I’ve been looking at iMessage from time to time as my schedule permits, for some reason that I can’t really explain I’m fixated on it. So, just like I did with FaceTime, I started doing network sniffing to see just what it’s doing. The results were not terribly unexpected.
iPhone.buraglio.com.53140 > st11p01st-courier143-bz.push.apple.com.5223: Flags [R], cksum 0x5ec8 (correct), seq 4109691913, win 0, length 0
14:07:51.665485 IP (tos 0x20, ttl 49, id 11699, offset 0, flags [DF], proto TCP (6), length 64, bad cksum 0 (->8fc7)!)
st11p01st-courier143-bz.push.apple.com.5223 > iPhone.buraglio.com.53140: Flags [.], cksum 0xb792 (correct), seq 76, ack 475, win 192, options [nop,nop,TS val 154465503 ecr 230925781,nop,nop,sack 1 {474:475}], length 0
14:07:51.667170 IP (tos 0x20, ttl 64, id 22535, offset 0, flags [DF], proto TCP (6), length 40)
iPhone.buraglio.com.53140 > st11p01st-courier143-bz.push.apple.com.5223: Flags [R], cksum 0x5ec8 (correct), seq 4109691913, win 0, length 0
14:07:51.677715 IP (tos 0x20, ttl 46, id 41627, offset 0, flags [none], proto TCP (6), length 52, bad cksum 0 (->f541)!)
If I have my iPad on, I see that traffic as well as it only has wifi.
iPhone.buraglio.com.52084 > st11p01st-courier094-bz.push.apple.com.5223: Flags [.], cksum 0x7f0b (correct), seq 160, ack 2436, win 8122, options [nop,nop,TS val 121427102 ecr 1305430889], length 0
st11p01st-courier066-bz.push.apple.com.5223 > iPad.buraglio.com.57869: Flags [P.], cksum 0xbd1c (correct), seq 1327:2436, ack 160, win 501, options [nop,nop,TS val 3197914588 ecr 1393723712], length 1109
So, nothing terribly conclusive so far in my small amount of testing, more data capture and variables to come.
