This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.

Unified Networks IP Stimulus (UNIStim)

Unistim is a Nortel proprietary VOIP protocol. It is a lower level protocol than ["SIP"] or most other VOIP protocols. It's important to always think of the phone as a very dumb terminal. Whereas with ["SIP"], the phone has a basic understanding of a phone call,in Unistim the phone knows how to send key press events, display text, flash light, and stream audio. All intelligence is at the switch layer. Like ["SIP"] Unistim does use ["RTP"] as its audio transport. Unistim has a couple layers to it. Unistim

Nortel's RUDP:

In a nutshell every payload packet sent from either the switch or the phone has a sequence id. The receiver of the packet must send an ACK back with the sequence id. If the equipment is expecting id 1000 and instead receives 1004 it would send a NAK on packet 1000 and the sender would have to resend all packets beginning with 1000. 0xFFFFFFFF has special significance as a sequence number. When a phone starts up it would send 0xFFFFFFFF which the switch would then NAK, except the sequence number of the NAK would be the sequence number the switch wants the phone to use as a starting point. Also if the switch fails over to the backup it would use the 0xFFFFFFFF to signal the phone that a fail-over has occurred and the phone should take appropriate action.

History

It is my understanding that Unistim is basically an ["IP"] adaptation of Nortel's DMS protocol.

Protocol dependencies

Example traffic

Example of multiple commands comming from the switch: attachment:cmd_array_from_switch.gif Example of phone sending key press event showing terminal id: attachment:phone_cmd.gif

Wireshark

The Unistim dissector is partially functional. Nortel has published a pdf which describes the protocol, but as I have been writing the dissector I have discovered several discrepancies. Some were decipherable but some weren't. There are a few commands which transmit either icon bitmaps or font descriptions which I have chosen to display as hex data.

Preference Settings

None at this time

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of PROTO display filter fields can be found in the [http://www.wireshark.org/docs/dfref/protofirstletter/proto.html display filter reference]

Capture Filter

You cannot directly filter PROTO protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

Discussion