As we learned in the previous recipe, SIP (RFC 3261 and various extensions) is a signaling protocol that is used for creating, modifying, and terminating user sessions between one or more participants. While sending SIP requests, the session parameters are sent via SDP (SDP, RFC 4566) which enable users to agree on a set of compatible media types between them. When sessions are created, the voice or video is carried by RTP and optionally controlled by RTCP (RTCP is optional, and can be used by multimedia applications, but it is not a mandatory protocol).
SIP defines endpoints as User Agents (UAs), and the process of creating a session involves UA negotiation in order to agree on a characterization of a session that they would like to create. For additional services such as locating session participants, registration, call forwarding, and others, SIP defines network hosts called servers to which UAs can send registrations, invitations to sessions, and other requests.
In this recipe, we will discuss the signaling part of the protocol suite, which is SIP, and how to use Wireshark in order to troubleshoot signaling problems, while in the next recipe, we will learn about RTP and RTCP.
Problems in voice and video over IP can be categorized in to two groups:
In this recipe, we will discuss the first type, and in the next recipe the second type.
While facing problems of the first type, in most of the cases you are having signaling problems. Connect the Wireshark to the network, and follow the steps in this recipe in order to solve it.
We have two major types of messages in SIP: methods and responses. Methods are commands initiated by one side of the session, and responses are generated as a reply.
While troubleshooting an SIP session, keep track of the responses and what they say. Only the major types are brought here.
After you've connected Wireshark to the network, follow these steps:
The Graph Analysis window is shown for reference as follows:
Don't forget that SIP works over UDP, and since UDP does not open any connection to the other side before sending the request, it can be possible that a request will not arrive to the destination simply because of a network-reachability problem. For this reason, when you don't get a response, it can be that INVITE simply didn't get to the destination because of a network problem.
The 1xx codes or provisional/informational codes are those where the received request is still in process, and the receiver notifies the sender about it. They are described in detail in the following table:
Code |
Event Name |
Reason |
---|---|---|
100 |
Trying |
The request has been received and accepted by the server, and an action is being taken for this call. |
180 |
Ringing |
The UA that received the call is alerting the end user. This is the message that is sent back to the client while doing so. |
181 |
Call forward |
The call is being forwarded to another destination. |
182 |
Queued |
The called party is temporarily unavailable, and the server saves the message for later delivery. |
183 |
Session progress |
The session is being handled by the receiving server. Additional details on the call progress can be conveyed in the message header. |
The 2xx codes or the success codes indicate that the action was successfully received, understood, and accepted. They are described in detail in the following table:
The 3xx codes indicate that a redirection action needs to be taken in order to complete the request. They are described in detail in the following table:
Code |
Event Name |
Reason |
---|---|---|
300 |
Multiple choices |
The address in the request was resolved to several choices, and the accepting server can forward it to one of them. The UA can use the addresses in the contact header field for automatic redirection, or confirm it with the sender before redirecting the message. |
301 |
Moved permanently |
The user could not be located at the address in the Request-URI, and the requesting client should try at the address provided in the contact header field. The sender should update its local directories with the change. |
302 |
Moved temporarily |
The requesting client should retry the request at the new address/addresses provided in the contact header field. |
305 |
Use proxy |
The requested resource must be accessed through the proxy, whose address is given by the contact field. |
380 |
Alternative service |
The call was not successful, so the recipient sends this response for alternative services to be made available on the receiver. These services are described in the message body. |
The 4xx codes or client error indicate that the request contains bad syntax or cannot be fulfilled in this server. They are described in detail in the following table:
The 5xx codes or server error codes indicate that the server failed to fulfill an apparently valid request. They are described in detail in the following table:
Code |
Event Name |
Reason |
---|---|---|
500 |
Server internal error |
An unexpected condition prevented the server from fulfilling the request. |
501 |
Not implemented |
The functionality that requested to fulfill the request is not supported by the server. |
502 |
Bad gateway |
A gateway or proxy received an invalid response from the downstream server it accessed while attempting to fulfill the request. |
503 |
Service unavailable |
The server is temporarily unable to process the request due to temporary overloading or maintenance of the server. |
504 |
Server time out |
The server processing the request has sent the request to another server in order to process it, and the response did not arrive on time. |
505 |
Version not supported |
The server does not support the SIP protocol version that is used in the request. |
513 |
Message too large |
The server was unable to process the request since the message length is too long. |
The 6xx codes or global failure codes indicate that the request cannot be fulfilled at any server. They are described in detail in the following table:
SIP is an application-layer control protocol that is used to establish, maintain, and terminate calls between two or more end nodes.
SIP defines two basic classes of network entities—clients and servers:
For connectivity to other network types, we have gateways. A gateway connects between SIP and Public Switched Telephone Networks (PSTN), or SIP and H.323.
As illustrated in the following diagram, a client is made of User Agent Client (UAC) and User Agent Server (UAS), and each client can initiate or respond to requests.
SIP servers can be of various types:
In the following diagram, you see how they all fit together:
An IP phone registers to the registrar (1). The registrar checks with the organization server (2), and if it's all OK, it sends an SIP request to the provider's proxy (3). The provider's proxy checks with the DNS server for the IP address of the requested client's domain (4), and then it forwards the requests to the destination proxy (5). The destination proxy sees that the client is not in its place and checks with the location server for its location (6). When found, the SIP request is forwarded to the destination client (7). The destination client confirms the acceptance of the request to the sender (8). When all is okay, an RTP session is opened on the UDP ports described in SDP when opening the session (9).
The SIP message is built as you see in the following diagram:
The first part is the Request line in which we have:
The second part is Message Header, in which we have:
When debugging a phone call, first filter the call with the Call-ID parameter. To do so, you can do one of the following:
When debugging an SIP trunk that is signaling between IP PBXs, try to figure out whether there is there a specific call that doesn't work or whether all calls have the same problem.
To troubleshoot VoIP calls, the best way is to read the SIP messages. They will tell you what to do.
18.189.43.211