This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 22 and 23
Revision 22 as of 2008-04-12 17:50:31
Size: 3353
Editor: localhost
Comment: converted to 1.6 markup
Revision 23 as of 2008-07-23 16:12:12
Size: 3361
Editor: GeraldCombs
Comment: Force "get" instead of "view" for attachments.
Deletions are marked like this. Additions are marked like this.
Line 41: Line 41:
[[attachment:SampleCaptures/aaa.pcap]] Sample SIP and RTP traffic. [[attachment:SampleCaptures/aaa.pcap||&do=ge]] Sample SIP and RTP traffic.

Session Initiation Protocol (SIP)

The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for sessions.

These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences. SIP can create, modify, and terminate sessions with one or more participants.

The SIP protocol is a member of the VOIPProtocolFamily.

History

XXX - add a brief description of SIP history

Protocol dependencies

  • SIP is commonly uses as its transport UDP (default port 5060), TCP (default port 5060) or TLS (default TCP port 5061). SIP signalling may also be compressed and delivered by Sigcomp

  • SIP is commonly used to establish media sessions, e.g. RTP/RTCP streams carrying audio or video data, where session details are commonly negociated using SDP offers/answers

  • PINTs and SPIRITS - Service interworking
  • Number resolution - TRIP and ENUM (IETF Charter for ENUM)

  • Seamless signaling - SIGTRAN and SIP-T

  • IMPP - Instant Messaging and Presence
  • SIMPLE - SIP for Instant Messaging and Presence Leveraging Extensions IETF Charter for SIMPLE

Example traffic

SIP.jpg

Wireshark

The SIP dissector is fully functional. You can also view SIP message statistics (Statistics | SIP...) or view SIP call flow graphs (Statistics | VoIP Calls)

Preference Settings

  • Display raw text for SIP message. Default OFF
  • Enforce strict SIP version check (SIP/2.0). Default ON
  • Reassemble SIP headers spanning multiple TCP segments. Default ON
  • Reassemble SIP bodies spanning multiple TCP segments. Default ON

Example capture file

SampleCaptures/aaa.pcap Sample SIP and RTP traffic.

Display Filter

A complete list of SIP display filter fields can be found in the display filter reference

  • Show only the SIP based traffic:

     sip 

Capture Filter

You cannot directly filter SIP protocols while capturing. However, if you know the UDP or TCP or port used (see above), you can filter on that one.

IETF Charters:

  • SIP Session Initiation Protocol (sip)

  • SIPPING Session Initiation Proposal Investigation (sipping)

  • SIP More info on Session Initiation Protocol(SIP)

RFC:

  • RFC3261 SIP: Session Initiation Protocol

  • RFC3262 Reliability of Provisional Responses in the Session Initiation Protocol (SIP)

  • RFC3263 Session Initiation Protocol (SIP): Locating SIP Servers

Implementations:

  • osip The GNU oSIP library

  • SIPp "SIPp is a free Open Source test tool / traffic generator for the SIP protocol" (GPL)

Discussion

SIP (last edited 2008-08-14 18:52:55 by GeraldCombs)