VoIP security is a fairly complex topic, rife with acronyms, competing solutions, and enough implementation challenges to make any administrator pull their hair out. Originally posted 21:16:44.Hacking VoIP: Decrypting SDES Protected SRTP Phone Calls The Call-ID indicates which call needs to end and since it is a new signaling request (end the call) the From and To fields are set by this message but they remain consistent on the final ACK. Message indicating that it is time to finish the call with code 16 (Normal Call Clearing). 6 – 430 | RTP | Audio stream(s)įor this capture, the audio stream only flows in one direction ( test -> sipp) since the first one identified itself as “sendonly” and the latter as “recvonly” but often you will see a bidirectional communication like on the second example where both endpoints identify themselves as “sendrecv” (check SIP_CALL_RTP_G711). Please notice that the From and To fields did NOT change -this is normal- they get set on the initial INVITE and they will remain unaltered while the call it is being establish. This message is a confirmation that the call can be establish and codec preference (G.711) and audio port (27942) are also shared. 4 | SIP/SDP | 200 OK message from test to sipp Not much going on here, just an acknowledgement that the previous INVITE message was received, and it is being processed. 2 | SIP | 100 Trying message from test to sipp It is interesting to notice that sipp specifies that it will NOT send audio (recvonly). This is an early offer message because it includes the media information indicating codec preference (G.711) and audio port (6000).
1 | SIP/SDP | INVITE message from sipp (calling party) to test (called party) Prepare Filter will display only the SIP and RTP messages related with the selected call and it is time to get our hand dirty! Go to Telephony > VoIP Calls and select the desired call.įlow Sequence and Play Streams are shown below, and they provide a quick overview of what happened with the call. Now that we know how does a normal call should look, let’s see it how to find all the same pieces using WireShark – For this example I’m using the sip-rtp-g711.pcap file under WireShark SampleCaptures. Most calls involve two streams one for each endpoint allowing bidirectional communication.Ī common SIP call flow between two parties looks something like the image below: Real Time Protocol (RTP) is an application layer protocol used for real-time streaming of audio and video data.
In other words, it helps establishing the who, where and what of the call. Session Initiation Protocol (SIP) is the control protocol. I lot happens in the background when you pick up a handset and call someone with two leading the party – SIP and RTP.
0 kommentar(er)
