FACETIME分析
FACETIME 分析
要了解的问题:
1、FACETIME分辨率,帧率,带宽
2、使用哪些协议
3、音视频编解码
4、
参考Packetstan的博客,我也写一些对facetime的分析
http://www.packetstan.com/2010/07/special-look-face-time-part-1.html
我的测试环境:
iPad 2,WiFi only, version5.0.1
MacBook Pro, Mac OSX, version 10.6.8
Facetime onMacBook, version 1.0.3 (167)
Facetime on iPad2
Network: 10/100MLAN
iPad2 IP:192.168.1.77
MacBook IP:192.168.1.75
一开始从MacBook上使用facetime呼叫iPad上的facetime,在iPad端进行抓包分析
在Wireshark中使用statistics -> Protocol Hierarchy进行插看,如下图所示:
可以看到使用不同的协议
Wireshark没有按时间排序的功能,可以通过Statistics -> Conversation 进行查看:
可以看到一些IP地址
| IP ADDR |
Name |
Note |
| 17.149.36.162 |
|
|
| 63.80.4.65 |
|
|
| 17.173.255.24 |
|
|
| 17.158.36.57 |
|
|
|
|
|
|
通过网络封包,我们可以粗略的给出会话的过程:
| Step |
Node |
Description |
| 1 |
17.149.36.162 -> 192.168.1.77 |
TCP |
| 2 |
192.168.1.77 -> 17.149.36.162 |
TCP |
| 3 |
192.168.1.77 -> 17.173.255.222 |
UDP |
| 4 |
192.168.1.77 -> 17.173.255.24 |
TCP |
| 5 |
192.168.1.77 -> 58.246.5.107 |
STUN |
| 7 |
17.149.36.162 ->192.168.1.77 |
17.149.36.162应该就是服务器了,它告诉192.168.1.77下一步向192.168.1.75发送STUN数据包,该服务器经查询位于美国 |
| 6 |
192.168.1.77 -> 17.173.255.222 |
UDP port: 16384, 16385 |
|
|
192.168.1.77 -> 17.173.255.223 |
UDP port: 16386 |
|
|
192.168.1.77 -> 192.168.1.75 |
STUN, 判断这两台设备是否在同一个局域网内 |
|
|
192.168.1.75 -> 192.168.1.77 |
SIP INVITE, 协商结果,audio X-AAC, video X-H264, 640x480, 20fps |
|
|
17.173.255.223 -> 192.168.1.77 |
UDP |
|
|
17.173.255.222 -> 192.168.1.77 |
UDP, 估计是STUN |
|
|
192.168.1.75 -> 192.168.1.77 |
SIP MESSAGE, 内容看不出 |
|
|
17.173.255.223 -> 192.168.1.77 |
RTCP |
|
|
17.173.255.222 -> 192.168.1.77 |
RTCP |
|
|
192.168.1.77 -> 17.173.255.222 |
RTCP |
|
|
192.168.1.77 -> 17.173.255.223 |
RTCP |
|
|
192.168.1.77 <-> 192.168.1.75 |
RTP, 这里要注意的是,audio和video都使用同样的端口来接收和发送,这种情况在其它SIP通话中没有看到过 |
|
|
|
|
SIP信令:
SIP Invite:
| INVITE sip:[email protected]:16402 SIP/2.0 Via: SIP/2.0/UDP 192.168.1.75:16402;branch=z9hG4bK010018935c727081 Max-Forwards: 70 To: "1002" <sip:[email protected]:16402> From: "1001" <sip:[email protected]:16402>;tag=1395526538 Call-ID: 899852ee-25f8-11e1-a130-e444a9854012@192-168-1-75 CSeq: 1 INVITE Contact: <sip:[email protected]:16402>;isfocus User-Agent: Viceroy 1.4.2 Content-Type: application/sdp Content-Length: 725
v=0 o=frankwang 0 0 IN IP4 192.168.1.75 s=1001 c=IN IP4 192.168.1.75 b=AS:2000 t=0 0 a=FLS;VRA:0;RVRA2:1;AS:2;MVRA:0;MS:-1;LF:-1;CR:3;LTR;CABAC;PR;AR:8/5,2/3; a=hwi:1028:2:2300 a=multipoint:1 a=di:10.6.8/MacBookPro8,1 m=audio 16402 RTP/AVP 105 0 a=rtcp:16402 a=rtpmap:105 X-AAC_ELD/22050 a=rtpmap:0 PCMU/8000 a=rtpID:4230331286 a=fmtp:AAC SamplesPerBlock 480 a=au:1 m=video 16402 RTP/AVP 126 a=rtcp:16402 a=rtpmap:126 X-H264/90000 a=framerate:30 a=RTCP:AUDIO 16402 VIDEO 16402 a=fmtp:126 imagesize 0 rules 30:640:480:640:480:30 a=rtpID:294529821 a=imageattr:126 send [x=320,y=240,fps=30] [x=640,y=480,fps=30] [x=1280,y=720,fps=30] recv [x=320,y=240,fps=30] [x=640,y=480,fps=30] [x=1280,y=720,fps=30]
|
SIP 200 OK:
| SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.1.75:16402;branch=z9hG4bK010018935c727081 To: "1002" <sip:[email protected]:16402>;tag=174219200 From: "1001" <sip:[email protected]:16402>;tag=1395526538 Call-ID: 899852ee-25f8-11e1-a130-e444a9854012@192-168-1-75 CSeq: 1 INVITE Contact: <sip:[email protected]:16402>;isfocus User-Agent: Viceroy 1.5.0/GK Content-Type: application/sdp Content-Length: 601
v=0 o=GKVoiceChatService 0 0 IN IP4 192.168.1.77 s=GKVoiceChatServiceSession c=IN IP4 192.168.1.77 b=AS:802 t=0 0 a=FLS;VRA:0;MVRA:0;RVRA1:1;AS:2;MS:-1;LTR;CABAC;CR:3;LF:-1;AR:4/3,3/4; a=bandwidthDetection:NO a=di:5.0.1/K93AP m=audio 16402 RTP/AVP 105 a=rtcp:16402 a=rtpmap:105 X-AAC_ELD/22050 a=fmtp:AAC SamplesPerBlock 480 a=rtpID:3067779309 a=au:65792 a=fmtp:105 block 480 m=video 16402 RTP/AVP 126 a=rtcp:16402 a=rtpmap:126 X-H264/90000 a=fmtp:126 imagesize 0 rules 15:320:240:320:240:15 a=rtpID:1606236999 a=imageattr:126 send [x=640,y=480,fps=30] recv [x=640,y=480,fps=30]
|
在SIP INIVTE之后,有四个MESSAGE,每个MESSAGE中包含有“SKESeq”字段,依次是“SKESeq: 1;0”, “SKESeq: 2;0”, “SKESeq: 3;0”, “SKESeq: 4;0”, 不知有什么作用。
后面就是RTCP和RTP。RTP数据是两台设备点对点传送,RTCP是跟“17.173.255.22”和“17.173.255.23”之间发送。
使用videosnarf将RTP提取出来,然而mplayer无法播放。推测是经过加密或者是不是标准的H.264的码流。
带宽占用:
通过wireshark分析(Statistics-> Conversations)可以看出,iPad2发出的RTP (Audio+video)占用的带宽为512K,Macbook发出的RTP(Audio+Video)带宽占用为361K。
Reference:
http://herot.typepad.com/cherot/2010/06/iphone-facetime-protocol.html
http://blog.imtc.org/index.php/2010/06/09/the-technology-behind-apples-facetime-standards/