Upload
bitoy-aguila
View
227
Download
0
Embed Size (px)
Citation preview
7/25/2019 SIP and Wireshark
1/38
(SIP)
Session Initiation Protocol
7/25/2019 SIP and Wireshark
2/38
What is a SIP?
Session Initiation Protocol (SIP)
Is a text based signaling protocol. Developed in1996
The SIP protocol is situated at the session layer
in the SI !odel" and at the application layer inthe T#P$IP !odel.
SIP is designed to be independent o% the
underlying transport layer& it can run on T#P or
'DP port 6 or 61. *+# ,-61
7/25/2019 SIP and Wireshark
3/38
SIP Terms
SIP User Agents (UAs) are the enduser devices" used to create and !anage a SIP session. / SIP
'/ has t0o !ain co!ponents" the 'ser /gent #lient (UAC) sends !essages and ans0ers 0ith SIP
responses" the 'ser /gent Server (UAS) responds to SIP reuests sent by the peer. SIP '/s !ay
0or2 in point to point !ode. Typical i!ple!entations o% a '/ are SIP so%tphones" SIP hardphones
and SIPenabled /T/s. In !y case the SIP '/ is a #isco -311 acting as a 4oIP 5ate0ay.
Proxy, Proxy Server /n inter!ediary entity that acts as both a server and a client %or the purpose
o% !a2ing reuests on behal% o% other clients. / proxy server pri!arily plays the role o% routing"
0hich !eans its 7ob is to ensure that a reuest is sent to another entity 8closer8 to the targeted user.
Proxies are also use%ul %or en%orcing policy (%or exa!ple" !a2ing sure a user is allo0ed to !a2e a
call). / proxy interprets" and" i% necessary" re0rites speci%ic parts o% a reuest !essage be%ore%or0arding it.
A registraris a server that accepts *5IST* reuests and places the in%or!ation it receives in
those reuests into the location service %or the do!ain it handles.
A redirect server is a user agent server that generates ,xx responses to reuests it receives"
directing the client to contact an alternate set o% '*Is.The redirect server allo0s SIP Proxy Serversto direct SIP session invitations to external do!ains.
7/25/2019 SIP and Wireshark
4/38
SIP Signaling
7/25/2019 SIP and Wireshark
5/38
IP Dialog and Transactions
A transactionis a SIP
message exchange between
two user-agents that starts
with a request and ends with
its final response. It is a part
of a dialog.
A dialogis a completeexchange of SIP messages
between two user-agents.
7/25/2019 SIP and Wireshark
6/38
IP to 7 Mapping
7/25/2019 SIP and Wireshark
7/38
SIP Requests
Method Description
INVITE A session is being requested to be setup using a specifed media
ACK Message rom client to indicate that a successul response to an INVITE has been receied
!"TI!N# A $uer% to a serer about its capabilities
&'E A call is being released b% either part%
CANCE( Cancels an% pending requests) *suall% sent to a "ro+% #erer to cancel searches
,E-I#TE, *sed b% client to register a particular address .ith the #I" serer
7/25/2019 SIP and Wireshark
8/38
InviteI:4IT sip6-;1
7/25/2019 SIP and Wireshark
9/38
Trying 100
SIP$-. 1 Trying
Date Fed" -3 Aul -1 1,3,6 5BT
+ro! 8A++*S: B/*TI8 Csip3?,-
7/25/2019 SIP and Wireshark
10/38
Ringing 180
SIP$-. 13 *ingingDate Fed" -3 Aul -1 1,3,6 5BT
#allIn%o Csip1
7/25/2019 SIP and Wireshark
11/38
OK 00SIP$-. - @
4ia SIP$-.$'DP 19h5?b@9%d,?b1%%
+ro! 8Barty Ae%%erson8 Csip
7/25/2019 SIP and Wireshark
12/38
ACK
/#@ sip913?,-
7/25/2019 SIP and Wireshark
13/38
!"#
EG sip6-;1
7/25/2019 SIP and Wireshark
14/38
SIP Responses
Description E+amples
/++ Inormational 0 ,equest receied1 continuing toprocess request)
/23 ,inging/2/ Call is &eing 4or.arded
5++#uccess 0 Action .as successull% receied1understood and accepted)
533 !K
6++,edirection 0 4urther action needs to be ta7en in
order to complete the request)
633 Multiple Choices
635 Moed Temporaril%
8++Client Error 0 ,equest contains bad s%nta+ or cannotbe ulflled at this serer)
83/ *nauthori9ed832 ,equest Timeout
:++#erer Error 0 #erer ailed to ulfll an apparentl%alid request)
:36 #erice *naailable:3: Version Not #uported
;++ -lobal 4ailure 0 ,equest is inalid at an% serer) ;33 &us% Eer%.here;36 Decline
7/25/2019 SIP and Wireshark
15/38
SIP Responses
7/25/2019 SIP and Wireshark
16/38
Q85 Reason !odes
7/25/2019 SIP and Wireshark
17/38
Q85 Reason !odes
7/25/2019 SIP and Wireshark
18/38
SIP "eaders
Viacontains the address at which the originator is expecting to receive responses to thisrequest.
Mandatory
Tocontains a display name and a SIP URI towards which the request was originally directed. Mandatory Displaynames are described in RFC !
Fromalso contains a display name and a SIP URI that indicate the originator o" the request. #he From also
contains a tag parameter which is used "or identi"ication purposes. Mandatory
Call-IDcontains a globally unique identi"ier "or this call. Mandatory
CSeqor Command Sequence contains an integer and a method name. #he CSeq number is incremented"or each new request within a dialog and is a traditional sequence number. Mandatory
Contactcontains a SIP URI that represents a direct route to the originator usually composed o" a username
at a "ully quali"ied domain name $F%&'(. )hile an F%&' is pre"erred* many end systems do not have
registered domain names* so IP addresses are permitted. #he Contact header "ield tells other elements
where to send futurerequests.
Max-Forwardsserves to limit the number o" hops a request can ma+e on the way to its destination. It
consists o" an integer that is decremented by one at each hop.
Content-Typecontains a description o" the message body. Mandatory
Content-Lengthcontains an octet $byte( count o" the message body.
# i SIP I it
http://www.faqs.org/rfcs/rfc2822.htmlhttp://www.faqs.org/rfcs/rfc2822.html7/25/2019 SIP and Wireshark
19/38
#asic SIP In$iteINVITEsip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
From: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
To: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact: sip:20&"&&$1#0%&".#.1&'.1$6in-S7: "0
Session 7xpires: '00
Call-ID: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
CSeq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857;
7/25/2019 SIP and Wireshark
20/38
SIP "eaders
INVITE sip:0110!""1#0$0%'1'#&'$ SIP!'0)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$46in-S7: "0
Session 7xpires: '00
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
5Seq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857;
7/25/2019 SIP and Wireshark
21/38
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
Via: SIP!'0*DP &"'#'1&'1$:0&0+,ranc./"$,$002c&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4
6in-S7: "0Session 7xpires: '00
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
5Seq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857;
7/25/2019 SIP and Wireshark
22/38
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
From: 560&"&&$1#05 7sip:60&"&&$1#0%&"'#'1&'1$8+ta9.as$!e!ec2&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4
6in-S7: "0
Session 7xpires: '00
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
5Seq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857;
7/25/2019 SIP and Wireshark
23/38
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
To: 7sip:0110!""1#0$0%'1'#&'$8
5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4
6in-S7: "0
Session 7xpires: '00
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
5Seq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857;
7/25/2019 SIP and Wireshark
24/38
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
Contact: 7sip:60&"&&$1#0%&"'#'1&'1$8
6in-S7: "0
Session 7xpires: '00
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
5Seq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857;
7/25/2019 SIP and Wireshark
25/38
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4
6in-S7: "0
Session 7xpires: '00
Call-ID: !$66!e&,!"0,$#c0$!2!0#&$4""0a%&"'#'1&'1$
5Seq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857;
7/25/2019 SIP and Wireshark
26/38
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4
6in-S7: "0
Session 7xpires: '00
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
CSeq: 10! INVITE
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857;
7/25/2019 SIP and Wireshark
27/38
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4
6in-S7: "0
Session 7xpires: '00
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
5Seq: 10! I8)I97
*ser-9ent: 3atri;S
7/25/2019 SIP and Wireshark
28/38
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4
6in-S7: "0
Session 7xpires: '00
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
5Seq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
llo= ?PTI?NS= @AE= BEFEB
5ontent-9Bpe: application(sdp
5ontent-;ength: !&2
0
oroot 1$0$0 1$0$0 I8 IP$ &".#.1&'.1$ssession
cI8 IP$ &".#.1&'.1$
t0 0
maudio !$ ?9P(A)P 0 2 12 101
artpmap:0 P56*(2000
artpmap:2 P56A(2000
artpmap:12 /#!"(2000
artpmap:101 telephone-eent(2000
afmtp:101 0-1&
afmtp:12 annexbno - - - -
Allow Geader
SIP "eaders
SIP "eaders
7/25/2019 SIP and Wireshark
29/38
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4
6in-S7: "0
Session 7xpires: '00
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
5Seq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857;
7/25/2019 SIP and Wireshark
30/38
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$46in-S7: "0
Session 7xpires: '00
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
5Seq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857; en9t: !&6
0
oroot 1$0$0 1$0$0 I8 IP$ &".#.1&'.1$
ssession
cI8 IP$ &".#.1&'.1$
t0 0
maudio !$ ?9P(A)P 0 2 12 101
artpmap:0 P56*(2000
artpmap:2 P56A(2000
artpmap:12 /#!"(2000
artpmap:101 telephone-eent(2000
afmtp:101 0-1&afmtp:12 annexbno - - - -
5ontent-;ength Geader
SIP "eaders
SIP "eaders
7/25/2019 SIP and Wireshark
31/38
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact:sip:20&"&&$1#0%&".#.1&'.1$3in-SE: "0
Session 7xpires: '00
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
5Seq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857; en9t: !&6
0
oroot 1$0$0 1$0$0 I8 IP$ &".#.1&'.1$
ssession
cI8 IP$ &".#.1&'.1$
t0 0
maudio !$ ?9P(A)P 0 2 12 101
artpmap:0 P56*(2000
artpmap:2 P56A(2000
artpmap:12 /#!"(2000
artpmap:101 telephone-eent(2000
afmtp:101 0-1&afmtp:12 annexbno - - - -
6in-S7 Geader C7stablish the
lower limit of Session refresh
interalF C?@5 $0!2F
SIP "eaders
SIP "eaders
http://sip:[email protected]/http://sip:[email protected]/http://sip:[email protected]/7/25/2019 SIP and Wireshark
32/38
SIP "eaders
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact:sip:20&"&&$1#0%&".#.1&'.1$6in-S7: "0
Session E;pires: 00
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
5Seq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857; en9t: !&6
0
oroot 1$0$0 1$0$0 I8 IP$ &".#.1&'.1$
ssession
cI8 IP$ &".#.1&'.1$
t0 0
maudio !$ ?9P(A)P 0 2 12 101
artpmap:0 P56*(2000
artpmap:2 P56A(2000
artpmap:12 /#!"(2000
artpmap:101 telephone-eent(2000
afmtp:101 0-1&afmtp:12 annexbno - - - -
S7 Geader C7stablish the
upper limit of Session refresh
interalF C?@5 $0!2F
8ote: S7 alue of *A5 should
be greater or equal to 6in-S7
alue of *AS.
7/25/2019 SIP and Wireshark
33/38
SDP Parameters
Session description
v !protocol version" Mandatory
o !owner#creator and session identi$ier"% Mandatory
s !session name" Mandatory
t !time the session is active" Mandatory
i,- $session in"ormation(
u,- $URI o" description(
e,- $email address(
p,- $phone number(
c,- $connection in"ormation not required i" included in all media(
b,- $bandwidth in"ormation(
/,- $time /one ad0ustments(
+,- $encryption +ey(
a,- $/ero or more session attribute lines(
r,- $/ero or more repeat times(1edia description
m !media name and transport address" Mandatory
i,- $media title(
c,- $connection in"ormation optional i" included at sessionlevel(
b,- $bandwidth in"ormation(
a,- $/ero or more media attribute lines(
SDP Parameters %R&! '5(()
7/25/2019 SIP and Wireshark
34/38
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$
5Seq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857;
7/25/2019 SIP and Wireshark
35/38
I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0
)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&
@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&
9o: 3sip:0110!""1#0$0%.1'.#&.$4
5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4
5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$5Seq: 10! I8)I97
*ser-Agent: 6atrixSwitch
+ate: 9hu !! +ec !00 12:'2:!2 /69
Allow: I8)I97 A5 5A857;
7/25/2019 SIP and Wireshark
36/38
RTP Media Pac*ets %!+D,!)
3 2bps data-6.? 2bps 0ith headers
'#!" Data PacetBTP
*DP
IP
9Bpe =it-rate
Hbps
5oding+elaB
JualitB
C6
7/25/2019 SIP and Wireshark
37/38
(iresar)!apturing -oIP %SIP) !alls
7/25/2019 SIP and Wireshark
38/38
Than* .ou