analyzing sip call flows
DESCRIPTION
Analyzing SIP Call Flows. Dr. Quincy Wu National Chiao Tung University Email: [email protected]. Packets Capturing & Analyzing. Ethereal – What Is It?. Every network manager at some time or other needs a tool that can capture packets off the network and analyze them. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/1.jpg)
11 TAC2000/2000.7
LABORATORY 117
Analyzing SIP Call Flows
Dr. Quincy WuDr. Quincy Wu
National Chiao Tung UniversityNational Chiao Tung University
Email: [email protected]: [email protected]
![Page 2: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/2.jpg)
22 TAC2000/2000.7
LABORATORY 117
Packets Capturing &
Analyzing
![Page 3: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/3.jpg)
33 TAC2000/2000.7
LABORATORY 117
Ethereal – What Is It? Every network manager at some time or other needs a tool that Every network manager at some time or other needs a tool that
can capture packets off the network and analyze them. can capture packets off the network and analyze them. In the past, such tools were either very expensive, proprietary, In the past, such tools were either very expensive, proprietary,
or both.or both. With the advent of Ethereal, all that has changed. With the advent of Ethereal, all that has changed.
![Page 4: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/4.jpg)
44 TAC2000/2000.7
LABORATORY 117
Features of Ethereal
Available for UNIX and Windows. Available for UNIX and Windows. Capture and display packets from any interface on a UNIX system. Capture and display packets from any interface on a UNIX system. Display packets captured under a number of other capture programs: Display packets captured under a number of other capture programs:
tcpdump tcpdump Network Associates Sniffer and Sniffer Pro Network Associates Sniffer and Sniffer Pro NetXray NetXray Microsoft Network Monitor Microsoft Network Monitor
Filter packets on many criteria. Filter packets on many criteria. Colorize packet display based on filters Colorize packet display based on filters Allow people to add new protocols to Ethereal.Allow people to add new protocols to Ethereal.
![Page 5: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/5.jpg)
55 TAC2000/2000.7
LABORATORY 117
Where to Get Ethereal Official site: Official site: http://www.ethereal.com/http://www.ethereal.com/ Local mirror: Local mirror: http:/http://voip/voip.ipv6.club.ipv6.club.tw.tw/Download//Download/
![Page 6: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/6.jpg)
66 TAC2000/2000.7
LABORATORY 117
Install Ethereal under Windows Install WinPcap.Install WinPcap.
WinPcap is an architecture for packet capture and network analysis for WinPcap is an architecture for packet capture and network analysis for the Win32 platforms. the Win32 platforms.
It includes It includes a kernel-level packet filter, a kernel-level packet filter, a low-level dynamic link library (packet.dll), and a low-level dynamic link library (packet.dll), and a high-level and system-independent library (wpcap.dll, based on libpcap a high-level and system-independent library (wpcap.dll, based on libpcap
version 0.6.2) version 0.6.2)
Install Ethereal 0.10.3. Install Ethereal 0.10.3.
![Page 7: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/7.jpg)
77 TAC2000/2000.7
LABORATORY 117
Starting Ethereal
![Page 8: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/8.jpg)
88 TAC2000/2000.7
LABORATORY 117
Capturing packets with Ethereal
![Page 9: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/9.jpg)
99 TAC2000/2000.7
LABORATORY 117
The Capture Preferences dialog box
![Page 10: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/10.jpg)
1010 TAC2000/2000.7
LABORATORY 117
Stop after you have collected enough packets
![Page 11: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/11.jpg)
1111 TAC2000/2000.7
LABORATORY 117
File – Save As
![Page 12: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/12.jpg)
1212 TAC2000/2000.7
LABORATORY 117
Show Packet in New Window
![Page 13: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/13.jpg)
1313 TAC2000/2000.7
LABORATORY 117
Capture Filters
![Page 14: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/14.jpg)
1414 TAC2000/2000.7
LABORATORY 117
Filtering While Capturing
![Page 15: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/15.jpg)
1515 TAC2000/2000.7
LABORATORY 117
Syntax of the tcpdump capture filter language
[[not] not] primitiveprimitive [and|or [not] [and|or [not] primitiveprimitive ...] ...] tcp port 23 and host 10.0.0.5tcp port 23 and host 10.0.0.5 tcp port 23 and not host 10.0.0.5tcp port 23 and not host 10.0.0.5
tcpdumptcpdump filter language is explained in the man page. filter language is explained in the man page.
![Page 16: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/16.jpg)
1616 TAC2000/2000.7
LABORATORY 117Capturing SIP signaling(filter: udp port 5060)
![Page 17: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/17.jpg)
1717 TAC2000/2000.7
LABORATORY 117
SIP Call Establishment It is simple, which contains a number of interim responses.It is simple, which contains a number of interim responses.
![Page 18: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/18.jpg)
1818 TAC2000/2000.7
LABORATORY 117Basic Call Flow
![Page 19: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/19.jpg)
1919 TAC2000/2000.7
LABORATORY 117
REGISTER
![Page 20: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/20.jpg)
2020 TAC2000/2000.7
LABORATORY 117
200 OK
![Page 21: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/21.jpg)
2121 TAC2000/2000.7
LABORATORY 117
INVITE
![Page 22: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/22.jpg)
2222 TAC2000/2000.7
LABORATORY 117
SDP in INVITE
![Page 23: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/23.jpg)
2323 TAC2000/2000.7
LABORATORY 117
200 OK
![Page 24: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/24.jpg)
2424 TAC2000/2000.7
LABORATORY 117
SDP in 200 OK
![Page 25: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/25.jpg)
2525 TAC2000/2000.7
LABORATORY 117
ACK
![Page 26: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/26.jpg)
2626 TAC2000/2000.7
LABORATORY 117
Capturing the packets of Media Data
![Page 27: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/27.jpg)
2727 TAC2000/2000.7
LABORATORY 117
RTP Traffic (udp port 9000)
What’s wrong?What’s wrong?
![Page 28: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/28.jpg)
2828 TAC2000/2000.7
LABORATORY 117
Tools – Decode As RTP
![Page 29: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/29.jpg)
2929 TAC2000/2000.7
LABORATORY 117
Display Filter
![Page 30: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/30.jpg)
3030 TAC2000/2000.7
LABORATORY 117
Display – Colorize Display
![Page 31: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/31.jpg)
3131 TAC2000/2000.7
LABORATORY 117
Emphasize the packets you are interested in
![Page 32: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/32.jpg)
3232 TAC2000/2000.7
LABORATORY 117
Hold/Unhold of NBEN UA
![Page 33: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/33.jpg)
3333 TAC2000/2000.7
LABORATORY 117
Hold
![Page 34: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/34.jpg)
3434 TAC2000/2000.7
LABORATORY 117
Retrieve
![Page 35: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/35.jpg)
3535 TAC2000/2000.7
LABORATORY 117
Summary We demonstrate the functions of Windows Messenger and We demonstrate the functions of Windows Messenger and
NBEN UA, which are two SIP User Agents with friendly user NBEN UA, which are two SIP User Agents with friendly user interface.interface.
We demonstrate the functions of Ethereal, which is a powerful We demonstrate the functions of Ethereal, which is a powerful tool for packets capturing & analyzing:tool for packets capturing & analyzing: Capture FiltersCapture Filters Colorized PacketsColorized Packets
Practice using this tool to capture SIP signaling in the following Practice using this tool to capture SIP signaling in the following call flowscall flows REGISTER – REGISTER – 200 OK200 OK INVITE – INVITE – 200 OK200 OK - ACK - ACK BYE – BYE – 200 OK200 OK Hold/RetrieveHold/Retrieve
![Page 36: Analyzing SIP Call Flows](https://reader033.vdocuments.us/reader033/viewer/2022061602/56813669550346895d9df4e1/html5/thumbnails/36.jpg)
3636 TAC2000/2000.7
LABORATORY 117
NTP VoIP Platform
NCTU PBX
PU PBX
Phone31842
Phone31924
Phone31340
Phone31350
Call Server Media Gateway
SIP Phone0944021021SIP Phone
0944021022
Media Gateway
SIP Phone0944021401
Phone13411
Phone13404
Phone13419
Phone13429
WLAN User
Phone04-22251133
StationInterface
StationInterface
StationInterface
StationInterface
Phone03-5912312
Admin Console
Edge Route
Edge Route
SIP Phone0944021026
SIP Phone0944021402
Hsinchu
Taichung
TrunkInterface
03-5712121
04-26328001TrunkInterface
Call Server
WLAN AP
WLAN Gateway
TANet
Campus Network
PSTN
Campus Network