ICE Archives - webrtcHacks

webrtcH4cKS: ~ Am I behind a Symmetric NAT?

Posted by Philipp Hancke on May 15, 2017

Posted in: Guide.

Tagged: code, ICE, NAT, STUN, symmetric.

NATs can be a nuisance for VoIP, particularly Symmetric NATs . Fortunately WebRTC includes tools for dealing with them. Image source: http://pinktentacle.com/

WebRTC establishes peer-to-peer connections between web browsers. To do that, it uses a set of techniques known as Interactive Connectivity Establishment or ICE. ICE allows clients behind certain types of routers that perform etwork Address Translation, or NAT, to establish direct connections. (See the WebRTC glossary entry for a good introduction.) One of the first problems is for a client to find what its public IP address is. To do so, the client asks a STUN server for its IP address.

NATs are boxes (physical or virtual) that connect our local private networks to the public internet. They do so by translating the internal IP addresses we use to public ones. They work differently from one another, which ends up requiring WebRTC to rely on both STUN and TURN in order to connect calls. For background on these, check out some of our past posts on this topic like this one and this one.

webrtcH4cKS: ~ Dear Slack: why is your WebRTC so weak?

Posted by Philipp Hancke on March 3, 2016

Posted in: Technology.

Tagged: Blackbox Exploration, ICE, slack, TURN, webrtc-internals.

9 comments

Dear Slack,

There has been quite some buzz this week about you and WebRTC.

WebRTC… kind of. Because actually you only do stuff in Chrome and your native apps:

I’ve been there. Launching stuff only for Chrome. That was is late 2012. In 2016, you need to have a very good excuse to launch something with WebRTC and not support Firefox like this:

Maybe you had your reasons. As usual, I tried to get a dump from chrome://webrtc-internals to see what is going on. Thanks to Dag-Inge Aas for providing one. The most interesting bit is the call to setRemoteDescription:

type: answer, sdp: v=0
o=- 1242503183783 1242503183783 IN IP4 127.0.0.1
s=Room with no name..
t=0 0
a=group:BUNDLE audio
a=msid-semantic: WMS janus
m=audio 1 RTP/SAVPF 111
c=IN IP4 10.9.4.95
a=mid:audio
a=recvonly
a=rtcp-mux
a=ice-ufrag:rKmT
a=ice-pwd:AOrIm8kDxew5sVNUCQrrmJ
a=ice-options:trickle
a=fingerprint:sha-256 C5:5F:DA:7D:84:47:B1:BF:6B:55:16:62:48:31:3E:D3:F1:7B:25:89:92:4A:4B:4D:4D:D9:D5:AF:EA:D8:15:44
a=setup:active
a=connection:new
a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level
a=rtpmap:111 opus/48000/2
a=fmtp:111 minptime=10; useinbandfec=1; usedtx=1
a=candidate:1 1 udp 2013266431 10.9.4.95 12000 typ host
a=candidate:2 1 udp 2013266431 172.31.0.190 12000 typ host

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

type: answer, sdp: v=0

o=- 1242503183783 1242503183783 IN IP4 127.0.0.1

s=Room with no name..

t=0 0

a=group:BUNDLE audio

a=msid-semantic: WMS janus

m=audio 1 RTP/SAVPF 111

c=IN IP4 10.9.4.95

a=mid:audio

a=recvonly

a=rtcp-mux

a=ice-ufrag:rKmT

a=ice-pwd:AOrIm8kDxew5sVNUCQrrmJ

a=ice-options:trickle

a=fingerprint:sha-256 C5:5F:DA:7D:84:47:B1:BF:6B:55:16:62:48:31:3E:D3:F1:7B:25:89:92:4A:4B:4D:4D:D9:D5:AF:EA:D8:15:44

a=setup:active

a=connection:new

a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level

a=rtpmap:111 opus/48000/2

a=fmtp:111 minptime=10; useinbandfec=1; usedtx=1

a=candidate:1 1 udp 2013266431 10.9.4.95 12000 typ host

a=candidate:2 1 udp 2013266431 172.31.0.190 12000 typ host

I would like to note that you reply to Chrome’s offer of UDP/TLS/RTP/SAVPF with a profile of RTP/SAVPF. While that is still tolerated by browsers, it is improper.
Your a=msid-semantic line looks very interesting. “WMS janus”. Sounds familiar, this is meetecho’s janus gateway (see Lorenzo’s post on gateways here). Which by the way works fine with Firefox from what I hear.

webrtcH4cKS: ~ How to stop a leak – the WebRTC notifier

Posted by Chad Hart on August 4, 2015

Posted in: Guide.

Tagged: code, extension, ICE, ip_leakage, Walkthrough.

11 comments

The “IP Address Leakage” topic has turned into a public relations issue for WebRTC. It is a fact that the WebRTC API’s can be used to share one’s private IP address(es) without any user consent today. Nefarious websites could potentially use this information to fingerprint individuals who do not want to be tracked. Why is this an issue? Can this be stopped? Can I tell when someone is trying to use WebRTC without my knowledge? We try to cover those questions below along with a walkthrough of a Chrome extension that you can install or modify for yourself that provides a notification if WebRTC is being used without your knowledge.

webrtcH4cKS: ~ Facetime doesn’t face WebRTC

Posted by Philipp Hancke on June 9, 2015

Posted in: Guide.

Tagged: apple, Blackbox Exploration, FaceTime, ICE, SDES.

2 comments

This is the next decode and analysis in Philipp Hancke’s Blackbox Exploration series conducted by &yet in collaboration with Google. Please see our previous posts covering WhatsApp and Facebook Messenger for more details on these services and this series. {“editor”: “chad hart“}

FaceTime is Apple’s answer to video chat, coming preinstalled on all modern iPhones and iPads. It allows audio and video calls over WiFi and, since 2011, 3G too. Since Apple does not talk much about WebRTC (or anything else), maybe we can find out if they are using WebRTC behind the scenes?

webrtcH4cKS: ~ The Minimum Viable SDP

Posted by Philipp Hancke on March 31, 2015

Posted in: Guide.

Tagged: DataChannel, ICE, SDP, signaling, TURN, Walkthrough.

3 comments

Unnatural shrinkage. Photo courtesy Flikr user Ed Schipul

One evening last week, I was nerd-sniped by a question Max Ogden asked:

That is quite an interesting question. I somewhat dislike using Session Description Protocol (SDP) in the signaling protocol anyway and prefer nice JSON objects for the API and ugly XML blobs on the wire to the ugly SDP blobs used by the WebRTC API.

The question is really about the minimum amount of information that needs to be exchanged for a WebRTC connection to succeed.

WebRTC uses ICE and DTLS to establish a secure connection between peers. This mandates two constraints:

webrtcH4cKS: ~ ICE always tastes better when it trickles! (Emil Ivov)

Posted by Victor Pascual on December 4, 2013

Posted in: Technology.

Tagged: Brief, emil ivov, HNT, ICE, NAT, trickle ICE, TURN.

10 comments

For the last year and a half I’ve been working with a number of customers helping them to understand what WebRTC is about, supporting them in the definition of new products, services, and in some cases even developing WebRTC prototypes/labs for them. I’ve spent time with Service Providers, Enterprise and OTT customers and the very first time I demoed WebRTC to them, after the initial ‘wow moment’ almost all of them complained about the ‘call setup delay’, as in some cases represented tens of seconds.

webrtcH4cKS: ~ An Intro to WebRTC’s NAT/Firewall Problem

Posted by Reid Stidolph on August 1, 2013

Posted in: Technology.

Tagged: Brief, Firewall, ICE, NAT, STUN, TURN.

6 comments

The WebRTC NAT/Firewall traversal trifecta

Most folks that set out to write an application, or build an architecture, begin with nothing but features and functionality in mind. Many might start out assuming they will be traversing flat, reliable, and secure networks. Inevitably, reality sets in as one starts to demo or prototype much beyond the friendly confines of the lab, and suddenly you begin finding scenarios not working properly, quality issues cropping up, or your stuff gets hacked. “Phase 2” of the design emerges, backing in all the necessary tools to cover the gaps.

ICE

All posts tagged ICE

webrtcH4cKS: ~ Am I behind a Symmetric NAT?

webrtcH4cKS: ~ Dear Slack: why is your WebRTC so weak?

webrtcH4cKS: ~ How to stop a leak – the WebRTC notifier

webrtcH4cKS: ~ Facetime doesn’t face WebRTC

webrtcH4cKS: ~ The Minimum Viable SDP

webrtcH4cKS: ~ ICE always tastes better when it trickles! (Emil Ivov)

webrtcH4cKS: ~ An Intro to WebRTC’s NAT/Firewall Problem

Search

Categories

Recent Comments

Twittering

New post notifications

RSS Feed

webrtcH4cKS: ~ Am I behind a Symmetric NAT?

webrtcH4cKS: ~ Dear Slack: why is your WebRTC so weak?

webrtcH4cKS: ~ How to stop a leak – the WebRTC notifier

webrtcH4cKS: ~ Facetime doesn’t face WebRTC

webrtcH4cKS: ~ The Minimum Viable SDP

webrtcH4cKS: ~ ICE always tastes better when it trickles! (Emil Ivov)

webrtcH4cKS: ~ An Intro to WebRTC’s NAT/Firewall Problem

Search

Tags

Categories

Recent Comments

Twittering

New post notifications

RSS Feed