SIP Exercises

Background Info - The Scenario

In these exercises we have a network of several SIP servers, each responsible for its own domain and the
routing of SIP messages to and from users. The aye.net and bee.net servers are also running location services
and acting as registrars. Aye.net and bee.net can’t communicate directly but have to use the core.net domain
to reach each other.

core.net

aye.net bee.net

You will be given trace files recorded in this environment, and use Wireshark to analyze the signaling.
(One section in Exercise 4 will use a different lab environment.)

If you don’t have Wireshark installed on your computer, you can download it from wireshark.org.

SIP Exercises -1- May 2016

Exercise 1 – Basic SIP

Use the file “Exercise 1a.pcap” and “Exercise 1b.pcap” to answer these questions.

1.1) One of these files contain a registration and the other contains a phone call. Which is which?

_____________________________________________________________________________

1.2) What is the lowest value you can find in a Max-Forwards header?

_____________________________________________________________________________

1.3) Who is calling whom?

_____________________________________________________________________________

1.4) How many different SIP URIs can you find in these files?

_____________________________________________________________________________

1.5) How many dialogs can you find in these files?

_____________________________________________________________________________

1.6) How many transactions can you find in these files?

_____________________________________________________________________________

1.7) In the call, how can you tell which 200 OK is for the INVITE and which 200 OK is for the BYE?

_____________________________________________________________________________

1.8) In the call, how do the 200 OK messages know which route to follow to reach Alice’s phone? And are the routes
different for the two 200 OKs?

_____________________________________________________________________________

SIP Exercises -2- May 2016

Exercise 2 – Registration and Message

Use the file “Exercise 2a.pcap” and “Exercise 2b.pcap” to answer these questions.

2.1) In the registration file who registers, and to which IP address?

_____________________________________________________________________________

2.2) What is the expiration time for the registration?

_____________________________________________________________________________

2.3) What DNS records are being used in the registration file?

_____________________________________________________________________________

2.4) How many SIP proxies are there between Alice and Bob in the call?

_____________________________________________________________________________

2.5) Is record-route used? If so, are there more than one way to tell?

_____________________________________________________________________________

2.6) Look at the second INVITE – What makes it go to its destination in this particular hop?

_____________________________________________________________________________

2.7) Are we using strict or loose routing?

_____________________________________________________________________________

2.8) In the call, which two messages create a dialog and confirms that dialog, respectively?

_____________________________________________________________________________

SIP Exercises -3- May 2016

Exercise 3 – Session Management and State Handling

Use the file “Exercise 3a.pcap” to answer the first questions.

3.1) In this call, which codec is chosen? Can you find several ways to tell?

_____________________________________________________________________________

3.2) Is rtpmap used for all codecs in the SDP? If not, why?

_____________________________________________________________________________

3.3) Is one or several ports used for media? Which port number(s) are chosen?

_____________________________________________________________________________

Use the file “Exercise 3b.pcap” to answer this question.

3.4) What is different in the handling of the ACK in this file compared to the one above?

_____________________________________________________________________________

Use the file “Exercise 3c.pcap” to answer the following questions.

3.5) How many UAs are involved in this trace?

_____________________________________________________________________________

3.6) What is the term for what happens with Alice’s call to Bob?

_____________________________________________________________________________

3.7) What does Bob’s SIP proxy do after message number (leftmost column) 25?

_____________________________________________________________________________

3.8) In how many ways can you tell that these SIP proxies are stateful?

_____________________________________________________________________________

SIP Exercises -4- May 2016

Exercise 4 – Protocol Extensions and Security

Use the file “Exercise 4a.pcap” to answer the first questions. This scenario is NOT from the same environment
as the previous trace files.

4.1) How many proxies are between the A and B part of this call?

_____________________________________________________________________________

4.2) There are 14 SIP methods defined. How many of these does the A user agent NOT support? How can you tell?

_____________________________________________________________________________

4.3) Which SIP extensions are mentioned in this trace?

_____________________________________________________________________________

4.4) Can you see SIP messages that are used as a direct result of the use of a SIP extension? Which messages and
which extension?

_____________________________________________________________________________

4.5) Why do some responses from B to A follow different paths?

_____________________________________________________________________________

4.6) There exist quality of service negotiations in this trace. Where?

_____________________________________________________________________________

4.7) With which message could we say the the QoS negotiations are finished?

_____________________________________________________________________________

Use the file “Exercise 4b.pcap” to answer this question.

4.8) Where (message and header) can you find the security challenge and the security response?

_____________________________________________________________________________

SIP Exercises -5- May 2016

Exercise 5 – User Services

Use the file “Exercise 5a.pcap” to answer the first questions.

5.1) There are two ways to signal “Call Hold”, which is used in this trace?

_____________________________________________________________________________

5.2) There are re-INVITEs in this trace. How can you distinguish them from initial INVITE messages? Is there any fool-
proof way? What if you only saw one INVITE and no others – does your method still work?

_____________________________________________________________________________

Use the file “Exercise 5b.pcap” to answer these questions related to the “Presence” service.

5.3) What Request-URI's are we SUBSCRIBING to? (Which addresses?)

_____________________________________________________________________________

5.4) What events are we SUBSCRIBING for?

_____________________________________________________________________________

5.4) What Request-URI is the NOTIFY sent to? Where did we get this value? Where did we get the tag-values from?

_____________________________________________________________________________

Use the file “Exercise 5c.pcap” to answer these questions related to the Messaging service.

5.5) If you send several standalone MESSAGEs after each other, creating a chat-like session, are they sent within the
same dialog and/or transaction?

_____________________________________________________________________________

5.6) What MIME-format (Content-Type) is used for sending the actual instant message?

_____________________________________________________________________________

5.7) Some MESSAGEs don’t contain any text from Alice or Bob. They still serve a purpose in the messaging service,
though. What do you think they do?

_____________________________________________________________________________

5.8) Are we using Record-Routing for MESSAGEs?

_____________________________________________________________________________

Use the file “Exercise 5d.pcap” to answer this final Messaging question.

5.9) A call is established and then MESSAGEs are sent. Are the messages sent in-dialog or out-of-dialog? How do you
verify this?

_____________________________________________________________________________

SIP Exercises -6- May 2016