Anatomy of WhatsApp Messenger

WhatsApp is a Instant messenger allows to sending of texts and voice, video calls, images and other media, documents, and user location. The methodology for the voice communications is Voice over Internet Protocol (VoIP) and for the attachments the are using IP, XMPP , TCP protocols.

Internet Protocols

Internet Protocols are methods which sent and receive data from one device to another on the Internet with some network boundaries. Internet Protocol has two major versions such as IPv4 & IPv6.

Some protocols used in the world are TCP, XMPP, UDP, FTP, SMTP and etc. Each and every protocols using ports also.

How WhatsApp Programmed & Encryption algorithm

WhatsApp was programmed in Erlang and Server was maintained by FreeBSD, PHP and Yaws , for backbone purpose they have chossed XMPP.

Once we registered to WhatsApp with our mobile number, WhatsApp create a table (Known as WhatsApp Username) with our mobile number (XXXX@s.whatsapp.net). For the Password previously they have used the mobile’s IMEI number and now they are using Mobile’s Wi-Fi MAC address. Since all are using DUAL SIM smartphone WhatsApp generates a random password on the server side now. But for the standard Apple, Nokia, Samsung devices used the phone’s Wi-Fi MAC address instead of IMEI.

Images, Videos and etc are first uploaded to HTTP server and encrypted with SRTP, SPL and GRLv3 protocols, Whisper systems are currently maintaining the encryption part. (End-End encryption). Each and every content are sending with BASE 64, RADIX 64 tumbinals. Undelivered messages are in the server among with username only 30days. If the user comes online it will be delivered and if not applicable automatically messages were deleted from server.

WhatsApp IP addresses & Ports

As WhatsApp has huge amount of users, they are having huge IP range.

208.43.122.131 - 208.43.122.135
184.173.136.80 - 184.173.136.154

Ports 80

443 | 5222 | 223 |5228 | 5060 , 5064 for SIP/Voip | Proxy 80 to 8080 (optional)

IOS

c2.whatsapp.net //(phone number check) (c2.208.43.122.134:443)

c3.whatsapp.net:5222 (Login)

Android

e15.whatsapp.net

e16.whatsapp.net

WhatsApp.Web

s1.whatsapp.net

s2.whatsapp.net

Message Input (IPv4 tables) -I INPUT -s 50.22.210.128/27 -j DROP

Message Output (IPv4 tables) -I OUTPUT -s 198.23.80.0/27 -j DROP

-I OUTPUT -s 198.23.86.224/27 -j DROP

Message Forward

IPv4-I FORWARD -s 208.43.244.175 -j DROP

iptables -I FORWARD -s 50.23.142.176 -j DROP

iptables -I FORWARD -s 184.173.136.87 -j DROP

Store & Forward Mechanism

WhatsApp is using a big mechanism named S&F Mechanism, Store and forward mechanism is network technique where we can save locally and sent to another destination. This mechanism is mainly used in emails with UDP and FTP protocols.

How ISP blocked only sending Images and Video calls in WhatsApp?

Since there are a bunch of IP’s, Ports and domains that may connected to WhatsApp, we can easily identify which are using to send images and which are for video communications. Only blocking the identified IP range and domains may helps to block the most important parts.

If we needs to block WhatsApp fully, try to block e.whatsapp.net — e5.whatsapp.net, because this is for the initial handshake which never allows to use WhatsApp.

Hope now you have an initial idea about your favourite messenger, Happy Texting !!