First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Where is the fault in this SIP flow?

  • retag add tags

I captured the flow of SIP packets between my router and the SIP registrar, to find out why my telephone is occasionally unable to make and receive calls.

I discovered, that the SIP registration is not renewed correctly at one point, shortly before the telephone is "dead".

However, I am unsure where the actual fault is located, because there seem to be multiple network actors involved.

  • There is the registrar named sip.alice-voip.de with IP address 62.53.223.131.
  • There an IP address 93.129.234.136, which is the router if I am not mistaken.
  • There is an unknown actor 2.57.121.124, which sends a SIP OPTIONS request, the purpose of which is unclear to me in this context. However it could be a security mechanism somewhere in the network, as the request contains headers related to the Sipvicious software. The actor appears only once in the whole capture. However other IP addresses repeat the same request later in time.
  • There is an another unknown actor 51.159.93.41, which sends a wrong SIP REGISTER request and appears only once in the whole capture. It occured to me that since the highlighted SIP REGISTER request comes from outside to my router (which is not a registrar) the router should just ignore it and continue with its registrar. Is it safe to assume that there is a bug in the router that prevents that?

Wireshark Capture of SIP Flow with Sipvicious OPTIONS packet selected

Wireshark Capture of SIP Flow with faulty REGISTER packet selected

I am not experienced in this kind of analysis, but I read about how SIP is supposed to work, and would be happy to learn how to find the faulty actor in such a case. I hope this is a good place to ask.

mskr's avatar
1
mskr
asked 2024-02-19 01:01:27 +0000, updated 2024-02-19 01:01:51 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Based on the screenshots the VOIP Provider disconnects the phone at 13:13:54 with the BYE message. And you sofphone is OK with that. But it occurs directly after another REGISTER action from you which is not expected at al.

All the OPTION packets after that are just the usual "Let's see if we can mess up and enter" packets that internet is full of.

So see why your (soft)phone is loosing the connection without a packet to show for it. The error is on your end based on the limited data available.

hugo.vanderkooij's avatar
76
hugo.vanderkooij
answered 2024-02-19 10:45:44 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you for clarifying. I will try to find out more. However it will be difficult, because I do not have control over the router, which is a Speedport Smart 3 by Deutsche Telekom.

mskr's avatar mskr (2024-02-19 12:11:11 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer