This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 21 and 22
Revision 21 as of 2006-11-30 10:40:49
Size: 3323
Editor: 203
Comment:
Revision 22 as of 2008-04-12 17:50:31
Size: 3353
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
The SIP protocol is a member of the ["VOIPProtocolFamily"]. The SIP protocol is a member of the [[VOIPProtocolFamily]].
Line 15: Line 15:
 *SIP is commonly uses as its transport ["UDP"] (default port 5060), ["TCP"] (default port 5060) or ["TLS"] (default TCP port 5061). SIP signalling may also be compressed and delivered by ["Sigcomp"]
 *SIP is commonly used to establish media sessions, e.g. ["RTP"]/["RTCP"] streams carrying audio or video data, where session details are commonly negociated using ["SDP"] offers/answers
 *SIP is commonly uses as its transport [[UDP]] (default port 5060), [[TCP]] (default port 5060) or [[TLS]] (default TCP port 5061). SIP signalling may also be compressed and delivered by [[Sigcomp]]
 *SIP is commonly used to establish media sessions, e.g. [[RTP]]/[[RTCP]] streams carrying audio or video data, where session details are commonly negociated using [[SDP]] offers/answers
Line 18: Line 18:
 *Number resolution - TRIP and ENUM ([http://www.ietf.org/html.charters/enum-charter.html IETF Charter for ENUM ])
 *Seamless signaling - ["SIGTRAN"] and ["SIP-T"]
 *Number resolution - TRIP and ENUM ([[http://www.ietf.org/html.charters/enum-charter.html|IETF Charter for ENUM ]])
 *Seamless signaling - [[SIGTRAN]] and [[SIP-T]]
Line 21: Line 21:
 *SIMPLE - SIP for Instant Messaging and Presence Leveraging Extensions [http://www.ietf.org/html.charters/simple-charter.html IETF Charter for SIMPLE]  *SIMPLE - SIP for Instant Messaging and Presence Leveraging Extensions [[http://www.ietf.org/html.charters/simple-charter.html|IETF Charter for SIMPLE]]
Line 25: Line 25:
attachment:SIP.jpg {{attachment:SIP.jpg}}
Line 41: Line 41:
attachment:SampleCaptures/aaa.pcap Sample SIP and RTP traffic. [[attachment:SampleCaptures/aaa.pcap]] Sample SIP and RTP traffic.
Line 44: Line 44:
A complete list of SIP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/s/sip.html display filter reference] A complete list of SIP display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/s/sip.html|display filter reference]]
Line 51: Line 51:
You cannot directly filter SIP protocols while capturing. However, if you know the ["UDP"] or ["TCP"] or port used (see above), you can filter on that one. You cannot directly filter SIP protocols while capturing. However, if you know the [[UDP]] or [[TCP]] or port used (see above), you can filter on that one.
Line 55: Line 55:
["IETF"] Charters: [[IETF]] Charters:
Line 57: Line 57:
 * [http://www.ietf.org/html.charters/sip-charter.html SIP] ''Session Initiation Protocol (sip)''
 * [http://www.ietf.org/html.charters/sipping-charter.html SIPPING] ''Session Initiation Proposal Investigation (sipping)''
 * [http://blog.eukhost.com/2006/11/13/sip-session-initiation-protocol SIP] ''More info on Session Initiation Protocol(SIP)''
 * [[http://www.ietf.org/html.charters/sip-charter.html|SIP]] ''Session Initiation Protocol (sip)''
 * [[http://www.ietf.org/html.charters/sipping-charter.html|SIPPING]] ''Session Initiation Proposal Investigation (sipping)''
 * [[http://blog.eukhost.com/2006/11/13/sip-session-initiation-protocol|SIP]] ''More info on Session Initiation Protocol(SIP)''
Line 63: Line 63:
 * [http://www.ietf.org/rfc/rfc3261.txt?number=3261 RFC3261] ''SIP: Session Initiation Protocol''
 * [http://www.ietf.org/rfc/rfc3262.txt?number=3262 RFC3262] ''Reliability of Provisional Responses in the Session Initiation Protocol (SIP)''
 * [http://www.ietf.org/rfc/rfc3263.txt?number=3263 RFC3263] ''Session Initiation Protocol (SIP): Locating SIP Servers''
 * [[http://www.ietf.org/rfc/rfc3261.txt?number=3261|RFC3261]] ''SIP: Session Initiation Protocol''
 * [[http://www.ietf.org/rfc/rfc3262.txt?number=3262|RFC3262]] ''Reliability of Provisional Responses in the Session Initiation Protocol (SIP)''
 * [[http://www.ietf.org/rfc/rfc3263.txt?number=3263|RFC3263]] ''Session Initiation Protocol (SIP): Locating SIP Servers''
Line 69: Line 69:
 * [http://www.gnu.org/software/osip/osip.html osip] The GNU oSIP library
 * [http://sipp.sourceforge.net/ SIPp] "SIPp is a free Open Source test tool / traffic generator for the SIP protocol" (GPL)
 * [[http://www.gnu.org/software/osip/osip.html|osip]] The GNU oSIP library
 * [[http://sipp.sourceforge.net/|SIPp]] "SIPp is a free Open Source test tool / traffic generator for the SIP protocol" (GPL)

Session Initiation Protocol (SIP)

The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for sessions.

These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences. SIP can create, modify, and terminate sessions with one or more participants.

The SIP protocol is a member of the VOIPProtocolFamily.

History

XXX - add a brief description of SIP history

Protocol dependencies

  • SIP is commonly uses as its transport UDP (default port 5060), TCP (default port 5060) or TLS (default TCP port 5061). SIP signalling may also be compressed and delivered by Sigcomp

  • SIP is commonly used to establish media sessions, e.g. RTP/RTCP streams carrying audio or video data, where session details are commonly negociated using SDP offers/answers

  • PINTs and SPIRITS - Service interworking
  • Number resolution - TRIP and ENUM (IETF Charter for ENUM)

  • Seamless signaling - SIGTRAN and SIP-T

  • IMPP - Instant Messaging and Presence
  • SIMPLE - SIP for Instant Messaging and Presence Leveraging Extensions IETF Charter for SIMPLE

Example traffic

SIP.jpg

Wireshark

The SIP dissector is fully functional. You can also view SIP message statistics (Statistics | SIP...) or view SIP call flow graphs (Statistics | VoIP Calls)

Preference Settings

  • Display raw text for SIP message. Default OFF
  • Enforce strict SIP version check (SIP/2.0). Default ON
  • Reassemble SIP headers spanning multiple TCP segments. Default ON
  • Reassemble SIP bodies spanning multiple TCP segments. Default ON

Example capture file

SampleCaptures/aaa.pcap Sample SIP and RTP traffic.

Display Filter

A complete list of SIP display filter fields can be found in the display filter reference

  • Show only the SIP based traffic:

     sip 

Capture Filter

You cannot directly filter SIP protocols while capturing. However, if you know the UDP or TCP or port used (see above), you can filter on that one.

IETF Charters:

  • SIP Session Initiation Protocol (sip)

  • SIPPING Session Initiation Proposal Investigation (sipping)

  • SIP More info on Session Initiation Protocol(SIP)

RFC:

  • RFC3261 SIP: Session Initiation Protocol

  • RFC3262 Reliability of Provisional Responses in the Session Initiation Protocol (SIP)

  • RFC3263 Session Initiation Protocol (SIP): Locating SIP Servers

Implementations:

  • osip The GNU oSIP library

  • SIPp "SIPp is a free Open Source test tool / traffic generator for the SIP protocol" (GPL)

Discussion

SIP (last edited 2008-08-14 18:52:55 by GeraldCombs)