SIP协议-网络抓包分析与实战

1:最近集团要新建一套全司视频会议系统,目前在搭建和调试测试环境,期间遇到很多问题,最终查出来还是出在网络F5 BIG/IP LC链路负载均衡设备和安全设备IPS入侵检测上,SIP协议没打开,还有把UDP包拦截。测试环境网络环境比较复杂,尤其涉及到跨站点。由于视频会议使用的sip协议,在排查问题的过程中需要对SIP协议理解。

  SIP协议多用在多媒体通讯,比如网络电话,语音,视频会议。为了对SIP协议有一个更深的认识,我们在测试环境模拟SIP注册;SIP注销;SIP呼叫发起,建立和释放过程,通过本地终端抓包来分析其通讯过程。测试环境采用的是华为视频会议:SMC(成都)+SC(成都)+MCU(在上海)架构,内网终端(上海),公网手机终端(外网),架构如下,为了保密,此次IP前两位隐藏。

SIP协议-网络抓包分析与实战_第1张图片

2:SIP协议涉及到的消息类型

请求消息:

SIP协议-网络抓包分析与实战_第2张图片

对应的网络包消息体格式:

SIP协议-网络抓包分析与实战_第3张图片

响应消息:

SIP协议-网络抓包分析与实战_第4张图片

对应的网络包消息体格式:

SIP协议-网络抓包分析与实战_第5张图片

3:通过上面的内容,对于SIP应该有了一个更深的认识,那么,拿出wireshark开始抓包吧,涉及的相关IP部分隐藏。

  •  注册。启动抓包,然后打开视频客户端,发起一个注册请求,然后停止抓包。

    SIP协议-网络抓包分析与实战_第6张图片

视频客户端发起注册请求,也就是register消息:

****************************

REGISTER sip:*.*.24.127 SIP/2.0 //命令名,对端注册服务器URL,SIP协议版本

Via: SIP/2.0/UDP *.*.105.87:5060;branch=z9hG4bK092xw3589ww02w3z092xw358j

//协议类型/版本/传输类型udp,客户端地址,传输标识;传输类型有UDP,TCP,TLS,

Call-ID: Mn8yywwVdu4uaD1BoPuNQox9Q6DGAjUTY5AG0eEKXSAw //呼叫唯一标识

From: <sip:21001@*.*.24.127>;tag=2ucxu2u8 //注册消息的起始和目地地址一样

To: <sip:21001@*.*.24.127>  //注册消息的起始和目地地址一样

CSeq: 1 REGISTER

Contact: <sip:21001@*.*.105.87:5060;transport=udp>;expires=600

Expires: 600

Supported: eUA

Max-Forwards: 70

User-Agent: Huawei TE Desktop V3.2.0.152 //视频终端类型及版本

Allow: MESSAGE,REFER,INFO,NOTIFY,SUBSCRIBE,UPDATE,PRACK,PUBLISH,CANCEL,BYE,OPTIONS,ACK,INVITE //可以执行的命令类型,该版本可以执行更多的命令

Content-Length: 0

***************************

视频客户端收到的响应消息,

***************************

SIP/2.0 200 OK  //200标识成功

Via: SIP/2.0/UDP *.*.105.87:5060;branch=z9hG4bK092xw3589ww02w3z092xw358j

Call-ID: Mn8yywwVdu4uaD1BoPuNQox9Q6DGAjUTY5AG0eEKXSAw

From: <sip:21001@*.*.24.127>;tag=2ucxu2u8  

To: <sip:21001@*.*.24.127>;tag=c4dqqchd

CSeq: 1 REGISTER

Contact: <sip:21001@*.*.105.87:5060>;q=1.0;expires=300

Content-Length: 0

***************************

  • 呼叫。登陆两个视频终端,启动抓包,然后进行拨打测试,接通后挂机,停止抓包。

SIP协议-网络抓包分析与实战_第7张图片

视频终端发起呼叫,使用INVITE消息

****************************

SIP协议-网络抓包分析与实战_第8张图片

INVITE sip:21003@*.*.24.127 SIP/2.0

//命令类型:INVITE,目标地址21003,SIP协议,版本2.0

Via: SIP/2.0/UDP *.*.105.87:5060;branch=z9hG4bKhn0d81a80ji8klxijhln0xfig

Call-ID: QDgFXK8RabtWdJS00sPCgDc6ASrg0tfNy551qQSEqTIw

From: <sip:21001@*.*.24.127>;tag=1ix0kn0h //发起方

To: <sip:21003@*.*.24.127> //被叫方

CSeq: 1 INVITE

Contact: <sip:21001@*.*.105.87:5060;transport=udp>

Supported: 100rel,replaces,timer

Session-Expires: 180;refresher=uac

Max-Forwards: 70

User-Agent: Huawei TE Desktop V3.2.0.152

Allow: MESSAGE,REFER,INFO,NOTIFY,SUBSCRIBE,UPDATE,PRACK,PUBLISH,CANCEL,BYE,OPTIONS,ACK,INVITE

Content-Length: 2244

Content-Type: application/sdp

//以下为SDP 消息体信息,主要是一些音频,视频流格式,编码,采样率等*******

v=0

o=huawei 23293 2 IN IP4 *.*.105.87

s=-

c=IN IP4 *.*.105.87

b=CT:2048

t=0 0

m=audio 10002 RTP/AVP 9 8 0 98 18 97 121

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:Lz9zQCFId1hBUG4tUEMnekcvc0ltRG1DUUojYy8+|2^31

a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:RUBxMmtFTXhmXVE9R2JmNDgwNFMwPCdLeWRVITMr|2^31

a=rtpmap:9 G722/16000

a=rtpmap:8 PCMA/8000

a=rtpmap:0 PCMU/8000

a=rtpmap:98 iLBC/8000

a=fmtp:98 mode=30

a=rtpmap:18 G729/8000

a=rtpmap:97 telephone-event/8000

a=fmtp:97 0-15

a=rtpmap:121 red/16000

a=fmtp:121 0

a=sendrecv

a=ptime:20

m=video 10004 RTP/AVP 105 106 107 108

b=AS:2048

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VEtgTDczaHBtL0NaS1pKbDBdRiwsIWtjcihIezlH|2^31

a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:Sn1SZX1XLTcqNmFOdTQiQS1CMXBfZjRROHwuNmRg|2^31

a=rtpmap:105 H264/90000

a=fmtp:105 profile-level-id=428028;packetization-mode=1;level-asymmetry-allowed=1

a=rtpmap:106 H264/90000

a=fmtp:106 profile-level-id=428028;level-asymmetry-allowed=1

a=rtpmap:107 H264/90000

a=fmtp:107 profile-level-id=640028;packetization-mode=1;level-asymmetry-allowed=1

a=rtpmap:108 H264/90000

a=fmtp:108 profile-level-id=640028;level-asymmetry-allowed=1

a=sendrecv

a=rtcp-fb:* ccm fir

a=rtcp-fb:* ccm tmmbr

a=Huawei-Media-Engine

a=label:11

a=content:main

m=video 10006 RTP/AVP 105 106 107 108

b=AS:512

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VEtgTDczaHBtL0NaS1pKbDBdRiwsIWtjcihIezlH|2^31

a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:Sn1SZX1XLTcqNmFOdTQiQS1CMXBfZjRROHwuNmRg|2^31

a=rtpmap:105 H264/90000

a=fmtp:105 profile-level-id=42801F;packetization-mode=1;level-asymmetry-allowed=1;max-mbps=90000;max-fs=9000

a=rtpmap:106 H264/90000

a=fmtp:106 profile-level-id=42801F;level-asymmetry-allowed=1;max-mbps=90000;max-fs=9000

a=rtpmap:107 H264/90000

a=fmtp:107 profile-level-id=64001F;packetization-mode=1;level-asymmetry-allowed=1;max-mbps=90000;max-fs=9000

a=rtpmap:108 H264/90000

a=fmtp:108 profile-level-id=64001F;level-asymmetry-allowed=1;max-mbps=90000;max-fs=9000

a=sendrecv

a=content:slides

a=rtcp-fb:* ccm fir

a=rtcp-fb:* ccm tmmbr

a=Huawei-Media-Engine

a=label:12

m=application 5070 UDP/BFCP *

a=floorctrl:c-s

a=confid:2

a=floorid:2 mstrm:12

a=userid:50

a=setup:actpass

a=connection:new

//主叫方21001收到SC服务器发过来的Trying消息

***********************

SIP/2.0 100 Trying

Via: SIP/2.0/UDP *.*.105.87:5060;branch=z9hG4bKhn0d81a80ji8klxijhln0xfig

Call-ID: QDgFXK8RabtWdJS00sPCgDc6ASrg0tfNy551qQSEqTIw

From: <sip:21001@*.*.24.127>;tag=1ix0kn0h

To: <sip:21003@*.*.24.127>

CSeq: 1 INVITE

Content-Length: 0

//主叫方21001收到SC服务器发过来的被叫21003振铃消息,180 Ringing

***********************

SIP/2.0 180 Ringing

Via: SIP/2.0/UDP *.*.105.87:5060;branch=z9hG4bKhn0d81a80ji8klxijhln0xfig

Record-Route: <sip:*.*.24.127;lr;CtxId=0;X-HwB2bUaCookie=3426>

Call-ID: QDgFXK8RabtWdJS00sPCgDc6ASrg0tfNy551qQSEqTIw

From: <sip:21001@*.*.24.127>;tag=1ix0kn0h

To: <sip:21003@*.*.24.127>;tag=uuoo6kok

CSeq: 1 INVITE

User-Agent: Huawei TE Desktop V3.2.0.152

Contact: <sip:21003@*.*.24.127:5060;transport=udp>

Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,REGISTER,INFO,PRACK,SUBSCRIBE,NOTIFY,UPDATE,REFER

Content-Length: 0

//主叫方21001发出对21003的180 Ringing消息进行确认

**********************

SIP/2.0 200 OK

Via: SIP/2.0/UDP *.*.105.87:5060;branch=z9hG4bKhn0d81a80ji8klxijhln0xfig

Record-Route: <sip:*.*.24.127;lr;CtxId=0;X-HwB2bUaCookie=3426>

Call-ID: QDgFXK8RabtWdJS00sPCgDc6ASrg0tfNy551qQSEqTIw

From: <sip:21001@*.*.24.127>;tag=1ix0kn0h

To: <sip:21003@*.*.24.127>;tag=uuoo6kok

CSeq: 1 INVITE

User-Agent: Huawei TE Desktop V3.2.0.152

Contact: <sip:21003@*.*.24.127:5060;transport=udp>

Supported: replaces,timer

Require: timer

Session-Expires: 180;refresher=uac

Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,REGISTER,INFO,PRACK,SUBSCRIBE,NOTIFY,UPDATE,REFER

Content-Length: 1983

Content-Type: application/sdp

//以下为SDP 消息体信息,主要是一些音频,视频流格式,编码,采样率等*******

v=0

o=huawei 23293 3 IN IP4 *.*.45.226

s=-

c=IN IP4 *.*.45.226

b=CT:2048

t=0 0

m=audio 10002 RTP/SAVP 9 8 0 98 18 97 121

a=rtpmap:9 G722/16000

a=rtpmap:8 PCMA/8000

a=rtpmap:0 PCMU/8000

a=rtpmap:98 iLBC/8000

a=fmtp:98 mode=30

a=rtpmap:18 G729/8000

a=rtpmap:97 telephone-event/8000

a=fmtp:97 0-15

a=rtpmap:121 RED/16000

a=fmtp:121 0

a=ptime:20

a=sendrecv

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:Qj1kPzpYT0pCJihKQzM5KTU0LFNxXTRnZTxrP09E|2^31

m=video 10004 RTP/SAVP 105 106 107 108

b=AS:2048

a=rtpmap:105 H264/90000

a=fmtp:105 profile-level-id=428028;packetization-mode=1;level-asymmetry-allowed=1

a=rtpmap:106 H264/90000

a=fmtp:106 profile-level-id=428028;level-asymmetry-allowed=1

a=rtpmap:107 H264/90000

a=fmtp:107 profile-level-id=640028;packetization-mode=1;level-asymmetry-allowed=1

a=rtpmap:108 H264/90000

a=fmtp:108 profile-level-id=640028;level-asymmetry-allowed=1

a=content:main

a=rtcp-fb:* ccm fir

a=rtcp-fb:* ccm tmmbr

a=sendrecv

a=Huawei-Media-Engine

a=label:11

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:Lm9Lcywtc09Wc0F0QCZ1dGo9MUQiUktSLV1JJ01m|2^31

m=video 10006 RTP/SAVP 105 106 107 108

b=AS:512

a=rtpmap:105 H264/90000

a=fmtp:105 profile-level-id=42801F;packetization-mode=1;level-asymmetry-allowed=1;max-mbps=90000;max-fs=9000

a=rtpmap:106 H264/90000

a=fmtp:106 profile-level-id=42801F;level-asymmetry-allowed=1;max-mbps=90000;max-fs=9000

a=rtpmap:107 H264/90000

a=fmtp:107 profile-level-id=64001F;packetization-mode=1;level-asymmetry-allowed=1;max-mbps=90000;max-fs=9000

a=rtpmap:108 H264/90000

a=fmtp:108 profile-level-id=64001F;level-asymmetry-allowed=1;max-mbps=90000;max-fs=9000

a=content:slides

a=rtcp-fb:* ccm fir

a=rtcp-fb:* ccm tmmbr

a=sendrecv

a=Huawei-Media-Engine

a=label:12

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:Y2s5fD9BUj9qbVpdbVZ3ejp6bXpDTzY+YWM5KWpW|2^31

m=application 5070 UDP/BFCP *

a=floorctrl:s-only

a=confid:2

a=floorid:2 mstrm:12

a=userid:50

a=setup:passive

a=connection:new

//SIP通话前最后一步是主叫方确认 200 OK响应

*********************

ACK sip:21003@*.*.24.127:5060;transport=udp SIP/2.0

Via: SIP/2.0/UDP *.*.105.87:5060;branch=z9hG4bKdxfxiax0fj0d81a8l9gajxhgi

Route: <sip:*.*.24.127;lr;CtxId=0;X-HwB2bUaCookie=3426>

Call-ID: QDgFXK8RabtWdJS00sPCgDc6ASrg0tfNy551qQSEqTIw

From: <sip:21001@*.*.24.127>;tag=1ix0kn0h

To: <sip:21003@*.*.24.127>;tag=uuoo6kok

CSeq: 1 ACK

Max-Forwards: 70

Content-Length: 0

//21001主动结束通话,向21003发出BYE消息

********************

BYE sip:21003@*.*.24.127:5060;transport=udp SIP/2.0

Via: SIP/2.0/UDP *.*.105.87:5060;branch=z9hG4bK89gajxhgg1a1xkhjjfh0a9d09

Route: <sip:*.*.24.127:5060;lr;CtxId=0;X-HwB2bUaCookie=3426>

Call-ID: QDgFXK8RabtWdJS00sPCgDc6ASrg0tfNy551qQSEqTIw

From: <sip:21001@*.*.24.127>;tag=1ix0kn0h

To: <sip:21003@*.*.24.127>;tag=uuoo6kok

CSeq: 3 BYE

Max-Forwards: 70

Content-Length: 0

//收到SC服务器发过了的挂机确认消息,通话结束

*******************

SIP/2.0 200 OK

Via: SIP/2.0/UDP *.*.105.87:5060;branch=z9hG4bK89gajxhgg1a1xkhjjfh0a9d09

Call-ID: QDgFXK8RabtWdJS00sPCgDc6ASrg0tfNy551qQSEqTIw

From: <sip:21001@*.*.24.127>;tag=1ix0kn0h

To: <sip:21003@*.*.24.127>;tag=uuoo6kok

CSeq: 3 BYE

Content-Length: 0


  • 视频客户端退出,从下述抓的包来看,同样也是一个register消息,这里的expire为0

*********************

REGISTER sip:*.*.24.127 SIP/2.0

Via: SIP/2.0/UDP *.*.105.87:5060;branch=z9hG4bK23a7bvs97s5v7ehg4bb8bdbae

Call-ID: LPaKbaB1fux8GeuVu4gwWkKxZX4BdVHwWqZnZ8FhWMcw

From: <sip:21001@*.*.24.127>;tag=9ghe225d

To: <sip:21001@*.*.24.127>

CSeq: 2 REGISTER

Contact: <sip:21001@*.*.105.87:5060;transport=udp>;expires=0

Expires: 0

Supported: eUA

Max-Forwards: 70

User-Agent: Huawei TE Desktop V3.2.0.152

Allow: MESSAGE,REFER,INFO,NOTIFY,SUBSCRIBE,UPDATE,PRACK,PUBLISH,CANCEL,BYE,OPTIONS,ACK,INVITE

Content-Length: 0

//收到服务器的消息,退出成功

********************

SIP/2.0 200 OK

Via: SIP/2.0/UDP *.*.105.87:5060;branch=z9hG4bK23a7bvs97s5v7ehg4bb8bdbae

Call-ID: LPaKbaB1fux8GeuVu4gwWkKxZX4BdVHwWqZnZ8FhWMcw

From: <sip:21001@*.*.24.127>;tag=9ghe225d

To: <sip:21001@*.*.24.127>;tag=b4qegllf

CSeq: 2 REGISTER

Content-Length: 0


你可能感兴趣的:(网络,register,抓包)