Packetstan has a GREAT article on FaceTime. Read it!
Here’s the Summary -
Based on this analysis we can determine several critical pieces of how Facetime works:
- Unknown TCP protocol starts the conversation, likely initiated following an event that starts on the GSM network;
- Unknown UDP traffic between two hosts with similar IP addresses;
- Certificate validation through an Akamai server, followed by an HTTPS request to an Apple server;
- STUN traffic for NAT traversal;
- SIP traffic for call setup and negotiation;
- UDP stream data for video/audio.
In the next part of this series,we’ll spend some more time look at the SIP and video/audio streaming traffic and look at some tools we can use to extract that data. Stay tuned!