This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 1 and 9 (spanning 8 versions)
Revision 1 as of 2007-06-20 20:20:54
Size: 2331
Editor: 216-230-81-92
Comment:
Revision 9 as of 2007-06-21 01:27:26
Size: 3696
Editor: c-24-98-203-127
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
Unistim is a Nortel proprietary VOIP protocol. It is a lower level protocol than ["SIP"] or most other VOIP protocols. It's important to always think of the phone as a very dumb terminal. Whereas with ["SIP"], the phone has a basic understanding of a phone call,in Unistim the phone knows how to send key press events, display text, flash light, and stream audio. All intelligence is at the switch layer. Like ["SIP"] Unistim does use ["RTP"] as its audio transport. Nortel has broken up the commands into 6 managers each having a set of phone initiated and switch initiated commands. The managers are Basic, Broadcast, Audio, Key/Indicator, Display, Broadcast.
Unistim general layout:
|| RUDP Sequence ID MSB||
|| ...||
|| ...||
|| RUDP Sequence ID LSB||
||ACK/NAK/Payload||
||Unistim/Unistim with Term id||
||Term ID MSB (if from phone)||
||...||
||...||
||Term ID LSB||
||CMD1 Address (Manager) msb 1=phone 0=switch||
||CMD1 Length includes address||
||CMD1 ID||
||if necessary additional data||
||...||
||CMD2 Address if applicable||
||CMD2 Length includes address||
||CMD2 ID||
||if necessary additional data||
||...||
Line 5: Line 27:
Unistim is a Nortel proprietary VOIP protocol. It is a lower level protocol than ["SIP"] or most other VOIP protocols. It's important to always think of the phone as a very dumb terminal. Whereas with ["SIP"], the phone has a basic understanding of a phone call,in Unistim the phone knows how to send key press events, display text, flash light, and stream audio. All intelligence is at the switch layer. Like ["SIP"] Unistim does use ["RTP"] as its audio transport.


==== Nortel's RUDP: ====
In a nutshell every payload packet sent from either the switch or the phone has a sequence id. The receiver of the packet must send an ACK back with the sequence id. If the equipment is expecting id 1000 and instead receives 1004 it would send a NAK on packet 1000 and the sender would have to resend all packets beginning with 1000. The phone and the switch have independent sequence numbers.

'''0xFFFFFFFF''' has special significance as a sequence number. When a phone starts up it would send '''0xFFFFFFFF''' which the switch would then NAK, except the sequence number of the NAK would be the sequence number the switch wants the phone to use as a starting point. Also if the switch fails over to the backup it would use the '''0xFFFFFFFF''' to signal the phone that a fail-over has occurred and the phone should take appropriate action.
Line 8: Line 36:
Line 12: Line 39:
 * ["UDP"]: Typically, UNIStim uses ["UDP"] as its transport protocol. The well known UDP port for UNISTIM traffic is 5000.
== Example traffic ==
=== Example of multiple commands comming from the switch: ===
attachment:cmd_array_from_switch.gif
Line 13: Line 44:
 * ["UDP"]: Typically, UNIStim uses ["UDP"] as its transport protocol. The well known UDP port for UNISTIM traffic is 5000.

== Example traffic ==

XXX - Add example decoded traffic for this protocol here (as plain text or Wireshark screenshot).
=== Example of phone sending key press event showing terminal id: ===
attachment:phone_cmd.gif
Line 20: Line 48:

The PROTO dissector is (fully functional, partially functional, not existing, ... whatever the current state is). Also add info of additional Wireshark features where appropriate, like special statistics of this protocol.
The Unistim dissector is partially functional. Nortel has published a pdf which describes the protocol, but as I have been writing the dissector I have discovered several discrepancies. Some were decipherable but some weren't. There are a few commands which transmit either icon bitmaps or font descriptions which I have chosen to display as hex data.
Line 24: Line 51:

(XXX add links to preference settings affecting how PROTO is dissected).
None at this time
Line 28: Line 54:
 * attachment:SampleCaptures/unistim_phone_startup.pcap
 * attachment:SampleCaptures/unistim-call.pcap
== Display Filter ==
A complete list of UNISTIM display filter fields can be found in the [http://www.wireshark.org/docs/dfref/protofirstletter/proto.html display filter reference]
Line 29: Line 59:
XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

 * attachment:SampleCaptures/PROTO.pcap

== Display Filter ==
A complete list of PROTO display filter fields can be found in the [http://www.wireshark.org/docs/dfref/protofirstletter/proto.html display filter reference]

 Show only the PROTO based traffic: {{{
 . Show only the UNISTIM based traffic:
 {{{
Line 38: Line 62:
Line 40: Line 63:
Line 43: Line 65:
 Capture only the PROTO traffic over the default port (80): {{{
 tcp port 80 }}}
 . Capture only the Unistim traffic over the default port (5000):
{{{
 udp port 5000}}}
Line 47: Line 69:

 * add link to PROTO specification and where to find additional info on the web about it, e.g.:
 * [http://www.ietf.org/rfc/rfc123.txt RFC 123] ''The RFC title'' - explanation of the RFC content.

Unified Networks IP Stimulus (UNIStim)

Unistim is a Nortel proprietary VOIP protocol. It is a lower level protocol than ["SIP"] or most other VOIP protocols. It's important to always think of the phone as a very dumb terminal. Whereas with ["SIP"], the phone has a basic understanding of a phone call,in Unistim the phone knows how to send key press events, display text, flash light, and stream audio. All intelligence is at the switch layer. Like ["SIP"] Unistim does use ["RTP"] as its audio transport. Nortel has broken up the commands into 6 managers each having a set of phone initiated and switch initiated commands. The managers are Basic, Broadcast, Audio, Key/Indicator, Display, Broadcast. Unistim general layout:

RUDP Sequence ID MSB

...

...

RUDP Sequence ID LSB

ACK/NAK/Payload

Unistim/Unistim with Term id

Term ID MSB (if from phone)

...

...

Term ID LSB

CMD1 Address (Manager) msb 1=phone 0=switch

CMD1 Length includes address

CMD1 ID

if necessary additional data

...

CMD2 Address if applicable

CMD2 Length includes address

CMD2 ID

if necessary additional data

...

Nortel's RUDP:

In a nutshell every payload packet sent from either the switch or the phone has a sequence id. The receiver of the packet must send an ACK back with the sequence id. If the equipment is expecting id 1000 and instead receives 1004 it would send a NAK on packet 1000 and the sender would have to resend all packets beginning with 1000. The phone and the switch have independent sequence numbers.

0xFFFFFFFF has special significance as a sequence number. When a phone starts up it would send 0xFFFFFFFF which the switch would then NAK, except the sequence number of the NAK would be the sequence number the switch wants the phone to use as a starting point. Also if the switch fails over to the backup it would use the 0xFFFFFFFF to signal the phone that a fail-over has occurred and the phone should take appropriate action.

History

It is my understanding that Unistim is basically an ["IP"] adaptation of Nortel's DMS protocol.

Protocol dependencies

  • ["UDP"]: Typically, UNIStim uses ["UDP"] as its transport protocol. The well known UDP port for UNISTIM traffic is 5000.

Example traffic

Example of multiple commands comming from the switch:

attachment:cmd_array_from_switch.gif

Example of phone sending key press event showing terminal id:

attachment:phone_cmd.gif

Wireshark

The Unistim dissector is partially functional. Nortel has published a pdf which describes the protocol, but as I have been writing the dissector I have discovered several discrepancies. Some were decipherable but some weren't. There are a few commands which transmit either icon bitmaps or font descriptions which I have chosen to display as hex data.

Preference Settings

None at this time

Example capture file

  • attachment:SampleCaptures/unistim_phone_startup.pcap
  • attachment:SampleCaptures/unistim-call.pcap

Display Filter

A complete list of UNISTIM display filter fields can be found in the [http://www.wireshark.org/docs/dfref/protofirstletter/proto.html display filter reference]

  • Show only the UNISTIM based traffic:
     unistim 

Capture Filter

You cannot directly filter PROTO protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

  • Capture only the Unistim traffic over the default port (5000):
     udp port 5000

Discussion

UNISTIM (last edited 2008-04-12 17:51:29 by localhost)