Post on 01-Jan-2016
transcript
11 TAC2000/2000.7
LABORATORY 117
Analyzing SIP Call Flows
Dr. Quincy WuDr. Quincy Wu
National Chiao Tung UniversityNational Chiao Tung University
Email: solomon@ipv6.club.twEmail: solomon@ipv6.club.tw
22 TAC2000/2000.7
LABORATORY 117
Packets Capturing &
Analyzing
33 TAC2000/2000.7
LABORATORY 117
Ethereal – What Is It? Every network manager at some time or other needs a tool that Every network manager at some time or other needs a tool that
can capture packets off the network and analyze them. can capture packets off the network and analyze them. In the past, such tools were either very expensive, proprietary, In the past, such tools were either very expensive, proprietary,
or both.or both. With the advent of Ethereal, all that has changed. With the advent of Ethereal, all that has changed.
44 TAC2000/2000.7
LABORATORY 117
Features of Ethereal
Available for UNIX and Windows. Available for UNIX and Windows. Capture and display packets from any interface on a UNIX system. Capture and display packets from any interface on a UNIX system. Display packets captured under a number of other capture programs: Display packets captured under a number of other capture programs:
tcpdump tcpdump Network Associates Sniffer and Sniffer Pro Network Associates Sniffer and Sniffer Pro NetXray NetXray Microsoft Network Monitor Microsoft Network Monitor
Filter packets on many criteria. Filter packets on many criteria. Colorize packet display based on filters Colorize packet display based on filters Allow people to add new protocols to Ethereal.Allow people to add new protocols to Ethereal.
55 TAC2000/2000.7
LABORATORY 117
Where to Get Ethereal Official site: Official site: http://www.ethereal.com/http://www.ethereal.com/ Local mirror: Local mirror: http:/http://voip/voip.ipv6.club.ipv6.club.tw.tw/Download//Download/
66 TAC2000/2000.7
LABORATORY 117
Install Ethereal under Windows Install WinPcap.Install WinPcap.
WinPcap is an architecture for packet capture and network analysis for WinPcap is an architecture for packet capture and network analysis for the Win32 platforms. the Win32 platforms.
It includes It includes a kernel-level packet filter, a kernel-level packet filter, a low-level dynamic link library (packet.dll), and a low-level dynamic link library (packet.dll), and a high-level and system-independent library (wpcap.dll, based on libpcap a high-level and system-independent library (wpcap.dll, based on libpcap
version 0.6.2) version 0.6.2)
Install Ethereal 0.10.3. Install Ethereal 0.10.3.
77 TAC2000/2000.7
LABORATORY 117
Starting Ethereal
88 TAC2000/2000.7
LABORATORY 117
Capturing packets with Ethereal
99 TAC2000/2000.7
LABORATORY 117
The Capture Preferences dialog box
1010 TAC2000/2000.7
LABORATORY 117
Stop after you have collected enough packets
1111 TAC2000/2000.7
LABORATORY 117
File – Save As
1212 TAC2000/2000.7
LABORATORY 117
Show Packet in New Window
1313 TAC2000/2000.7
LABORATORY 117
Capture Filters
1414 TAC2000/2000.7
LABORATORY 117
Filtering While Capturing
1515 TAC2000/2000.7
LABORATORY 117
Syntax of the tcpdump capture filter language
[[not] not] primitiveprimitive [and|or [not] [and|or [not] primitiveprimitive ...] ...] tcp port 23 and host 10.0.0.5tcp port 23 and host 10.0.0.5 tcp port 23 and not host 10.0.0.5tcp port 23 and not host 10.0.0.5
tcpdumptcpdump filter language is explained in the man page. filter language is explained in the man page.
1616 TAC2000/2000.7
LABORATORY 117Capturing SIP signaling(filter: udp port 5060)
1717 TAC2000/2000.7
LABORATORY 117
SIP Call Establishment It is simple, which contains a number of interim responses.It is simple, which contains a number of interim responses.
1818 TAC2000/2000.7
LABORATORY 117Basic Call Flow
1919 TAC2000/2000.7
LABORATORY 117
REGISTER
2020 TAC2000/2000.7
LABORATORY 117
200 OK
2121 TAC2000/2000.7
LABORATORY 117
INVITE
2222 TAC2000/2000.7
LABORATORY 117
SDP in INVITE
2323 TAC2000/2000.7
LABORATORY 117
200 OK
2424 TAC2000/2000.7
LABORATORY 117
SDP in 200 OK
2525 TAC2000/2000.7
LABORATORY 117
ACK
2626 TAC2000/2000.7
LABORATORY 117
Capturing the packets of Media Data
2727 TAC2000/2000.7
LABORATORY 117
RTP Traffic (udp port 9000)
What’s wrong?What’s wrong?
2828 TAC2000/2000.7
LABORATORY 117
Tools – Decode As RTP
2929 TAC2000/2000.7
LABORATORY 117
Display Filter
3030 TAC2000/2000.7
LABORATORY 117
Display – Colorize Display
3131 TAC2000/2000.7
LABORATORY 117
Emphasize the packets you are interested in
3232 TAC2000/2000.7
LABORATORY 117
Hold/Unhold of NBEN UA
3333 TAC2000/2000.7
LABORATORY 117
Hold
3434 TAC2000/2000.7
LABORATORY 117
Retrieve
3535 TAC2000/2000.7
LABORATORY 117
Summary We demonstrate the functions of Windows Messenger and We demonstrate the functions of Windows Messenger and
NBEN UA, which are two SIP User Agents with friendly user NBEN UA, which are two SIP User Agents with friendly user interface.interface.
We demonstrate the functions of Ethereal, which is a powerful We demonstrate the functions of Ethereal, which is a powerful tool for packets capturing & analyzing:tool for packets capturing & analyzing: Capture FiltersCapture Filters Colorized PacketsColorized Packets
Practice using this tool to capture SIP signaling in the following Practice using this tool to capture SIP signaling in the following call flowscall flows REGISTER – REGISTER – 200 OK200 OK INVITE – INVITE – 200 OK200 OK - ACK - ACK BYE – BYE – 200 OK200 OK Hold/RetrieveHold/Retrieve
3636 TAC2000/2000.7
LABORATORY 117
NTP VoIP Platform
NCTU PBX
PU PBX
Phone31842
Phone31924
Phone31340
Phone31350
Call Server Media Gateway
SIP Phone0944021021SIP Phone
0944021022
Media Gateway
SIP Phone0944021401
Phone13411
Phone13404
Phone13419
Phone13429
WLAN User
Phone04-22251133
StationInterface
StationInterface
StationInterface
StationInterface
Phone03-5912312
Admin Console
Edge Route
Edge Route
SIP Phone0944021026
SIP Phone0944021402
Hsinchu
Taichung
TrunkInterface
03-5712121
04-26328001TrunkInterface
Call Server
WLAN AP
WLAN Gateway
TANet
Campus Network
PSTN
Campus Network