Yes, I’m pretty sure it just uses good old HTTPS for transport. Here I set up a display filter to only show traffic leaving my IP, cleared the trace, then hit the install button for the KTEX airport in the “My Content” page:
You an see my source port of 62874, and the destination port of 443.
I repeated this for another uninstalled purchase, the Carenado Arrow. You can see the conversation get set up, the “Client Hello”, and the key exchange.
Client Hello indicates what ciphers the client supports.
Changing the display filter slightly, to only show packets to/from “40.90.65.55”, we see the corresponding “Server Hello”.
Digging in to that packet, we find this:
A cipher suite has been chosen for this conversation. This all looks like bog standard HTTPS traffic.
I didn’t see any resets, or anything error handling going on, just frequent TCP window size updates…but expert shows otherwise.
Nothing for us to worry about, but maybe things for the engineers to look at , like the massive number of “Ignored Unkown Record” packets.
Finally, just to confirm the IP identity: