As the Antenna-gate controversy raged and finally subsided, the team here was busy enhancing our App-ID technology to identify Apple’s new video calling feature – FaceTime. It is essentially the audio-video chat functionality of Apple’s iChat for desktops, but tied to the iPhone4 device. From our analysis of the network traffic of FaceTime, we discovered that it uses SIP, the industry standard protocol for VoIP telephony, STUN for NAT traversal, and XMPP over SSL for authentication with Apple.
Since it relies on Wi-Fi connectivity, corporate networks will have to carry this traffic as employees begin to use it inside the Enterprise. For enterprises that do not want to install and manage their own SIP network, it serves as an out-of-the-box mobile video calling solution.
However, some security admins are wary about the numerous ports that must be opened in their firewalls to allow FaceTime calling. …Continue reading
Real-time voice and video communication on the Internet is main stream today with several popular instant messengers (IMs) supporting VoIP calls. A big hurdle in the initial adoption of VoIP was the fact that most PCs or other devices sit behind firewalls and use private IP addresses. Multiple private addresses (IP address and port) in the network are mapped to a single public address by a firewall using a technique called Network Address Translation (NAT). But the end device is not aware of its public address, and hence cannot receive voice traffic from the remote party on the private address it advertises in its VoIP communication. One solution to this NAT traversal problem is a tool called Session Traversal Utilities for NAT (STUN), devised by the IETF to allow applications to discover their public address and port mappings for use in communication with a peer.
Below, I’ve tried to deconstruct a Yahoo Messenger voice call with the hope of understanding how STUN is used in NAT traversal. …Continue reading