Call Packet Tracking (SIP)
By Ignat Kononov on 2021-05-26
Contents
Case one: A calls B, B answers, B hangs up.
Case two: A calls wrong-form number.
Case three: A calls non-existed number
Case four: A calls, B doesn’t answer.
Prerequisites
CentOs 7 server with ASTPP.
In order to install ASTPP, this document must be followed from the beginning till the end: https://docs.switzernet.com/3/public/210311-astpp-instalation/
Call Packet Tracking (SIP)
How to ngrep on freeswitch: https://docs.switzernet.com/3/public/210312-ngrep-on-freeswitch/
List of SIP Response Codes: https://en.wikipedia.org/wiki/List_of_SIP_response_codes
List of SIP Request Codes: https://en.wikipedia.org/wiki/Session_Initiation_Protocol#Requests
Case one: A calls B, B answers, B hangs up.
Call log in ASTPP GUI:
Ngrep conf:
First log:
213.145.5.138 (A IP) sends to 151.80.57.157 (server IP) by port 5060 SIP INVITE request via TPC to communicate sip:7843973936(account number B) with sip:8620826254 (A account number).
SDP message (further in the document will not focus on SDP messages).
What is SDP: https://www.3cx.com/pbx/sdp/, https://en.wikipedia.org/wiki/Session_Description_Protocol
151.80.57.157 (server IP) sends 213.145.5.138 (A IP) a SIP response 100 TRYING.
Server requests from A authorization information for proxy.
213.145.5.138 (A IP) sends INVITE to server again with authorization information. About Double INVITE sending case read below: link.
Server send 180 Ringing response to A, confirming that the destination user agent received INVITE.
Server send A 200 OK, confirming connection, and start the session.
After 5 sec B hangs up, server notifies about it A and A sends 200 OK as confirmation.
Full text log of the session: 2.txt
Case two: A calls wrong-form number
A calls random character set.
Invasion and proxy request procedure same as case one, but after 100 TRYING the server sends a 404 NOT FOUND response. After session ends.
Full text log of the session: 3.txt
Case three: A calls non-existed number
A calls number that is not in the database.
Invasion and proxy request procedure same
as case one, but instead of 180 ringing there is 480
Temporarily Unavailable response. After session ends.
Full text log of the session: 4.txt
Case four: A calls, B doesn’t answer
Invasion and proxy request procedure same as case one, but 1m after 180 RINGING server send 200 OK to A and reads out automatic voice response. After session ends.
Full text log of the session: 5.txt
Case five: A calls, B decline
Invasion and proxy request procedure same as case one. After 180 RINGING, when B rejects, the server sends 200 OK to A and reads out automatic voice response. After session ends.
Full text log of the session: 6.txt
Double INVITE sending
There are two invites at the beginning of a SIP session. It must be done in a way not to reveal the password, because someone in the middle of the routing with ngrep can see the passwords.
Instead of asking the phone to send the password, the server is sending to the phone a random number, like 11223378 and asks it to stick the password to that random number, 11223378-abcdpwd (where abcdpwd is the password) and send him back the MD5 checksum of the obtained string. The server does the same on its side.
If what you further return to the server is the same what it computed, it concludes that you know the password.
End of document
***
© 4z.com