TCP packets are exchanged between the inspected WhatsApp client and multiple WhatsApp servers. The UDP packets are exchanged between the caller and the callee. Hundreds of thoses UDP packets are sent within a minute. Since the WhatsApp white paper mentions the usage of the Secure Real Time Protocol (SRTP), it stands to reason that these UDP packets are SRTP packets containing the call data. The protocol provides encryption, message authenticationand integrity, and protection against reply attacks to Real Time Protocol (RTP) packets.
authentication : 인증
integrity : 청렴 결백
The following listing shows an SRTP packet inhexadecimalrepresentation, which was sent by the caller to the callee. It contains header fields from RTP, which forms the foundation of SRTP.
hexadecimal : 60진수
The first four bytes (red) contain seven RTP header fields. They can be inspected by looking at their binary representation:
The first two bits contain the RTP version (V) which is equal to version two in this case. The third bit, the padding field (P), indicates that there is no padding included in the packet. The fourth bit, the extension field (X), indicates that no other header follows the fixed RTP header. Bits at position five to eight, the CSRC count (CC), show that no contributing source (CSRC) identifiers follow the fixed header. CSRCs are a list of identifiers indicating which sourced contributed to the payload of an SRTP packet. Also the marker bit (M) at postion 9 is set to zero. It can be used to mark frame boundaries of the packet stream. The next six bits contain the packet type(PT), which is equal to the decimal value 60 in this case. The given packet type is not defined by the RTP or SRTP standard. It might be a custom value chosen by WhatsApp. The last 17 bits contain the sequence number (SEQ) of the given packet. The RTP standard remmends to rendomize the initial value of the sequence number. This recommendation is not applied by WhatsApp, since the packet sequence numbers are increased from zero, as can be seen from the Wireshark recordings. THe next four bytes (blue) represent the timestamp of the packet. The four bytes after that (green) represent the synchronization source (SSRC). It is an identifier used for distinguishingcall sessions running in parallel. The remaining bytes represent the payload. Probably the payload of the inspected packet contains audio data of the call.
distinguishing :다른 것과 구별되는
https://medium.com/@schirrmacher/analyzing-whatsapp-calls-176a9e776213
'프로그래밍 > 개발자용 영어 공부' 카테고리의 다른 글
| Analyzing WhatsApp Calls with Wireshark 1. (0) | 2020.06.17 |
|---|---|
| Ifconfig command not found in Kali Linux 2020.1 - the solution (0) | 2020.06.16 |
| How to change the color on your website? (0) | 2020.05.29 |
| What are premium domains? (0) | 2020.05.26 |
| What is a domain Backorder? (0) | 2020.05.19 |