Read Part 1 of Using Packet Analysis here
As we are working in the world of VoIP, we do need to know about the protocols that make this communication possible.
SIP is one of the fundamental building blocks of today modern VoIP communication, not only used for voice communications, but also for multimedia session establishment, instant messaging or for some gaming session. Suppose we have a two SIP devises Alice and Bob. When Alice initiate a SIP call, an INVITE packet is sent to Bob, in return Bob reply with 100 Trying or 180 Ringing message back to Alice. The numbers (100, 180 etc.) that you are seeing are known as SIP methods. These SIP methods are used to convey different informational messages about status of a particular call. After sending 1xx informational messages, Bob will send a 200 Ok message, which marks the establishment of a call and RTP stream is established after that instant. A particular SIP call is ended by sending a Bye message by either party, once a Bye message is sent the request will get stopped and RTP session dropped.
Now let’s open Wireshark, you can download the latest version from: http://www.wireshark.org/download.html , I am using the 64-bit version. Once you will open it for the first time, you will see the following screen:
Exploring the SIP building blocks:
Now let’s open a SIP trace in the Wireshark: this is simple VoIP call between two extensions configured on two local Asterisk PBXs:
Here you will see all the basic SIP signalling parameters which we discussed above. We need to understand two types of packets to get a proper understanding of a VoIP communication scenario:
- SIP Packets – to understand the call signalling mechanism
- RTP Packets – to understand voice quality issues because RTP carries the voice packets
As you can see I have filtered SIP packets from a treasure of different packets which were flowing through my network. Now as I have filtered these packets, now let’s save these packets only: Click on File, and then click on Export Specified Packets:
Now as we have filtered out our SIP call packets, let’s open our new file to which we exported the packets (I named the file Test-Call-SIP):
In Wireshark, All of the major Telephony analysis options can be found at the top under Telephony:
In order to view an INVITE packet detail, just double click an INIVTE packet and you will see a new window pop up with all the different network layers detail:
In order to check the SDP (Session Description Protocol) details, just expand the SDP box which is visible in INVITE detail:
An SDP is always a focal point to check media related issues in VoIP.
- It contains the media IP that is used to established media connection;
- It shows the user agent information.it shows the SIP version that has been used to negotiate the call.
- It shows the codec information, which have been offered by the calling party to the called party side.
- It shows the DTMF digits information, whether it’s shared in the form of telephony-event parameter or not.
Being a VoIP professional, we should also know about different RFCs that are in use in our domain. RFC stands for Request for Comments; these are IETF (Internet Engineering Task Force) documents, which details the underlying architecture and working of a specific protocol. Each RFC has a specific number, some of the famous RFCs are:
- RTP is defined by the IETF in RFC 3550
- The payload format for a number of CODECs are defined in RFC 3551
- RTCP is defined in RFC 3550 used to address delay and jitter issues
- Secure RTP is defined in RFC 3711
- SIP is defined in detail under RFC 3261
As you have now enough background in Wireshark and VoIP, in the 3rd part of this article series we will have a look on different issues that arises in VoIP and how we can identify its symptoms and causes using Wireshark. Have a great day ahead 🙂
