[SIPForum-discussion] Is it SIP?
Herve Jourdain
herve.jourdain at mstarsemi.com
Fri Jan 4 12:15:31 UTC 2008
Hi,
Sorry, I thought I had also replied to the group, but apparently not…
What I told Nora earlier today is that I thought it was a request indeed, and probably an OPTIONS request.
But that as TCP is flow-oriented, and not message-oriented like UDP, it’s possible that the beginning of the SIP message was sent in a previous TCP packet…
Because the only missing part is “method sp” (possibly “OPTIONS “), for the rest it looks like a request alright to me.
And not a response, because in the case of a response it would START by SIP/2.0, not END by SIP/2.0…
So probably the answer lies somewhere in the wireshark capture, before that point… :-)
Regards,
Herve
_____
From: Halit Sakca [mailto:sakcahalit at hotmail.com]
Sent: vendredi 4 janvier 2008 13:03
To: 雨 陈; group SIP; Jourdain Herve
Subject: RE: [SIPForum-discussion] Is it SIP?
Well I am not Herve but I would like to answer your question and my holiday is over mate :D
If you ask the method in this log I think it is a 200 OK because;
00c0 2e 30 2e 31 0d 0a 43 53 65 71 3a 20 34 33 35 33 .0.1..CSeq: 4353
00d0 35 20 4f 50 54 49 4f 4e 53 0d 0a 41 63 63 65 70 5 OPTIONS..Accep
On the other side some of the trace are related with TCP/IP and some of them are SIP.
"wireshark from PSTN of Guangdong"
I think this is not a PSTN ha? this is a Mediagateway or Mediagateway controller.
Hopefully it was useful.
Selamlar,
Halit Sakca
_____
Date: Fri, 4 Jan 2008 16:08:00 +0800
From: chen.yu26 at yahoo.com.cn
To: discussion at sipforum.org; herve.jourdain at mstarsemi.com
Subject: [SIPForum-discussion] Is it SIP?
Hi Herve,
How is your holiday? Could you tell me that whether the followed package is a SIP message and why ? I captured it by wireshark from PSTN of Guangdong. It seems have all the SIP elements, but the method…
Protocol Info
TCP 8899 > 3003 [PSH, ACK] Seq=2222 Ack=0 Win=65535 Len=287
Ethernet II, Src: Zhongxin_c0:00:ec (00:d0:d0:c0:00:ec), Dst: Intel_b1:ee:9d (00:0e:0c:b1:ee:9d)
Destination: Intel_b1:ee:9d (00:0e:0c:b1:ee:9d)
Address: Intel_b1:ee:9d (00:0e:0c:b1:ee:9d)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Zhongxin_c0:00:ec (00:d0:d0:c0:00:ec)
Address: Zhongxin_c0:00:ec (00:d0:d0:c0:00:ec)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.20.0.1 (172.20.0.1), Dst: 172.20.0.8 (172.20.0.8)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 327
Identification: 0xcc11 (52241)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x556e [correct]
[Good: True]
[Bad : False]
Source: 172.20.0.1 (172.20.0.1)
Destination: 172.20.0.8 (172.20.0.8)
Transmission Control Protocol, Src Port: 8899 (8899), Dst Port: 3003 (3003), Seq: 2222, Ack: 0, Len: 287
Source port: 8899 (8899)
Destination port: 3003 (3003)
Sequence number: 2222 (relative sequence number)
[Next sequence number: 2509 (relative sequence number)]
Acknowledgement number: 0 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x57d7 [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 151]
[The RTT to ACK the segment was: 0.000676000 seconds]
Data (287 bytes)
0000 31 37 32 2e 32 30 2e 33 2e 31 37 37 20 53 49 50 172.20.3.177 SIP
0010 2f 32 2e 30 0d 0a 56 69 61 3a 20 53 49 50 2f 32 /2.0..Via: SIP/2
0020 2e 30 2f 55 44 50 20 6f 6e 6c 69 6e 65 2d 74 65 .0/UDP online-te
0030 73 74 3a 35 30 36 31 3b 6d 61 64 64 72 3d 31 37 st:5061;maddr=17
0040 32 2e 32 30 2e 30 2e 31 3b 62 72 61 6e 63 68 3d 2.20.0.1;branch=
0050 33 65 62 31 32 32 30 31 2e 30 0d 0a 54 6f 3a 20 3eb12201.0..To:
0060 3c 73 69 70 3a 31 37 32 2e 32 30 2e 33 2e 31 37 <sip:172.20.3.17
0070 37 3e 0d 0a 46 72 6f 6d 3a 20 3c 73 69 70 3a 31 7>..From: <sip:1
0080 37 32 2e 32 30 2e 30 2e 31 3e 3b 74 61 67 3d 61 72.20.0.1>;tag=a
0090 63 31 34 30 30 30 31 2d 34 35 37 34 0d 0a 43 61 c140001-4574..Ca
00a0 6c 6c 2d 49 44 3a 20 34 32 61 36 37 61 66 61 2d ll-ID: 42a67afa-
00b0 30 30 30 33 2d 30 30 36 35 40 31 37 32 2e 32 30 0003-0065 at 172.20
00c0 2e 30 2e 31 0d 0a 43 53 65 71 3a 20 34 33 35 33 .0.1..CSeq: 4353
00d0 35 20 4f 50 54 49 4f 4e 53 0d 0a 41 63 63 65 70 5 OPTIONS..Accep
00e0 74 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 73 t: application/s
00f0 64 70 0d 0a 4d 61 78 2d 46 6f 72 77 61 72 64 73 dp..Max-Forwards
0100 3a 20 31 30 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 : 10..Content-Le
0110 6e 67 74 68 3a 20 30 0d 0a 0d 0a 00 00 af af ngth: 0........
look forward to your answer !
Nora
_____
<http://cn.mail.yahoo.com/gc/index.html?entry=5&souce=mail_mailletter_tagline> 雅虎邮箱传递新年祝福,个性贺卡送亲朋!
_____
Yeni nesil Windows Live Servisleri’ne şimdi ulaşın! Buraya tıkla! <http://get.live.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20080104/e4c69cee/attachment-0002.html>
More information about the discussion
mailing list