UDP Source port: 51136 Destination port: connected 4 0.716064 192.168.0.128 17.155.5.251 UDP Source port: 51136 Destination port: 16385 5 0.717147 192.168.0.128 17.155.5.252 UDP Source port: 51136 Destination port: 16386 6 0.958285 17.155.5.252 192.168.0.128 UDP Source port: 16386 Destination port: 51136 7 0.960329 17.155.5.251 192.168.0.128 UDP Source port: 16385 Destination port: 51136 8 0.960588 17.155.5.251 192.168.0.128 UDP Source port: connected Destination port: 51136 9 1.016402 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 10 1.018172 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 11 1.019912 192.168.0.128 17.155.4.14 TCP 50697 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=2 TSV=469580285 TSER=0 12 1.020140 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 13 1.298294 17.155.4.14 192.168.0.128 TCP https > 50697 [SYN, ACK] Seq=0 Ack=1 Win=8190 Len=0 MSS=1360 WS=4 14 1.318312 192.168.0.128 17.155.4.14 TCP 50697 > https [ACK] Seq=1 Ack=1 Win=131920 Len=0 15 1.321211 192.168.0.128 17.155.4.14 TLSv1 Client Hello 16 1.645657 192.168.0.128 17.155.5.251 UDP Source port: 51136 Destination port: connected 17 1.645978 192.168.0.128 17.155.5.251 UDP Source port: 51136 Destination port: 16385 18 1.646130 192.168.0.128 17.155.5.252 UDP Source port: 51136 Destination port: 16386 19 1.662234 192.168.0.128 208.59.216.10 TCP 50698 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=2 TSV=469580291 TSER=0 20 1.730834 17.155.4.14 192.168.0.128 TCP [TCP segment of a reassembled PDU] 21 1.731963 17.155.4.14 192.168.0.128 TLSv1 Server Hello, Certificate, Server Hello Done 22 1.808298 208.59.216.10 192.168.0.128 TCP http > 50698 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1380 TSV=941715237 TSER=469580291 WS=1 23 1.832208 192.168.0.128 17.155.4.14 TCP 50697 > https [ACK] Seq=160 Ack=1361 Win=130560 Len=0 24 1.834588 192.168.0.128 17.155.4.14 TCP 50697 > https [ACK] Seq=160 Ack=2490 Win=130788 Len=0 25 1.834954 192.168.0.128 208.59.216.10 TCP 50698 > http [ACK] Seq=1 Ack=1 Win=131328 Len=0 TSV=469580293 TSER=941715237 26 1.836526 192.168.0.128 208.59.216.10 HTTP GET /WebObjects/VCInit.woa/wa/getBag?ix=1 HTTP/1.1 27 1.881018 17.155.5.252 192.168.0.128 UDP Source port: 16386 Destination port: 51136 28 1.882147 17.155.5.251 192.168.0.128 UDP Source port: connected Destination port: 51136 29 1.883124 17.155.5.251 192.168.0.128 UDP Source port: 16385 Destination port: 51136 30 1.884207 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 31 1.886053 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 32 1.886343 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 33 1.930729 192.168.0.128 17.155.4.14 TLSv1 Client Key Exchange 34 1.930835 192.168.0.128 17.155.4.14 TLSv1 Change Cipher Spec 35 1.931583 192.168.0.128 17.155.4.14 TLSv1 Encrypted Handshake Message 36 2.190008 208.59.216.10 192.168.0.128 TCP http > 50698 [ACK] Seq=1 Ack=229 Win=6432 Len=0 TSV=941715619 TSER=469580293 37 2.190313 208.59.216.10 192.168.0.128 TCP [TCP segment of a reassembled PDU] 38 2.191366 208.59.216.10 192.168.0.128 TCP [TCP segment of a reassembled PDU] 39 2.192312 208.59.216.10 192.168.0.128 HTTP/XML HTTP/1.1 200 OK 40 2.242678 192.168.0.128 208.59.216.10 TCP 50698 > http [ACK] Seq=229 Ack=2737 Win=128592 Len=0 TSV=469580297 TSER=941715619 41 2.243014 192.168.0.128 208.59.216.10 TCP 50698 > http [ACK] Seq=229 Ack=3506 Win=127820 Len=0 TSV=469580297 TSER=941715619 42 2.393275 17.155.4.14 192.168.0.128 TCP https > 50697 [ACK] Seq=2490 Ack=299 Win=35216 Len=0 43 2.393305 17.155.4.14 192.168.0.128 TCP https > 50697 [ACK] Seq=2490 Ack=305 Win=35216 Len=0 44 2.393351 17.155.4.14 192.168.0.128 TCP https > 50697 [ACK] Seq=2490 Ack=342 Win=35184 Len=0 45 2.394633 17.155.4.14 192.168.0.128 TLSv1 Change Cipher Spec, Encrypted Handshake Message 46 2.448112 192.168.0.128 17.155.4.14 TCP 50697 > https [ACK] Seq=342 Ack=2533 Win=131876 Len=0 47 2.449760 192.168.0.128 17.155.4.14 TLSv1 Application Data 48 2.450325 192.168.0.128 17.155.4.14 TLSv1 Application Data 49 2.511448 192.168.0.128 17.155.5.251 UDP Source port: 51136 Destination port: connected 50 2.512608 192.168.0.128 17.155.5.251 UDP Source port: 51136 Destination port: 16385 51 2.512776 192.168.0.128 17.155.5.252 UDP Source port: 51136 Destination port: 16386 52 2.905644 17.155.5.252 192.168.0.128 UDP Source port: 16386 Destination port: 51136 53 2.905690 17.155.4.14 192.168.0.128 TCP https > 50697 [ACK] Seq=2533 Ack=966 Win=34560 Len=0 54 2.905782 17.155.4.14 192.168.0.128 TCP https > 50697 [ACK] Seq=2533 Ack=1453 Win=34064 Len=0 55 2.906896 17.155.5.251 192.168.0.128 UDP Source port: 16385 Destination port: 51136 56 2.907536 17.155.5.251 192.168.0.128 UDP Source port: connected Destination port: 51136 57 2.923466 17.155.4.14 192.168.0.128 TLSv1 Application Data 58 2.923924 17.155.4.14 192.168.0.128 TLSv1 Application Data 59 3.060254 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 60 3.060422 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 61 3.062146 192.168.0.128 17.155.4.14 TCP 50697 > https [ACK] Seq=1453 Ack=2894 Win=131556 Len=0 62 3.062451 192.168.0.128 17.155.4.14 TCP 50697 > https [ACK] Seq=1453 Ack=3240 Win=131212 Len=0 63 3.062741 192.168.0.128 199.7.52.190 TCP 50699 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=2 TSV=469580305 TSER=0 64 3.063122 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 65 3.532458 199.7.52.190 192.168.0.128 TCP http > 50699 [SYN, ACK] Seq=0 Ack=1 Win=8190 Len=0 MSS=1380 66 3.571122 192.168.0.128 199.7.52.190 TCP 50699 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0 67 3.579117 192.168.0.128 199.7.52.190 HTTP GET /EVIntl2006.cer HTTP/1.1 68 3.690690 192.168.0.128 17.155.4.14 TLSv1 Encrypted Alert 69 3.692505 192.168.0.128 17.155.5.251 UDP Source port: 51136 Destination port: connected 70 3.696701 192.168.0.128 17.155.4.14 TCP 50697 > https [FIN, ACK] Seq=1476 Ack=3240 Win=131920 Len=0 71 3.697007 192.168.0.128 208.59.216.10 TCP 50698 > http [FIN, ACK] Seq=229 Ack=3506 Win=131328 Len=0 TSV=469580312 TSER=941715619 72 3.697388 192.168.0.128 17.155.5.251 UDP Source port: 51136 Destination port: 16385 73 3.697617 192.168.0.128 17.155.5.252 UDP Source port: 51136 Destination port: 16386 74 3.809626 199.7.52.190 192.168.0.128 TCP [TCP segment of a reassembled PDU] 75 3.810572 199.7.52.190 192.168.0.128 HTTP HTTP/1.0 200 OK (text/plain) 76 3.881720 192.168.0.128 199.7.52.190 TCP 50699 > http [ACK] Seq=154 Ack=1865 Win=65535 Len=0 77 3.890585 192.168.0.128 199.7.52.190 TCP 50699 > http [FIN, ACK] Seq=154 Ack=1865 Win=65535 Len=0 78 3.952258 208.59.216.10 192.168.0.128 TCP http > 50698 [FIN, ACK] Seq=3506 Ack=230 Win=6432 Len=0 TSV=941717381 TSER=469580312 79 3.954256 192.168.0.128 208.59.216.10 TCP 50698 > http [ACK] Seq=230 Ack=3507 Win=131328 Len=0 TSV=469580314 TSER=941717381 80 4.007781 17.155.4.14 192.168.0.128 TCP https > 50697 [ACK] Seq=3240 Ack=1476 Win=40928 Len=0 81 4.007965 17.155.4.14 192.168.0.128 TCP https > 50697 [FIN, ACK] Seq=3240 Ack=1477 Win=40928 Len=0 82 4.009155 17.155.5.251 192.168.0.128 UDP Source port: 16385 Destination port: 51136 83 4.009170 17.155.5.251 192.168.0.128 UDP Source port: connected Destination port: 51136 84 4.009948 192.168.0.128 17.155.4.14 TCP 50697 > https [FIN, ACK] Seq=1476 Ack=3240 Win=131920 Len=0 85 4.014495 192.168.0.128 17.155.4.14 TCP 50697 > https [ACK] Seq=1477 Ack=3241 Win=131920 Len=0 86 4.019866 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 87 4.023955 17.155.5.252 192.168.0.128 UDP Source port: 16386 Destination port: 51136 88 4.025984 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 89 4.034971 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 90 4.504292 199.7.52.190 192.168.0.128 TCP http > 50699 [ACK] Seq=1865 Ack=155 Win=8190 Len=0 91 4.671800 192.168.0.128 17.155.5.251 UDP Source port: 51136 Destination port: connected 92 4.672167 192.168.0.128 17.155.5.251 UDP Source port: 51136 Destination port: 16385 93 4.672411 192.168.0.128 17.155.5.252 UDP Source port: 51136 Destination port: 16386 94 5.139092 17.155.5.252 192.168.0.128 UDP Source port: 16386 Destination port: 51136 95 5.140068 17.155.5.251 192.168.0.128 UDP Source port: 16385 Destination port: 51136 96 5.140129 17.155.5.251 192.168.0.128 UDP Source port: connected Destination port: 51136 97 5.210011 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 98 5.215809 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 99 5.216068 192.168.0.128 216.164.100.100 UDP Source port: 51136 Destination port: 52585 100 5.715774 192.168.0.128 17.155.5.251 UDP Source port: 51136 Destination port: 16385 101 6.054578 17.155.5.251 192.168.0.128 UDP Source port: 16385 Destination port: 51136 102 8.258196 192.168.0.128 192.168.2.106 STUN2 Binding Request 103 8.286606 192.168.0.128 192.168.2.106 STUN2 Binding Request 104 8.303893 192.168.0.128 72.81.200.200 STUN2 Binding Request 105 8.313353 192.168.0.128 192.168.2.106 STUN2 Binding Request 106 8.313582 72.81.200.200 192.168.0.128 STUN2 Binding Request 107 8.316909 192.168.0.128 72.81.200.200 STUN2 Binding Success Response 108 8.333677 192.168.0.128 72.81.200.200 STUN2 Binding Request 109 8.344419 72.81.200.200 192.168.0.128 STUN2 Binding Request 110 8.350980 192.168.0.128 72.81.200.200 STUN2 Binding Success Response 111 8.360852 192.168.0.128 72.81.200.200 STUN2 Binding Request 112 8.374294 72.81.200.200 192.168.0.128 STUN2 Binding Request 113 8.376750 192.168.0.128 72.81.200.200 STUN2 Binding Success Response 114 8.467002 192.168.0.128 192.168.2.106 STUN2 Binding Request 115 8.496083 192.168.0.128 192.168.2.106 STUN2 Binding Request 116 8.528156 72.81.200.200 192.168.0.128 STUN2 Binding Request 117 8.530139 192.168.0.128 72.81.200.200 STUN2 Binding Request 118 8.530765 192.168.0.128 72.81.200.200 STUN2 Binding Success Response 119 8.553316 72.81.200.200 192.168.0.128 STUN2 Binding Request 120 8.555467 192.168.0.128 72.81.200.200 STUN2 Binding Request 121 8.556032 192.168.0.128 72.81.200.200 STUN2 Binding Success Response 122 8.626234 72.81.200.200 192.168.0.128 STUN2 Binding Success Response 123 8.629896 72.81.200.200 192.168.0.128 STUN2 Binding Success Response123 124 8.730361 192.168.0.128 72.81.200.200 SIP/SDP Request: INVITE sip:user@72.81.200.200:50925, with session description 125 8.748746 72.81.200.200 192.168.0.128 STUN2 Binding Success Response 126 8.771618 192.168.0.128 192.168.2.106 STUN2 Binding Request 127 8.797557 192.168.0.128 192.168.2.106 STUN2 Binding Request 128 8.925571 72.81.200.200 192.168.0.128 STUN2 Binding Success Response 129 8.927723 72.81.200.200 192.168.0.128 STUN2 Binding Success Response 130 9.232700 192.168.0.128 72.81.200.200 SIP/SDP Request: INVITE sip:user@72.81.200.200:50925, with session description 131 9.258562 192.168.0.128 192.168.2.106 STUN2 Binding Request 132 9.262926 72.81.200.200 192.168.0.128 SIP Status: 100 Trying 133 9.268831 72.81.200.200 192.168.0.128 SIP Status: 180 Ringing 134 9.296692 192.168.0.128 192.168.2.106 STUN2 Binding Request 135 9.320586 72.81.200.200 192.168.0.128 SIP/SDP Status: 200 OK, with session description 136 9.326857 192.168.0.128 72.81.200.200 SIP Request: ACK sip:user@72.81.200.200:50925 137 9.334699 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 138 9.688477 72.81.200.200 192.168.0.128 SIP/SDP Status: 200 OK, with session description 139 9.716567 192.168.0.128 72.81.200.200 SIP Request: ACK sip:user@72.81.200.200:50925 140 9.834542 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 141 10.216053 72.81.200.200 192.168.0.128 SIP Status: 200 OK 142 10.230152 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 143 10.442848 72.81.200.200 192.168.0.128 SIP Status: 200 OK 144 10.491689 72.81.200.200 192.168.0.128 SIP Status: 200 OK 145 10.727812 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 146 11.229984 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 147 11.318007 72.81.200.200 192.168.0.128 SIP Status: 200 OK 148 11.367565 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 149 11.618986 72.81.200.200 192.168.0.128 SIP Status: 200 OK 150 11.866691 192.168.0.128 72.81.200.200 SIP Request: MESSAGE sip:user@72.81.200.200:50925 151 11.998932 192.168.0.128 72.81.200.200 UDP Source port: 16402 Destination port: 50925 152 12.035444 72.81.200.200 192.168.0.128 SIP Status: 200 OK 153 12.063916 192.168.0.128 72.81.200.200 UDP Source port: 16402 Destination port: 50925 154 12.129174 192.168.0.128 72.81.200.200 UDP Source port: 16402 Destination port: 50925 155 12.180258 192.168.0.128 72.81.200.200 UDP Source port: 16402 Destination port: 50925 156 12.183416 192.168.0.128 72.81.200.200 UDP Source port: 16402 Destination port: 50925 157 12.187093 72.81.200.200 192.168.0.128 SIP Status: 200 OK 158 12.195043 192.168.0.128 72.81.200.200 UDP Source port: 16402 Destination port: 50925 159 12.200932 72.81.200.200 192.168.0.128 SIP Request: BYE sip:user@192.168.0.128:16402 160 12.206181 192.168.0.128 72.81.200.200 SIP Status: 200 OK
Comments (by FryGuy)
Packets 1 – 10
- The phones communicates to a server at Apple (17.155.5.251 is what I saw). Communication is sourced from port 16402 via UDP initially and then looks to dynamically allocate ports for communication (16385 and 16386 are what appeared on my end).
Packets 11 – 101
- The phone then negotiates an HTTPS connection to the servers at Apple for the setup and communication. There also seems to be some communication to other servers (in this case i see RCN 208.59.216.10) – and they are my cable provider.
Packets 102 – 123
- After Client (iPhone) and server negotiation you start to see Stun requests via the private IPs, after they fail you see them from the Public IP NAT ranges. They success via the Public peering at that point.
Packets 124 – 160
- A SIP call is then initiated between the phones for the video portion of the call
How does Apples (FaceTime) Server know the IP Address of the 2nd (to be called) iPhone ?
Easy, every iPhone registers itself at Apple's push notification server whenever WiFi is available ("calls" Home).
Basic Process:
- iPhone detects Wi-Fi Connection
- iPhone gets IP address via DHCP (if not set to static in Settings)
- iPhone sends a HTTP request to www.apple.com/library/test/success.html
- Apple's servers send back a HTML page containing only the word "Success" in the title and body
- iPhone knows it is connected to the Internet
- iPhone gets iphone-wu.apple.com/7day/v2/latest/lto2.dat to enable a quick GPS fix for Location Services; LTO stands for long-term orbit. This is unrelated to FaceTime.
- iPhone contacts the FaceTime server, init.ess.apple.com
- iPhone downloads EVIntl-aia.verisign.com/EVIntl2006.cer
- iPhone joins Apple's Jabber server at 17.149.36.99
- Apple knows the iPhone's IP, which is then used for FaceTime and other push notifications.
Additional Information
- Interesting Packet Trace & Discussion: http://blog.roychowdhury.org/2010/06/25/facetime-on-iphone-4-vanilla-unencrypted-stun-and-sip/
- Excellent Analysis: http://www.packetstan.com/
- Highly Rumorous: http://www.addictivetips.com/mobile/apple-gathering-facetime-information-ability-to-see-video-calls/