Prepared by: Abdelhak Bahri, Eng. Backend Senior Developer
Date: August 7, 2025

Purpose

This document outlines the network architecture and protocol behavior of Evercam’s live streaming technologies (WebRTC & HLS), specifically in the context of enabling browser-based camera video playback on client networks. It includes:

• Direction and nature of traffic

• Required IPs and ports

• Streaming technology options (WebRTC and HLS)

• Suggested security controls and alternatives

Streaming Architecture Overview

Evercam uses MediaMTX, a secure and lightweight media server, to deliver live video streams via WebRTC (preferred) and HLS (fallback). Streams are pulled from RTSP-enabled cameras and then served to users through Evercam’s cloud-hosted platform.

All streaming communication is initiated by the client, with outbound-only connections to Evercam’s infrastructure. No inbound rules are required.

Traffic Directionality

Required IP Addresses & Ports

Protocol Behavior

WebRTC (Default / Preferred)

• Real-time, low-latency stream via peer-to-peer UDP.

• Client browser opens random high-range UDP ports (49152–65535).

• STUN/TURN servers assist with NAT traversal.

• Requires UDP to be open outbound.

HLS (Fallback)

• HTTP-based, higher latency (~5–60 sec).

• Uses TCP ports 80 & 443 only.

• Suitable for stricter firewall environments but less responsive.

Security Recommendation

• Permit outbound connections from user workstations to Evercam IPs on the ports listed above.

• No need to allow or configure inbound rules.

• If required by policy, you may restrict dynamic UDP to Evercam’s IPs only (rather than open range globally).

• Optionally, HLS can be forced as a TCP-only fallback by disabling WebRTC in Evercam’s admin settings.