Add transport info, mention statistics items
|Deletions are marked like this.||Additions are marked like this.|
|Line 59:||Line 59:|
|* [http://blog.eukhost.com/2006/11/13/sip-session-initiation-protocol SIP] ''More info on Session Initiation Protocol(SIP)''|
Session Initiation Protocol (SIP)
The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for sessions.
These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences. SIP can create, modify, and terminate sessions with one or more participants.
The SIP protocol is a member of the ["VOIPProtocolFamily"].
XXX - add a brief description of SIP history
- SIP is commonly uses as its transport ["UDP"] (default port 5060), ["TCP"] (default port 5060) or ["TLS"] (default TCP port 5061). SIP signalling may also be compressed and delivered by ["Sigcomp"]
- SIP is commonly used to establish media sessions, e.g. ["RTP"]/["RTCP"] streams carrying audio or video data, where session details are commonly negociated using ["SDP"] offers/answers
- PINTs and SPIRITS - Service interworking
Number resolution - TRIP and ENUM ([http://www.ietf.org/html.charters/enum-charter.html IETF Charter for ENUM ])
- Seamless signaling - ["SIGTRAN"] and ["SIP-T"]
- IMPP - Instant Messaging and Presence
SIMPLE - SIP for Instant Messaging and Presence Leveraging Extensions [http://www.ietf.org/html.charters/simple-charter.html IETF Charter for SIMPLE]
The SIP dissector is fully functional. You can also view SIP message statistics (Statistics | SIP...) or view SIP call flow graphs (Statistics | VoIP Calls)
- Display raw text for SIP message. Default OFF
- Enforce strict SIP version check (SIP/2.0). Default ON
- Reassemble SIP headers spanning multiple TCP segments. Default ON
- Reassemble SIP bodies spanning multiple TCP segments. Default ON
Example capture file
attachment:SampleCaptures/aaa.pcap Sample SIP and RTP traffic.
A complete list of SIP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/s/sip.html display filter reference]
Show only the SIP based traffic:
You cannot directly filter SIP protocols while capturing. However, if you know the ["UDP"] or ["TCP"] or port used (see above), you can filter on that one.
[http://www.ietf.org/html.charters/sip-charter.html SIP] Session Initiation Protocol (sip)
[http://www.ietf.org/html.charters/sipping-charter.html SIPPING] Session Initiation Proposal Investigation (sipping)
[http://blog.eukhost.com/2006/11/13/sip-session-initiation-protocol SIP] More info on Session Initiation Protocol(SIP)
[http://www.ietf.org/rfc/rfc3261.txt?number=3261 RFC3261] SIP: Session Initiation Protocol
[http://www.ietf.org/rfc/rfc3262.txt?number=3262 RFC3262] Reliability of Provisional Responses in the Session Initiation Protocol (SIP)
[http://www.ietf.org/rfc/rfc3263.txt?number=3263 RFC3263] Session Initiation Protocol (SIP): Locating SIP Servers
[http://www.gnu.org/software/osip/osip.html osip] The GNU oSIP library
[http://sipp.sourceforge.net/ SIPp] "SIPp is a free Open Source test tool / traffic generator for the SIP protocol" (GPL)