A comparative study of RTC applications – The dataset

This webpage contains additional material of the paper:

A comparative study of RTC applications

Year: 2020

Authors: Antonio Nisticò, Dena Markudova, Martino Trevisan, Michela Meo

Identification of the Applications

In the following table we report attributes of the Meeting applications that could be used to identify them:

  • Autonomous System (AS) – the AS of the servers through which the media communication is relayed
  • DNS domains – the Fully Qualified Domain Names (FQDN) resolved by applications shortly before the call or during a call
  • Port numbers – the UDP ports they usually use
  • Payload Types (PTs) – which PTs they use for media flows

Meeting application Autonomous System DNS domains Ports Payload Types
Name Number
Skype Microsoft Corporation 8075 *.skype.com
3478, 3480 Published PTs
Google Meet Google LLC 15169 meet.google.com 19305 PT 111 – Audio
PT 96 – Video
Jitsi Meet Oracle Corporation
Amazon.com, Inc.
10000, 52088, 52866,
54527, 55641, 55715,
56864, 61140
WhatsApp Facebook Inc. 32934 whatsapp.com
3478 PT 120 – Audio
PT 102 – Video
PT 103 – FEC video
Telegram Telegram Messenger LLP 62041 telegram.org 521, 522, 525, 526,
530, 537, 539
Facebook Messenger Facebook Inc. 32934 *.facebook.com 40001, 40002, 40003,
40401, 48599, 48823
PT 103 – Audio
PT 105 – Comfort noise
PT 100 – Video
Instagram Messenger Facebook Inc. 32934 *.instagram.com 40003 PT 111 – Audio
PT 96 – Video
Facetime Apple Inc. 714 *.apple.com 3478, 3481, 3483, 3489 PT 20 – Audio
PT 100 – Video
HouseParty DigitalOcean LLC 14061 *thehousepartyapp.com
34148 – 60122 PT 111 – Audio
PT 102 – Video
Microsoft Teams Microsoft Corporation 8075 *.teams.microsoft.com 3479, 3480, 3481 Published PTs
Webex Teams Cisco Webex LLC
Cisco OpenDNS LLC
Zoom Oracle Corporation
Amazon.com, Inc.
*.zoom.us 8801 PT 112 – Audio
PT 99 – FEC audio
PT 110 – Video / FEC video
PT 98 – Video / FEC video
GoTo Meeting Mobility Apps division
Amazon.com Inc.

Notes on the table:

  • We only report data seen in our traffic traces.
  • Whatsapp and Telegram work in the background, so they resolve DNS domains long before a call.
  • For some apps we report the domains contacted when accessing via browser, those are the ones that do not start with an asterisk (*).
  • As Payload Types we report only those of which meaning we are sure. The apps usually use more than these.

The packet traces

You can find all traffic traces used to explore the protocols and operation of the different RTC applications at this link:

Traffic traces

The zip file contains:

  • 334 pcap files from all 13 meeting apps
  • A document, index.csv – a table with detailed information on each pcap file – which was the meeting application used, the media used (audio, video, screen sharing), device type, OS used etc.

The traces can easily be explored with Wireshark.

Example of a pcap file: Webex Teams traffic as seen by Wireshark

If you cannot see RTP traffic, here are some tips:

  • Right click on a UDP flow and select “Decode As..”. This opens a window which lets you decode that specific UDP port as any protocol you want. Select RTP for the ports we report in the table.
  • Traffic from Zoom, Microsoft Teams and Skype should first be cleaned using our command line tool.

Hope you enjoyed this post and the paper itself! For more info you can always contact us by email.