SIP and Wireshark

7/25/2019 SIP and Wireshark

1/38

(SIP)

Session Initiation Protocol


2/38

What is a SIP?

Session Initiation Protocol (SIP)

Is a text based signaling protocol. Developed in1996

The SIP protocol is situated at the session layer

in the SI !odel" and at the application layer inthe T#P$IP !odel.

SIP is designed to be independent o% the

underlying transport layer& it can run on T#P or

'DP port 6 or 61. *+# ,-61


3/38

SIP Terms

SIP User Agents (UAs) are the enduser devices" used to create and !anage a SIP session. / SIP

'/ has t0o !ain co!ponents" the 'ser /gent #lient (UAC) sends !essages and ans0ers 0ith SIP

responses" the 'ser /gent Server (UAS) responds to SIP reuests sent by the peer. SIP '/s !ay

0or2 in point to point !ode. Typical i!ple!entations o% a '/ are SIP so%tphones" SIP hardphones

and SIPenabled /T/s. In !y case the SIP '/ is a #isco -311 acting as a 4oIP 5ate0ay.

Proxy, Proxy Server /n inter!ediary entity that acts as both a server and a client %or the purpose

o% !a2ing reuests on behal% o% other clients. / proxy server pri!arily plays the role o% routing"

0hich !eans its 7ob is to ensure that a reuest is sent to another entity 8closer8 to the targeted user.

Proxies are also use%ul %or en%orcing policy (%or exa!ple" !a2ing sure a user is allo0ed to !a2e a

call). / proxy interprets" and" i% necessary" re0rites speci%ic parts o% a reuest !essage be%ore%or0arding it.

A registraris a server that accepts *5IST* reuests and places the in%or!ation it receives in

those reuests into the location service %or the do!ain it handles.

A redirect server is a user agent server that generates ,xx responses to reuests it receives"

directing the client to contact an alternate set o% '*Is.The redirect server allo0s SIP Proxy Serversto direct SIP session invitations to external do!ains.


4/38

SIP Signaling


5/38

IP Dialog and Transactions

A transactionis a SIP

message exchange between

two user-agents that starts

with a request and ends with

its final response. It is a part

of a dialog.

A dialogis a completeexchange of SIP messages

between two user-agents.


6/38

IP to 7 Mapping


7/38

SIP Requests

Method Description

INVITE A session is being requested to be setup using a specifed media

ACK Message rom client to indicate that a successul response to an INVITE has been receied

!"TI!N# A $uer% to a serer about its capabilities

&'E A call is being released b% either part%

CANCE( Cancels an% pending requests) *suall% sent to a "ro+% #erer to cancel searches

,E-I#TE, *sed b% client to register a particular address .ith the #I" serer


8/38

InviteI:4IT sip6-;1


9/38

Trying 100

SIP$-. 1 Trying

Date Fed" -3 Aul -1 1,3,6 5BT

+ro! 8A++*S: B/*TI8 Csip3?,-


10/38

Ringing 180

SIP$-. 13 *ingingDate Fed" -3 Aul -1 1,3,6 5BT

#allIn%o Csip1


11/38

OK 00SIP$-. - @

4ia SIP$-.$'DP 19h5?b@9%d,?b1%%

+ro! 8Barty Ae%%erson8 Csip


12/38

ACK

/#@ sip913?,-


13/38

!"#

EG sip6-;1


14/38

SIP Responses

Description E+amples

/++ Inormational 0 ,equest receied1 continuing toprocess request)

/23 ,inging/2/ Call is &eing 4or.arded

5++#uccess 0 Action .as successull% receied1understood and accepted)

533 !K

6++,edirection 0 4urther action needs to be ta7en in

order to complete the request)

633 Multiple Choices

635 Moed Temporaril%

8++Client Error 0 ,equest contains bad s%nta+ or cannotbe ulflled at this serer)

83/ *nauthori9ed832 ,equest Timeout

:++#erer Error 0 #erer ailed to ulfll an apparentl%alid request)

:36 #erice *naailable:3: Version Not #uported

;++ -lobal 4ailure 0 ,equest is inalid at an% serer) ;33 &us% Eer%.here;36 Decline


15/38

SIP Responses


16/38

Q85 Reason !odes


17/38

Q85 Reason !odes


18/38

SIP "eaders

Viacontains the address at which the originator is expecting to receive responses to thisrequest.

Mandatory

Tocontains a display name and a SIP URI towards which the request was originally directed. Mandatory Displaynames are described in RFC !

Fromalso contains a display name and a SIP URI that indicate the originator o" the request. #he From also

contains a tag parameter which is used "or identi"ication purposes. Mandatory

Call-IDcontains a globally unique identi"ier "or this call. Mandatory

CSeqor Command Sequence contains an integer and a method name. #he CSeq number is incremented"or each new request within a dialog and is a traditional sequence number. Mandatory

Contactcontains a SIP URI that represents a direct route to the originator usually composed o" a username

at a "ully quali"ied domain name $F%&'(. )hile an F%&' is pre"erred* many end systems do not have

registered domain names* so IP addresses are permitted. #he Contact header "ield tells other elements

where to send futurerequests.

Max-Forwardsserves to limit the number o" hops a request can ma+e on the way to its destination. It

consists o" an integer that is decremented by one at each hop.

Content-Typecontains a description o" the message body. Mandatory

Content-Lengthcontains an octet $byte( count o" the message body.

# i SIP I it
http://www.faqs.org/rfcs/rfc2822.htmlhttp://www.faqs.org/rfcs/rfc2822.html


19/38

#asic SIP In$iteINVITEsip:0110!""1#0$0%.1'.#&.$ SIP(!.0

)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&

From: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&

To: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact: sip:20&"&&$1#0%&".#.1&'.1$6in-S7: "0

Session 7xpires: '00

Call-ID: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

CSeq: 10! I8)I97

*ser-Agent: 6atrixSwitch

+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857;


20/38

SIP "eaders

INVITE sip:0110!""1#0$0%'1'#&'$ SIP!'0)ia: SIP(!.0(*+P &".#.1&'.1$:0&0,branch"h/$b$00fc&e&

@rom: 20&"&&$1#0 3sip:20&"&&$1#0%&".#.1&'.1$4,tagas$!e!ecf&

9o: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$46in-S7: "0


5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

5Seq: 10! I8)I97


+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857;


21/38

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0

Via: SIP!'0*DP &"'#'1&'1$:0&0+,ranc./"$,$002c&e&


9o: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4

6in-S7: "0Session 7xpires: '00

5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

5Seq: 10! I8)I97


+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857;


22/38

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0


From: 560&"&&$1#05 7sip:60&"&&$1#0%&"'#'1&'1$8+ta9.as$!e!ec2&

9o: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4

6in-S7: "0


5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

5Seq: 10! I8)I97


+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857;


23/38

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0



To: 7sip:0110!""1#0$0%'1'#&'$8

5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4

6in-S7: "0


5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

5Seq: 10! I8)I97


+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857;


24/38

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0



9o: 3sip:0110!""1#0$0%.1'.#&.$4

Contact: 7sip:60&"&&$1#0%&"'#'1&'1$8

6in-S7: "0


5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

5Seq: 10! I8)I97


+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857;


25/38

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0



9o: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4

6in-S7: "0


Call-ID: !$66!e&,!"0,$#c0$!2!0#&$4""0a%&"'#'1&'1$

5Seq: 10! I8)I97


+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857;


26/38

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0



9o: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4

6in-S7: "0


5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

CSeq: 10! INVITE


+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857;


27/38

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0



9o: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4

6in-S7: "0


5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

5Seq: 10! I8)I97

*ser-9ent: 3atri;S


28/38

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0



9o: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4

6in-S7: "0


5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

5Seq: 10! I8)I97


+ate: 9hu !! +ec !00 12:'2:!2 /69

llo= ?PTI?NS= @AE= BEFEB

5ontent-9Bpe: application(sdp

5ontent-;ength: !&2

0

oroot 1$0$0 1$0$0 I8 IP$ &".#.1&'.1$ssession

cI8 IP$ &".#.1&'.1$

t0 0

maudio !$ ?9P(A)P 0 2 12 101

artpmap:0 P56*(2000

artpmap:2 P56A(2000

artpmap:12 /#!"(2000

artpmap:101 telephone-eent(2000

afmtp:101 0-1&

afmtp:12 annexbno - - - -

Allow Geader

SIP "eaders

SIP "eaders


29/38

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0



9o: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4

6in-S7: "0


5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

5Seq: 10! I8)I97


+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857;


30/38

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0



9o: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$46in-S7: "0


5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

5Seq: 10! I8)I97


+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857; en9t: !&6

0

oroot 1$0$0 1$0$0 I8 IP$ &".#.1&'.1$

ssession

cI8 IP$ &".#.1&'.1$

t0 0

maudio !$ ?9P(A)P 0 2 12 101

artpmap:0 P56*(2000

artpmap:2 P56A(2000

artpmap:12 /#!"(2000


afmtp:101 0-1&afmtp:12 annexbno - - - -

5ontent-;ength Geader

SIP "eaders

SIP "eaders


31/38

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0



9o: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact:sip:20&"&&$1#0%&".#.1&'.1$3in-SE: "0


5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

5Seq: 10! I8)I97


+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857; en9t: !&6

0

oroot 1$0$0 1$0$0 I8 IP$ &".#.1&'.1$

ssession

cI8 IP$ &".#.1&'.1$

t0 0

maudio !$ ?9P(A)P 0 2 12 101

artpmap:0 P56*(2000

artpmap:2 P56A(2000

artpmap:12 /#!"(2000



6in-S7 Geader C7stablish the

lower limit of Session refresh

interalF C?@5 $0!2F

SIP "eaders

SIP "eaders
http://sip:[email protected]/http://sip:[email protected]/http://sip:[email protected]/


32/38

SIP "eaders

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0



9o: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact:sip:20&"&&$1#0%&".#.1&'.1$6in-S7: "0

Session E;pires: 00

5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

5Seq: 10! I8)I97


+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857; en9t: !&6

0

oroot 1$0$0 1$0$0 I8 IP$ &".#.1&'.1$

ssession

cI8 IP$ &".#.1&'.1$

t0 0

maudio !$ ?9P(A)P 0 2 12 101

artpmap:0 P56*(2000

artpmap:2 P56A(2000

artpmap:12 /#!"(2000



S7 Geader C7stablish the

upper limit of Session refresh

interalF C?@5 $0!2F

8ote: S7 alue of *A5 should

be greater or equal to 6in-S7

alue of *AS.


33/38

SDP Parameters

Session description

v !protocol version" Mandatory

o !owner#creator and session identi$ier"% Mandatory

s !session name" Mandatory

t !time the session is active" Mandatory

i,- $session in"ormation(

u,- $URI o" description(

e,- $email address(

p,- $phone number(

c,- $connection in"ormation not required i" included in all media(

b,- $bandwidth in"ormation(

/,- $time /one ad0ustments(

+,- $encryption +ey(

a,- $/ero or more session attribute lines(

r,- $/ero or more repeat times(1edia description

m !media name and transport address" Mandatory

i,- $media title(

c,- $connection in"ormation optional i" included at sessionlevel(

b,- $bandwidth in"ormation(

a,- $/ero or more media attribute lines(

SDP Parameters %R&! '5(()


34/38

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0



9o: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4

5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$

5Seq: 10! I8)I97


+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857;


35/38

I8)I97 sip:0110!""1#0$0%.1'.#&.$ SIP(!.0



9o: 3sip:0110!""1#0$0%.1'.#&.$4

5ontact: 3sip:20&"&&$1#0%&".#.1&'.1$4

5all-I+: !$22!'e&'b!"0b$#c0$!f!0#&$d""0a%&".#.1&'.1$5Seq: 10! I8)I97


+ate: 9hu !! +ec !00 12:'2:!2 /69

Allow: I8)I97 A5 5A857;


36/38

RTP Media Pac*ets %!+D,!)

3 2bps data-6.? 2bps 0ith headers

'#!" Data PacetBTP

*DP

IP

9Bpe =it-rate

Hbps

5oding+elaB

JualitB

C6


37/38

(iresar)!apturing -oIP %SIP) !alls


38/38

Than* .ou

Documents

SIP and Wireshark