This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 20 and 21
Revision 20 as of 2006-07-23 14:40:01
Size: 3196
Editor: ACBCED83
Comment: Add transport info, mention statistics items
Revision 21 as of 2006-11-30 10:40:49
Size: 3323
Editor: 203
Comment:
Deletions are marked like this. Additions are marked like this.
Line 59: Line 59:
 * [http://blog.eukhost.com/2006/11/13/sip-session-initiation-protocol SIP] ''More info on Session Initiation Protocol(SIP)''

Session Initiation Protocol (SIP)

The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for sessions.

These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences. SIP can create, modify, and terminate sessions with one or more participants.

The SIP protocol is a member of the ["VOIPProtocolFamily"].

History

XXX - add a brief description of SIP history

Protocol dependencies

  • SIP is commonly uses as its transport ["UDP"] (default port 5060), ["TCP"] (default port 5060) or ["TLS"] (default TCP port 5061). SIP signalling may also be compressed and delivered by ["Sigcomp"]
  • SIP is commonly used to establish media sessions, e.g. ["RTP"]/["RTCP"] streams carrying audio or video data, where session details are commonly negociated using ["SDP"] offers/answers
  • PINTs and SPIRITS - Service interworking
  • Number resolution - TRIP and ENUM ([http://www.ietf.org/html.charters/enum-charter.html IETF Charter for ENUM ])

  • Seamless signaling - ["SIGTRAN"] and ["SIP-T"]
  • IMPP - Instant Messaging and Presence
  • SIMPLE - SIP for Instant Messaging and Presence Leveraging Extensions [http://www.ietf.org/html.charters/simple-charter.html IETF Charter for SIMPLE]

Example traffic

attachment:SIP.jpg

Wireshark

The SIP dissector is fully functional. You can also view SIP message statistics (Statistics | SIP...) or view SIP call flow graphs (Statistics | VoIP Calls)

Preference Settings

  • Display raw text for SIP message. Default OFF
  • Enforce strict SIP version check (SIP/2.0). Default ON
  • Reassemble SIP headers spanning multiple TCP segments. Default ON
  • Reassemble SIP bodies spanning multiple TCP segments. Default ON

Example capture file

attachment:SampleCaptures/aaa.pcap Sample SIP and RTP traffic.

Display Filter

A complete list of SIP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/s/sip.html display filter reference]

  • Show only the SIP based traffic:

     sip 

Capture Filter

You cannot directly filter SIP protocols while capturing. However, if you know the ["UDP"] or ["TCP"] or port used (see above), you can filter on that one.

["IETF"] Charters:

RFC:

Implementations:

Discussion

SIP (last edited 2008-08-14 18:52:55 by GeraldCombs)