Skip to content

Ever Wondered What Actual VoIP DNS Queries and SIP Messages Look Like – Take a Look – Part 1 – English Protocol Decodes of a SIP Soft Client Registering To a SIP Sever

August 9, 2011

Part 1 English Protocol Decodes of a SIP Soft Client Registering To a SIP Sever

Have you ever wondered what an actual SIP registration looks like? What follows are protocol snap shots of some of the various DNS queries and registration messages that are exchanged between a Windows XP SIP VoIP soft client establishing communications with and then registering to a SIP Sever. The SIP server has the capabilities to act as a registrar, proxy or redirect server.

Below you will find various SIP Methods used such as Registration, Subscribe, Options, etc… This list of messages is certainly not the complete list of every message that was exchanged during the registration. It is a representative sampling to give the reader a flavor of what transpires when a SIP VoIP client, such as the X-Lite soft client I used, registers to a SIP server to establish its on-line presence.

I intend to publish a part 2 showing the actual calling (Invite) and answer, etc… with RTP video media packets. You should also expect to see some SDP messages. SDP is a protocol that defines the session end to end. So look forward to that post in the near future.

If you are interested in obtaining a copy of a word document of this post plus all of the decoded protocol trapped during this SIP registration then please contact me at ngntechtalk@gmail.com.

The Session Initiation Protocol (SIP) is an IETF-defined signaling protocol widely used for controlling communication sessions such as voice and video calls over Internet Protocol (IP). The protocol can be used for creating, modifying and terminating two-party (unicast) or multiparty (multicast) sessions consisting of one or several media streams. The modification can involve changing addresses or ports, inviting more participants, and adding or deleting media streams. Other applications include video conferencing, streaming multimedia distribution, instant messaging, presence information, file transfer and online games.

In November 2000, SIP was accepted as a 3GPP signaling protocol and permanent element of the IP Multimedia Subsystem (IMS) architecture for IP-based streaming multimedia services in cellular systems.

The SIP protocol is an Application Layer protocol designed to be independent of the underlying Transport Layer; it can run on Transmission Control Protocol (TCP), User Datagram Protocol (UDP), or Stream Control Transmission Protocol (SCTP). It is a text-based protocol, incorporating many elements of the Hypertext Transfer Protocol (HTTP) and the Simple Mail Transfer Protocol (SMTP). The decodes that follow are structured as if you were looking at the stack itself from the Ethernet frames to the application protocol such as SIP running on top of the stack.


 

Figure 1 – Showing Jack Brown Registered to SIP Server

 

Figure 2 – Showing Condensed  View of Protocol Frames 114 – 125

Click image to  enlarge

***********************************************************************

Shown below are frames 114 and 118 expanded. Frame 114 is a standard Domain Name System (DNS) SRV (Service Record query defined in RFC 2782). The SRV RR identifies the host(s) that will support particular services. Frame 118 is the response to that DNS query. DNS resides at the Application layer as does SIP within the IP stack.

Notice that in query Frame 114 immediately below, the field Domain Name System (query)is asking the question:

Questions: 1

Answer RRs: 0

Authority RRs: 0

Additional RRs: 0

Queries

_sip._udp.iptel.org: type SRV, class IN

Name: _sip._udp.iptel.org

Type: SRV (Service location)

Class: IN (0x0001)

and the answer-response is supplied in Frame 118:

Service: sip

Protocol: udp

Name: iptel.org

Type: SRV (Service location)

Class: IN (0x0001)

Time to live: 1 day

Data length: 21

Priority: 0

Weight: 0

Port: 5060

Target: sip.iptel.org

***********************************************************************

No.     Time        Source                Destination           Protocol Length Info    114 30.936629   192.168.0.12          76.85.229.110         DNS      79     Standard query SRV _sip._udp.iptel.org

 Frame 114: 79 bytes on wire (632 bits), 79 bytes captured (632 bits)

Arrival Time: Aug  8, 2011 15:23:01.780232000 Central Daylight Time

Epoch Time: 1312834981.780232000 seconds

[Time delta from previous captured frame: 0.229444000 seconds]

[Time delta from previous displayed frame: 0.229444000 seconds]

[Time since reference or first frame: 30.936629000 seconds]

Frame Number: 114

Frame Length: 79 bytes (632 bits)

Capture Length: 79 bytes (632 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:udp:dns]

Ethernet II, Src: Intel_e9:58:1c (00:03:47:e9:58:1c), Dst: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Destination: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Address: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Source: Intel_e9:58:1c (00:03:47:e9:58:1c)

Address: Intel_e9:58:1c (00:03:47:e9:58:1c)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol Version 4, Src: 192.168.0.12 (192.168.0.12), Dst: 76.85.229.110 (76.85.229.110)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0xa0 (DSCP 0x28: Class Selector 5; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

1010 00.. = Differentiated Services Codepoint: Class Selector 5 (0x28)

…. ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 65

Identification: 0x97ba (38842)

Flags: 0x00

0… …. = Reserved bit: Not set

.0.. …. = Don’t fragment: Not set

..0. …. = More fragments: Not set

Fragment offset: 0

Time to live: 128

Protocol: UDP (17)

Header checksum: 0xafd9 [correct]

[Good: True]

[Bad: False]

Source: 192.168.0.12 (192.168.0.12)

Destination: 76.85.229.110 (76.85.229.110)

User Datagram Protocol, Src Port: alphatech-lm (1653), Dst Port: domain (53)

Source port: alphatech-lm (1653)

Destination port: domain (53)

Length: 45

Checksum: 0xe69c [validation disabled]

[Good Checksum: False]

[Bad Checksum: False]

Domain Name System (query)

[Response In: 118]

Transaction ID: 0x0001

Flags: 0x0100 (Standard query)

0… …. …. …. = Response: Message is a query

.000 0… …. …. = Opcode: Standard query (0)

…. ..0. …. …. = Truncated: Message is not truncated

…. …1 …. …. = Recursion desired: Do query recursively

…. …. .0.. …. = Z: reserved (0)

…. …. …0 …. = Non-authenticated data: Unacceptable

Questions: 1

Answer RRs: 0

Authority RRs: 0

Additional RRs: 0

Queries

_sip._udp.iptel.org: type SRV, class IN

Name: _sip._udp.iptel.org

Type: SRV (Service location)

Class: IN (0x0001)

No.     Time        Source                Destination           Protocol Length Info    118 31.048093   76.85.229.110         192.168.0.12          DNS      112    Standard query response SRV 0 0 5060 sip.iptel.org

Frame 118: 112 bytes on wire (896 bits), 112 bytes captured (896 bits)

Arrival Time: Aug  8, 2011 15:23:01.891696000 Central Daylight Time

Epoch Time: 1312834981.891696000 seconds

[Time delta from previous captured frame: 0.038035000 seconds]

[Time delta from previous displayed frame: 0.038035000 seconds]

[Time since reference or first frame: 31.048093000 seconds]

Frame Number: 118

Frame Length: 112 bytes (896 bits)

Capture Length: 112 bytes (896 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:udp:dns]

Ethernet II, Src: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54), Dst: Intel_e9:58:1c (00:03:47:e9:58:1c)

Destination: Intel_e9:58:1c (00:03:47:e9:58:1c)

Address: Intel_e9:58:1c (00:03:47:e9:58:1c)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Source: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Address: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol Version 4, Src: 76.85.229.110 (76.85.229.110), Dst: 192.168.0.12 (192.168.0.12)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

0000 00.. = Differentiated Services Codepoint: Default (0x00)

…. ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 98

Identification: 0x54b1 (21681)

Flags: 0x02 (Don’t Fragment)

0… …. = Reserved bit: Not set

.1.. …. = Don’t fragment: Set

..0. …. = More fragments: Not set

Fragment offset: 0

Time to live: 247

Protocol: UDP (17)

Header checksum: 0x3c61 [correct]

[Good: True]

[Bad: False]

Source: 76.85.229.110 (76.85.229.110)

Destination: 192.168.0.12 (192.168.0.12)

User Datagram Protocol, Src Port: domain (53), Dst Port: alphatech-lm (1653)

Source port: domain (53)

Destination port: alphatech-lm (1653)

Length: 78

Checksum: 0xd8f5 [validation disabled]

[Good Checksum: False]

[Bad Checksum: False]

Domain Name System (response)

    [Request In: 114]

    [Time: 0.111464000 seconds]

    Transaction ID: 0x0001

Flags: 0x8180 (Standard query response, No error)

1… …. …. …. = Response: Message is a response

.000 0… …. …. = Opcode: Standard query (0)

…. .0.. …. …. = Authoritative: Server is not an authority for domain

…. ..0. …. …. = Truncated: Message is not truncated

…. …1 …. …. = Recursion desired: Do query recursively

…. …. 1… …. = Recursion available: Server can do recursive queries

…. …. .0.. …. = Z: reserved (0)

…. …. ..0. …. = Answer authenticated: Answer/authority portion was not authenticated by the server

…. …. …0 …. = Non-authenticated data: Unacceptable

…. …. …. 0000 = Reply code: No error (0)

Questions: 1

Answer RRs: 1

Authority RRs: 0

Additional RRs: 0

Queries

_sip._udp.iptel.org: type SRV, class IN

Name: _sip._udp.iptel.org

Type: SRV (Service location)

Class: IN (0x0001)

Answers

_sip._udp.iptel.org: type SRV, class IN, priority 0, weight 0, port 5060, target sip.iptel.org

Service: sip

Protocol: udp

Name: iptel.org

Type: SRV (Service location)

Class: IN (0x0001)

Time to live: 1 day

Data length: 21

Priority: 0

Weight: 0

Port: 5060

Target: sip.iptel.org

 
Figure 3 – SIP Frames 665 – 844


***********************************************************************

Frame 667 is one of the SIP Registration requests and is shown below. Notice the SIP Register Method and all the data, such as Contact uri info, that it contains that allow me to register. This information was manually populated by me in the VoIP soft client. I of course had to create an account and establish my credentials with the “cloud” SIP server before I could populate the soft client. This then allows me to  be able to register to that server and make VoIP multi-media SIP based calls, etc…

Frame 687 below is the 200 OK Ack back to frames 667 registration request.

***********************************************************************


No.     Time        Source                Destination           Protocol Length Info   667 118.806387  192.168.0.12          213.192.59.75         SIP      820    Request: REGISTER sip:iptel.org

Frame 667: 820 bytes on wire (6560 bits), 820 bytes captured (6560 bits)

Arrival Time: Aug  8, 2011 15:24:29.649990000 Central Daylight Time

Epoch Time: 1312835069.649990000 seconds

[Time delta from previous captured frame: 0.063589000 seconds]

[Time delta from previous displayed frame: 0.063589000 seconds]

[Time since reference or first frame: 118.806387000 seconds]

Frame Number: 667

Frame Length: 820 bytes (6560 bits)

Capture Length: 820 bytes (6560 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp:sip]

[Coloring Rule Name: TCP]

[Coloring Rule String: tcp]

Ethernet II, Src: Intel_e9:58:1c (00:03:47:e9:58:1c), Dst: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Destination: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Address: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Source: Intel_e9:58:1c (00:03:47:e9:58:1c)

Address: Intel_e9:58:1c (00:03:47:e9:58:1c)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol Version 4, Src: 192.168.0.12 (192.168.0.12), Dst: 213.192.59.75 (213.192.59.75)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

0000 00.. = Differentiated Services Codepoint: Default (0x00)

…. ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 806

Identification: 0x994a (39242)

Flags: 0x02 (Don’t Fragment)

0… …. = Reserved bit: Not set

.1.. …. = Don’t fragment: Set

..0. …. = More fragments: Not set

Fragment offset: 0

Time to live: 128

Protocol: TCP (6)

Header checksum: 0x8cc7 [correct]

[Good: True]

[Bad: False]

Source: 192.168.0.12 (192.168.0.12)

Destination: 213.192.59.75 (213.192.59.75)

Transmission Control Protocol, Src Port: sd-elmd (1681), Dst Port: sip (5060), Seq: 2112, Ack: 2138, Len: 766

Source port: sd-elmd (1681)

Destination port: sip (5060)

[Stream index: 60]

Sequence number: 2112    (relative sequence number)

[Next sequence number: 2878    (relative sequence number)]

Acknowledgement number: 2138    (relative ack number)

Header length: 20 bytes

Flags: 0x18 (PSH, ACK)

000. …. …. = Reserved: Not set

…0 …. …. = Nonce: Not set

…. 0… …. = Congestion Window Reduced (CWR): Not set

…. .0.. …. = ECN-Echo: Not set

…. ..0. …. = Urgent: Not set

…. …1 …. = Acknowledgement: Set

…. …. 1… = Push: Set

…. …. .0.. = Reset: Not set

…. …. ..0. = Syn: Not set

…. …. …0 = Fin: Not set

Window size value: 64916

[Calculated window size: 64916]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x50a8 [validation disabled]

[Good Checksum: False]

[Bad Checksum: False]

[SEQ/ACK analysis]

[Bytes in flight: 766]

Session Initiation Protocol

Request-Line: REGISTER sip:iptel.org SIP/2.0

Method: REGISTER

Request-URI: sip:iptel.org

Request-URI Host Part: iptel.org

[Resent Packet: False]

Message Header

Via: SIP/2.0/TCP 192.168.0.12:58764;branch=z9hG4bK-d8754z-af140406e25fba37-1—d8754z-;rport

Transport: TCP

Sent-by Address: 192.168.0.12

Sent-by port: 58764

Branch: z9hG4bK-d8754z-af140406e25fba37-1—d8754z-

RPort: rport

Max-Forwards: 70

Contact: <sip:jackearlbrown@76.92.229.122:1681;rinstance=eee68b244a5d3707;transport=TCP>

Contact-URI: sip:jackearlbrown@76.92.229.122:1681;rinstance=eee68b244a5d3707;transport=TCP

Contactt-URI User Part: jackearlbrown

Contact-URI Host Part: 76.92.229.122

Contact-URI Host Port: 1681

Contact parameter: rinstance=eee68b244a5d3707

Contact parameter: transport=TCP>

To: “Jack Brown”<sip:jackearlbrown@iptel.org>

SIP Display info: “Jack Brown”

SIP to address: sip:jackearlbrown@iptel.org

SIP to address User Part: jackearlbrown

SIP to address Host Part: iptel.org

From: “Jack Brown”<sip:jackearlbrown@iptel.org>;tag=293fa178

SIP Display info: “Jack Brown”

SIP from address: sip:jackearlbrown@iptel.org

SIP from address User Part: jackearlbrown

SIP from address Host Part: iptel.org

SIP tag: 293fa178

Call-ID: MDUxYmJjMTkwMWY3YmMyYWFiNzEwYTgzOGEzNmFhYTM.

CSeq: 4 REGISTER

Sequence Number: 4

Method: REGISTER

Expires: 3600

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO

User-Agent: X-Lite release 1100l stamp 47546

Authorization: Digest username=”jackearlbrown”,realm=”iptel.org”,nonce=”TkBF9E5ARep6NJnA0BWUosxtAAILng01″,uri=”sip:iptel.org”,response=”f65b583a53330e19757a352be4a50cbb”,algorithm=MD5

Authentication Scheme: Digest

username=”jackearlbrown”

realm=”iptel.org”

nonce=”TkBF9E5ARep6NJnA0BWUosxtAAILng01″

uri=”sip:iptel.org”

response=”f65b583a53330e19757a352be4a50cbb”

algorithm=MD5

Content-Length: 0


No.     Time        Source                Destination           Protocol Length Info  687 120.607717  213.192.59.75         192.168.0.12          SIP      856    Status: 200 OK    (1 bindings)

Frame 687: 856 bytes on wire (6848 bits), 856 bytes captured (6848 bits)

Arrival Time: Aug  8, 2011 15:24:31.451320000 Central Daylight Time

Epoch Time: 1312835071.451320000 seconds

[Time delta from previous captured frame: 0.155059000 seconds]

[Time delta from previous displayed frame: 0.155059000 seconds]

[Time since reference or first frame: 120.607717000 seconds]

Frame Number: 687

Frame Length: 856 bytes (6848 bits)

Capture Length: 856 bytes (6848 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp:sip]

[Coloring Rule Name: TCP]

[Coloring Rule String: tcp]

Ethernet II, Src: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54), Dst: Intel_e9:58:1c (00:03:47:e9:58:1c)

Destination: Intel_e9:58:1c (00:03:47:e9:58:1c)

Address: Intel_e9:58:1c (00:03:47:e9:58:1c)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Source: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Address: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol Version 4, Src: 213.192.59.75 (213.192.59.75), Dst: 192.168.0.12 (192.168.0.12)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

0000 00.. = Differentiated Services Codepoint: Default (0x00)

…. ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 842

Identification: 0xb7c2 (47042)

Flags: 0x02 (Don’t Fragment)

0… …. = Reserved bit: Not set

.1.. …. = Don’t fragment: Set

..0. …. = More fragments: Not set

Fragment offset: 0

Time to live: 46

Protocol: TCP (6)

Header checksum: 0xc02b [correct]

[Good: True]

[Bad: False]

Source: 213.192.59.75 (213.192.59.75)

Destination: 192.168.0.12 (192.168.0.12)

Transmission Control Protocol, Src Port: sip (5060), Dst Port: sd-elmd (1681), Seq: 2138, Ack: 2878, Len: 802

Source port: sip (5060)

Destination port: sd-elmd (1681)

[Stream index: 60]

Sequence number: 2138    (relative sequence number)

[Next sequence number: 2940    (relative sequence number)]

Acknowledgement number: 2878    (relative ack number)

Header length: 20 bytes

Flags: 0x18 (PSH, ACK)

000. …. …. = Reserved: Not set

…0 …. …. = Nonce: Not set

…. 0… …. = Congestion Window Reduced (CWR): Not set

…. .0.. …. = ECN-Echo: Not set

…. ..0. …. = Urgent: Not set

…. …1 …. = Acknowledgement: Set

…. …. 1… = Push: Set

…. …. .0.. = Reset: Not set

…. …. ..0. = Syn: Not set

…. …. …0 = Fin: Not set

Window size value: 11505

[Calculated window size: 11505]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x6d2f [validation disabled]

[Good Checksum: False]

[Bad Checksum: False]

    [SEQ/ACK analysis]

        [This is an ACK to the segment in frame: 667]

[The RTT to ACK the segment was: 1.801330000 seconds]

[Bytes in flight: 802]

Session Initiation Protocol

Status-Line: SIP/2.0 200 OK

Status-Code: 200

[Resent Packet: False]

Message Header

Via: SIP/2.0/TCP 192.168.0.12:58764;branch=z9hG4bK-d8754z-af140406e25fba37-1—d8754z-;rport=1681;received=76.92.229.122

Transport: TCP

Sent-by Address: 192.168.0.12

Sent-by port: 58764

Branch: z9hG4bK-d8754z-af140406e25fba37-1—d8754z-

RPort: 1681

Received: 76.92.229.122

To: “Jack Brown”<sip:jackearlbrown@iptel.org>;tag=b98f1230ac1a7949bf499aa7f9ea7038.6fe1

SIP Display info: “Jack Brown”

SIP to address: sip:jackearlbrown@iptel.org

SIP to address User Part: jackearlbrown

SIP to address Host Part: iptel.org

SIP tag: b98f1230ac1a7949bf499aa7f9ea7038.6fe1

From: “Jack Brown”<sip:jackearlbrown@iptel.org>;tag=293fa178

SIP Display info: “Jack Brown”

SIP from address: sip:jackearlbrown@iptel.org

SIP from address User Part: jackearlbrown

SIP from address Host Part: iptel.org

SIP tag: 293fa178

Call-ID: MDUxYmJjMTkwMWY3YmMyYWFiNzEwYTgzOGEzNmFhYTM.

CSeq: 4 REGISTER

Sequence Number: 4

Method: REGISTER

Expires: 600

Min-Expires: 240

Contact: <sip:jackearlbrown@76.92.229.122:1681;rinstance=eee68b244a5d3707;transport=TCP>;expires=600;received=”sip:76.92.229.122:1681;transport=TCP;dstip=213.192.59.75;dstport=5060″

Contact-URI: sip:jackearlbrown@76.92.229.122:1681;rinstance=eee68b244a5d3707;transport=TCP

Contactt-URI User Part: jackearlbrown

Contact-URI Host Part: 76.92.229.122

Contact-URI Host Port: 1681

Contact parameter: rinstance=eee68b244a5d3707

Contact parameter: transport=TCP>

Contact parameter: expires=600

Contact parameter: received=”sip:76.92.229.122:1681

Contact parameter: transport=TCP

Contact parameter: dstip=213.192.59.75

Contact parameter: dstport=5060″

Server: ser (3.2.0-dev2 (i386/linux))

Content-Length: 0

Warning: 392 213.192.59.75:5060 “Noisy feedback tells:  pid=19075 req_src_ip=76.92.229.122 req_src_port=1681 in_uri=sip:iptel.org out_uri=sip:iptel.org via_cnt==1”

***********************************************************************

Frame 689 below is the Subscribe method and being sent from the soft client to the SIP Server. Frame 690 is the ack back from the SIP Server to the soft client for frame 689 and is asking for a Proxy Authentication. Frame 692 is the soft client’s response – see the Proxy-Authorization: Digest field in frame 692.

***********************************************************************

No.     Time        Source                Destination           Protocol Length Info   689 120.809237  192.168.0.12          213.192.59.75         SIP      647    Request: SUBSCRIBE sip:jackearlbrown@iptel.org

Frame 689: 647 bytes on wire (5176 bits), 647 bytes captured (5176 bits)

Arrival Time: Aug  8, 2011 15:24:31.652840000 Central Daylight Time

Epoch Time: 1312835071.652840000 seconds

[Time delta from previous captured frame: 0.054839000 seconds]

[Time delta from previous displayed frame: 0.054839000 seconds]

[Time since reference or first frame: 120.809237000 seconds]

Frame Number: 689

Frame Length: 647 bytes (5176 bits)

Capture Length: 647 bytes (5176 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp:sip]

[Coloring Rule Name: TCP]

[Coloring Rule String: tcp]

Ethernet II, Src: Intel_e9:58:1c (00:03:47:e9:58:1c), Dst: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Destination: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Address: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Source: Intel_e9:58:1c (00:03:47:e9:58:1c)

Address: Intel_e9:58:1c (00:03:47:e9:58:1c)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol Version 4, Src: 192.168.0.12 (192.168.0.12), Dst: 213.192.59.75 (213.192.59.75)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

0000 00.. = Differentiated Services Codepoint: Default (0x00)

…. ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 633

Identification: 0x9951 (39249)

Flags: 0x02 (Don’t Fragment)

0… …. = Reserved bit: Not set

.1.. …. = Don’t fragment: Set

..0. …. = More fragments: Not set

Fragment offset: 0

Time to live: 128

Protocol: TCP (6)

Header checksum: 0x8d6d [correct]

[Good: True]

[Bad: False]

Source: 192.168.0.12 (192.168.0.12)

Destination: 213.192.59.75 (213.192.59.75)

Transmission Control Protocol, Src Port: sd-elmd (1681), Dst Port: sip (5060), Seq: 2878, Ack: 2940, Len: 593

Source port: sd-elmd (1681)

Destination port: sip (5060)

[Stream index: 60]

Sequence number: 2878    (relative sequence number)

[Next sequence number: 3471    (relative sequence number)]

Acknowledgement number: 2940    (relative ack number)

Header length: 20 bytes

Flags: 0x18 (PSH, ACK)

000. …. …. = Reserved: Not set

…0 …. …. = Nonce: Not set

…. 0… …. = Congestion Window Reduced (CWR): Not set

…. .0.. …. = ECN-Echo: Not set

…. ..0. …. = Urgent: Not set

…. …1 …. = Acknowledgement: Set

…. …. 1… = Push: Set

…. …. .0.. = Reset: Not set

…. …. ..0. = Syn: Not set

…. …. …0 = Fin: Not set

Window size value: 64114

[Calculated window size: 64114]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xb563 [validation disabled]

[Good Checksum: False]

[Bad Checksum: False]

[SEQ/ACK analysis]

[Bytes in flight: 593]

Session Initiation Protocol

Request-Line: SUBSCRIBE sip:jackearlbrown@iptel.org SIP/2.0

Method: SUBSCRIBE

Request-URI: sip:jackearlbrown@iptel.org

Request-URI User Part: jackearlbrown

Request-URI Host Part: iptel.org

[Resent Packet: False]

Message Header

Via: SIP/2.0/TCP 192.168.0.12:58764;branch=z9hG4bK-d8754z-4050181b557d302d-1—d8754z-;rport

Transport: TCP

Sent-by Address: 192.168.0.12

Sent-by port: 58764

Branch: z9hG4bK-d8754z-4050181b557d302d-1—d8754z-

RPort: rport

Max-Forwards: 70

Contact: <sip:jackearlbrown@76.92.229.122:1681;transport=TCP>

Contact-URI: sip:jackearlbrown@76.92.229.122:1681;transport=TCP

Contactt-URI User Part: jackearlbrown

Contact-URI Host Part: 76.92.229.122

Contact-URI Host Port: 1681

Contact parameter: transport=TCP>

To: “Jack Brown”<sip:jackearlbrown@iptel.org>

SIP Display info: “Jack Brown”

SIP to address: sip:jackearlbrown@iptel.org

SIP to address User Part: jackearlbrown

SIP to address Host Part: iptel.org

From: “Jack Brown”<sip:jackearlbrown@iptel.org>;tag=f5749d0a

SIP Display info: “Jack Brown”

SIP from address: sip:jackearlbrown@iptel.org

SIP from address User Part: jackearlbrown

SIP from address Host Part: iptel.org

SIP tag: f5749d0a

Call-ID: NzEyNTM5ODQzYzMwY2I0YmU0MWM1ZDVkMTNhNGFlYjE.

CSeq: 1 SUBSCRIBE

Sequence Number: 1

Method: SUBSCRIBE

Expires: 300

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO

User-Agent: X-Lite release 1100l stamp 47546

Event: message-summary

Content-Length: 0

No.     Time        Source                Destination           Protocol Length Info   690 120.965281  213.192.59.75         192.168.0.12          SIP      785    Status: 407 Proxy Authentication Required

Frame 690: 785 bytes on wire (6280 bits), 785 bytes captured (6280 bits)

Arrival Time: Aug  8, 2011 15:24:31.808884000 Central Daylight Time

Epoch Time: 1312835071.808884000 seconds

[Time delta from previous captured frame: 0.156044000 seconds]

[Time delta from previous displayed frame: 0.156044000 seconds]

[Time since reference or first frame: 120.965281000 seconds]

Frame Number: 690

Frame Length: 785 bytes (6280 bits)

Capture Length: 785 bytes (6280 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp:sip]

[Coloring Rule Name: TCP]

[Coloring Rule String: tcp]

Ethernet II, Src: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54), Dst: Intel_e9:58:1c (00:03:47:e9:58:1c)

Destination: Intel_e9:58:1c (00:03:47:e9:58:1c)

Address: Intel_e9:58:1c (00:03:47:e9:58:1c)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Source: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Address: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol Version 4, Src: 213.192.59.75 (213.192.59.75), Dst: 192.168.0.12 (192.168.0.12)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

0000 00.. = Differentiated Services Codepoint: Default (0x00)

…. ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 771

Identification: 0xb7c3 (47043)

Flags: 0x02 (Don’t Fragment)

0… …. = Reserved bit: Not set

.1.. …. = Don’t fragment: Set

..0. …. = More fragments: Not set

Fragment offset: 0

Time to live: 46

Protocol: TCP (6)

Header checksum: 0xc071 [correct]

[Good: True]

[Bad: False]

Source: 213.192.59.75 (213.192.59.75)

Destination: 192.168.0.12 (192.168.0.12)

Transmission Control Protocol, Src Port: sip (5060), Dst Port: sd-elmd (1681), Seq: 2940, Ack: 3471, Len: 731

Source port: sip (5060)

Destination port: sd-elmd (1681)

[Stream index: 60]

Sequence number: 2940    (relative sequence number)

[Next sequence number: 3671    (relative sequence number)]

Acknowledgement number: 3471    (relative ack number)

Header length: 20 bytes

Flags: 0x18 (PSH, ACK)

000. …. …. = Reserved: Not set

…0 …. …. = Nonce: Not set

…. 0… …. = Congestion Window Reduced (CWR): Not set

…. .0.. …. = ECN-Echo: Not set

…. ..0. …. = Urgent: Not set

…. …1 …. = Acknowledgement: Set

…. …. 1… = Push: Set

…. …. .0.. = Reset: Not set

…. …. ..0. = Syn: Not set

…. …. …0 = Fin: Not set

Window size value: 13039

[Calculated window size: 13039]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xb4f6 [validation disabled]

[Good Checksum: False]

[Bad Checksum: False]

    [SEQ/ACK analysis]

        [This is an ACK to the segment in frame: 689]

[The RTT to ACK the segment was: 0.156044000 seconds]

[Bytes in flight: 731]

Session Initiation Protocol

Status-Line: SIP/2.0 407 Proxy Authentication Required

Status-Code: 407

[Resent Packet: False]

Message Header

Via: SIP/2.0/TCP 192.168.0.12:58764;branch=z9hG4bK-d8754z-4050181b557d302d-1—d8754z-;rport=1681;received=76.92.229.122

Transport: TCP

Sent-by Address: 192.168.0.12

Sent-by port: 58764

Branch: z9hG4bK-d8754z-4050181b557d302d-1—d8754z-

RPort: 1681

Received: 76.92.229.122

To: “Jack Brown”<sip:jackearlbrown@iptel.org>;tag=ab7f724f44d6a86dac492bd71f480906-33b6

SIP Display info: “Jack Brown”

SIP to address: sip:jackearlbrown@iptel.org

SIP to address User Part: jackearlbrown

SIP to address Host Part: iptel.org

SIP tag: ab7f724f44d6a86dac492bd71f480906-33b6

From: “Jack Brown”<sip:jackearlbrown@iptel.org>;tag=f5749d0a

SIP Display info: “Jack Brown”

SIP from address: sip:jackearlbrown@iptel.org

SIP from address User Part: jackearlbrown

SIP from address Host Part: iptel.org

SIP tag: f5749d0a

Call-ID: NzEyNTM5ODQzYzMwY2I0YmU0MWM1ZDVkMTNhNGFlYjE.

CSeq: 1 SUBSCRIBE

Sequence Number: 1

Method: SUBSCRIBE

Proxy-Authenticate: Digest realm=”iptel.org”, nonce=”TkBF905ARe3Bj9RotM+a0ki7gY8w2f63″

Authentication Scheme: Digest

realm=”iptel.org”

nonce=”TkBF905ARe3Bj9RotM+a0ki7gY8w2f63″

Server: ser (3.2.0-dev2 (i386/linux))

Content-Length: 0

Warning: 392 213.192.59.75:5060 “Noisy feedback tells:  pid=19075 req_src_ip=76.92.229.122 req_src_port=1681 in_uri=sip:jackearlbrown@iptel.org out_uri=sip:jackearlbrown@iptel.org via_cnt==1”

No.     Time        Source                Destination           Protocol Length Info   692 121.166587  192.168.0.12          213.192.59.75         SIP      852    Request: SUBSCRIBE sip:jackearlbrown@iptel.org

Frame 692: 852 bytes on wire (6816 bits), 852 bytes captured (6816 bits)

Arrival Time: Aug  8, 2011 15:24:32.010190000 Central Daylight Time

Epoch Time: 1312835072.010190000 seconds

[Time delta from previous captured frame: 0.009881000 seconds]

[Time delta from previous displayed frame: 0.009881000 seconds]

[Time since reference or first frame: 121.166587000 seconds]

Frame Number: 692

Frame Length: 852 bytes (6816 bits)

Capture Length: 852 bytes (6816 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp:sip]

[Coloring Rule Name: TCP]

[Coloring Rule String: tcp]

Ethernet II, Src: Intel_e9:58:1c (00:03:47:e9:58:1c), Dst: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Destination: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Address: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Source: Intel_e9:58:1c (00:03:47:e9:58:1c)

Address: Intel_e9:58:1c (00:03:47:e9:58:1c)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol Version 4, Src: 192.168.0.12 (192.168.0.12), Dst: 213.192.59.75 (213.192.59.75)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

0000 00.. = Differentiated Services Codepoint: Default (0x00)

…. ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 838

Identification: 0x9953 (39251)

Flags: 0x02 (Don’t Fragment)

0… …. = Reserved bit: Not set

.1.. …. = Don’t fragment: Set

..0. …. = More fragments: Not set

Fragment offset: 0

Time to live: 128

Protocol: TCP (6)

Header checksum: 0x8c9e [correct]

[Good: True]

[Bad: False]

Source: 192.168.0.12 (192.168.0.12)

Destination: 213.192.59.75 (213.192.59.75)

Transmission Control Protocol, Src Port: sd-elmd (1681), Dst Port: sip (5060), Seq: 3471, Ack: 3671, Len: 798

Source port: sd-elmd (1681)

Destination port: sip (5060)

[Stream index: 60]

Sequence number: 3471    (relative sequence number)

[Next sequence number: 4269    (relative sequence number)]

Acknowledgement number: 3671    (relative ack number)

Header length: 20 bytes

Flags: 0x18 (PSH, ACK)

000. …. …. = Reserved: Not set

…0 …. …. = Nonce: Not set

…. 0… …. = Congestion Window Reduced (CWR): Not set

…. .0.. …. = ECN-Echo: Not set

…. ..0. …. = Urgent: Not set

…. …1 …. = Acknowledgement: Set

…. …. 1… = Push: Set

…. …. .0.. = Reset: Not set

…. …. ..0. = Syn: Not set

…. …. …0 = Fin: Not set

Window size value: 65535

[Calculated window size: 65535]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xefd6 [validation disabled]

[Good Checksum: False]

[Bad Checksum: False]

[SEQ/ACK analysis]

[Bytes in flight: 798]

Session Initiation Protocol

Request-Line: SUBSCRIBE sip:jackearlbrown@iptel.org SIP/2.0

Method: SUBSCRIBE

Request-URI: sip:jackearlbrown@iptel.org

Request-URI User Part: jackearlbrown

Request-URI Host Part: iptel.org

[Resent Packet: False]

Message Header

Via: SIP/2.0/TCP 192.168.0.12:58764;branch=z9hG4bK-d8754z-840f1771b832cc7c-1—d8754z-;rport

Transport: TCP

Sent-by Address: 192.168.0.12

Sent-by port: 58764

Branch: z9hG4bK-d8754z-840f1771b832cc7c-1—d8754z-

RPort: rport

Max-Forwards: 70

Contact: <sip:jackearlbrown@76.92.229.122:1681;transport=TCP>

Contact-URI: sip:jackearlbrown@76.92.229.122:1681;transport=TCP

Contactt-URI User Part: jackearlbrown

Contact-URI Host Part: 76.92.229.122

Contact-URI Host Port: 1681

Contact parameter: transport=TCP>

To: “Jack Brown”<sip:jackearlbrown@iptel.org>

SIP Display info: “Jack Brown”

SIP to address: sip:jackearlbrown@iptel.org

SIP to address User Part: jackearlbrown

SIP to address Host Part: iptel.org

From: “Jack Brown”<sip:jackearlbrown@iptel.org>;tag=f5749d0a

SIP Display info: “Jack Brown”

SIP from address: sip:jackearlbrown@iptel.org

SIP from address User Part: jackearlbrown

SIP from address Host Part: iptel.org

SIP tag: f5749d0a

Call-ID: NzEyNTM5ODQzYzMwY2I0YmU0MWM1ZDVkMTNhNGFlYjE.

CSeq: 2 SUBSCRIBE

Sequence Number: 2

Method: SUBSCRIBE

Expires: 300

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO

Proxy-Authorization: Digest username=”jackearlbrown”,realm=”iptel.org”,nonce=”TkBF905ARe3Bj9RotM+a0ki7gY8w2f63″,uri=”sip:jackearlbrown@iptel.org”,response=”4a13af6a7acf6fb9cd374c5d685fa55b”,algorithm=MD5

Authentication Scheme: Digest

username=”jackearlbrown”

realm=”iptel.org”

nonce=”TkBF905ARe3Bj9RotM+a0ki7gY8w2f63″

uri=”sip:jackearlbrown@iptel.org”

response=”4a13af6a7acf6fb9cd374c5d685fa55b”

algorithm=MD5

User-Agent: X-Lite release 1100l stamp 47546

Event: message-summary

Content-Length: 0

***********************************************************************

Frame 745 below is the SIP Server sending the method ‘options’ to the soft client. The SIP method OPTIONS allows a UA to query another UA or a proxy server as to its capabilities.  This allows a client to discover information about the supported methods, content types, extensions, codecs, etc. without “ringing” the other party.

Frame 746 is the ack back to the SIP Server acknowledging Frame 745. Frame 747 is the 200 OK back from the soft client showing the options and that it supports methods such as INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO

***********************************************************************

No.     Time        Source                Destination           Protocol Length Info   745 135.302225  213.192.59.75         192.168.0.12          SIP      348    Request: OPTIONS sip:76.92.229.122:1681;transport=TCP;dstip=213.192.59.75;dstport=5060

Frame 745: 348 bytes on wire (2784 bits), 348 bytes captured (2784 bits)

Arrival Time: Aug  8, 2011 15:24:46.145828000 Central Daylight Time

Epoch Time: 1312835086.145828000 seconds

[Time delta from previous captured frame: 0.289005000 seconds]

[Time delta from previous displayed frame: 0.289005000 seconds]

[Time since reference or first frame: 135.302225000 seconds]

Frame Number: 745

Frame Length: 348 bytes (2784 bits)

Capture Length: 348 bytes (2784 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp:sip]

[Coloring Rule Name: TCP]

[Coloring Rule String: tcp]

Ethernet II, Src: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54), Dst: Intel_e9:58:1c (00:03:47:e9:58:1c)

Destination: Intel_e9:58:1c (00:03:47:e9:58:1c)

Address: Intel_e9:58:1c (00:03:47:e9:58:1c)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Source: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Address: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol Version 4, Src: 213.192.59.75 (213.192.59.75), Dst: 192.168.0.12 (192.168.0.12)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

0000 00.. = Differentiated Services Codepoint: Default (0x00)

…. ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 334

Identification: 0xb7c6 (47046)

Flags: 0x02 (Don’t Fragment)

0… …. = Reserved bit: Not set

.1.. …. = Don’t fragment: Set

..0. …. = More fragments: Not set

Fragment offset: 0

Time to live: 46

Protocol: TCP (6)

Header checksum: 0xc223 [correct]

[Good: True]

[Bad: False]

Source: 213.192.59.75 (213.192.59.75)

Destination: 192.168.0.12 (192.168.0.12)

Transmission Control Protocol, Src Port: sip (5060), Dst Port: sd-elmd (1681), Seq: 4930, Ack: 4764, Len: 294

Source port: sip (5060)

Destination port: sd-elmd (1681)

[Stream index: 60]

Sequence number: 4930    (relative sequence number)

[Next sequence number: 5224    (relative sequence number)]

Acknowledgement number: 4764    (relative ack number)

Header length: 20 bytes

Flags: 0x18 (PSH, ACK)

000. …. …. = Reserved: Not set

…0 …. …. = Nonce: Not set

…. 0… …. = Congestion Window Reduced (CWR): Not set

…. .0.. …. = ECN-Echo: Not set

…. ..0. …. = Urgent: Not set

…. …1 …. = Acknowledgement: Set

…. …. 1… = Push: Set

…. …. .0.. = Reset: Not set

…. …. ..0. = Syn: Not set

…. …. …0 = Fin: Not set

Window size value: 15960

[Calculated window size: 15960]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xd6d2 [validation disabled]

[Good Checksum: False]

[Bad Checksum: False]

[SEQ/ACK analysis]

[Bytes in flight: 294]

Session Initiation Protocol

Request-Line: OPTIONS sip:76.92.229.122:1681;transport=TCP;dstip=213.192.59.75;dstport=5060 SIP/2.0

Method: OPTIONS

Request-URI: sip:76.92.229.122:1681;transport=TCP;dstip=213.192.59.75;dstport=5060

Request-URI Host Part: 76.92.229.122

Request-URI Host Port: 1681

[Resent Packet: False]

Message Header

Via: SIP/2.0/TCP 213.192.59.75;branch=z9hG4bK-GnIp-fa60e65

Transport: TCP

Sent-by Address: 213.192.59.75

Branch: z9hG4bK-GnIp-fa60e65

f: sip:registrar@127.0.0.1:9;tag=1

SIP from address: sip:registrar@127.0.0.1:9

SIP from address User Part: registrar

SIP from address Host Part: 127.0.0.1

SIP tag: 1

t: sip:76.92.229.122:1681;transport=TCP;dstip=213.192.59.75;dstport=5060

SIP to address: sip:76.92.229.122:1681

SIP to address Host Part: 76.92.229.122

SIP to address Host Port: 1681

i: fa60e65

CSeq: 1 OPTIONS

Sequence Number: 1

Method: OPTIONS

l: 0

No.     Time        Source                Destination           Protocol Length Info   746 135.439012  192.168.0.12          213.192.59.75         TCP      54     sd-elmd > sip [ACK] Seq=4764 Ack=5224 Win=65535 Len=0

Frame 746: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)

Arrival Time: Aug  8, 2011 15:24:46.282615000 Central Daylight Time

Epoch Time: 1312835086.282615000 seconds

[Time delta from previous captured frame: 0.136787000 seconds]

[Time delta from previous displayed frame: 0.136787000 seconds]

[Time since reference or first frame: 135.439012000 seconds]

Frame Number: 746

Frame Length: 54 bytes (432 bits)

Capture Length: 54 bytes (432 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp]

Ethernet II, Src: Intel_e9:58:1c (00:03:47:e9:58:1c), Dst: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Destination: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Address: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Source: Intel_e9:58:1c (00:03:47:e9:58:1c)

Address: Intel_e9:58:1c (00:03:47:e9:58:1c)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol Version 4, Src: 192.168.0.12 (192.168.0.12), Dst: 213.192.59.75 (213.192.59.75)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

0000 00.. = Differentiated Services Codepoint: Default (0x00)

…. ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 40

Identification: 0x996c (39276)

Flags: 0x02 (Don’t Fragment)

0… …. = Reserved bit: Not set

.1.. …. = Don’t fragment: Set

..0. …. = More fragments: Not set

Fragment offset: 0

Time to live: 128

Protocol: TCP (6)

Header checksum: 0x8fa3 [correct]

[Good: True]

[Bad: False]

Source: 192.168.0.12 (192.168.0.12)

Destination: 213.192.59.75 (213.192.59.75)

Transmission Control Protocol, Src Port: sd-elmd (1681), Dst Port: sip (5060), Seq: 4764, Ack: 5224, Len: 0

Source port: sd-elmd (1681)

Destination port: sip (5060)

[Stream index: 60]

Sequence number: 4764    (relative sequence number)

Acknowledgement number: 5224    (relative ack number)

Header length: 20 bytes

Flags: 0x10 (ACK)

000. …. …. = Reserved: Not set

…0 …. …. = Nonce: Not set

…. 0… …. = Congestion Window Reduced (CWR): Not set

…. .0.. …. = ECN-Echo: Not set

…. ..0. …. = Urgent: Not set

…. …1 …. = Acknowledgement: Set

…. …. 0… = Push: Not set

…. …. .0.. = Reset: Not set

…. …. ..0. = Syn: Not set

…. …. …0 = Fin: Not set

Window size value: 65535

[Calculated window size: 65535]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x87d5 [validation disabled]

[Good Checksum: False]

[Bad Checksum: False]

    [SEQ/ACK analysis]

        [This is an ACK to the segment in frame: 745]

[The RTT to ACK the segment was: 0.136787000 seconds]

No.     Time        Source                Destination           Protocol Length Info   747 135.503590  192.168.0.12          213.192.59.75         SIP      541    Status: 200 OK

Frame 747: 541 bytes on wire (4328 bits), 541 bytes captured (4328 bits)

Arrival Time: Aug  8, 2011 15:24:46.347193000 Central Daylight Time

Epoch Time: 1312835086.347193000 seconds

[Time delta from previous captured frame: 0.064578000 seconds]

[Time delta from previous displayed frame: 0.064578000 seconds]

[Time since reference or first frame: 135.503590000 seconds]

Frame Number: 747

Frame Length: 541 bytes (4328 bits)

Capture Length: 541 bytes (4328 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp:sip]

[Coloring Rule Name: TCP]

[Coloring Rule String: tcp]

Ethernet II, Src: Intel_e9:58:1c (00:03:47:e9:58:1c), Dst: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Destination: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

Address: Cisco-Li_03:a5:54 (00:1a:70:03:a5:54)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Source: Intel_e9:58:1c (00:03:47:e9:58:1c)

Address: Intel_e9:58:1c (00:03:47:e9:58:1c)

…. …0 …. …. …. …. = IG bit: Individual address (unicast)

…. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol Version 4, Src: 192.168.0.12 (192.168.0.12), Dst: 213.192.59.75 (213.192.59.75)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

0000 00.. = Differentiated Services Codepoint: Default (0x00)

…. ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 527

Identification: 0x996d (39277)

Flags: 0x02 (Don’t Fragment)

0… …. = Reserved bit: Not set

.1.. …. = Don’t fragment: Set

..0. …. = More fragments: Not set

Fragment offset: 0

Time to live: 128

Protocol: TCP (6)

Header checksum: 0x8dbb [correct]

[Good: True]

[Bad: False]

Source: 192.168.0.12 (192.168.0.12)

Destination: 213.192.59.75 (213.192.59.75)

Transmission Control Protocol, Src Port: sd-elmd (1681), Dst Port: sip (5060), Seq: 4764, Ack: 5224, Len: 487

Source port: sd-elmd (1681)

Destination port: sip (5060)

[Stream index: 60]

Sequence number: 4764    (relative sequence number)

[Next sequence number: 5251    (relative sequence number)]

Acknowledgement number: 5224    (relative ack number)

Header length: 20 bytes

Flags: 0x18 (PSH, ACK)

000. …. …. = Reserved: Not set

…0 …. …. = Nonce: Not set

…. 0… …. = Congestion Window Reduced (CWR): Not set

…. .0.. …. = ECN-Echo: Not set

…. ..0. …. = Urgent: Not set

…. …1 …. = Acknowledgement: Set

…. …. 1… = Push: Set

…. …. .0.. = Reset: Not set

…. …. ..0. = Syn: Not set

…. …. …0 = Fin: Not set

Window size value: 65535

[Calculated window size: 65535]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x9101 [validation disabled]

[Good Checksum: False]

[Bad Checksum: False]

[SEQ/ACK analysis]

[Bytes in flight: 487]

Session Initiation Protocol

Status-Line: SIP/2.0 200 OK

Status-Code: 200

[Resent Packet: False]

Message Header

Via: SIP/2.0/TCP 213.192.59.75;branch=z9hG4bK-GnIp-fa60e65

Transport: TCP

Sent-by Address: 213.192.59.75

Branch: z9hG4bK-GnIp-fa60e65

Contact: <sip:192.168.0.12:58764;transport=TCP>

Contact-URI: sip:192.168.0.12:58764;transport=TCP

Contact-URI Host Part: 192.168.0.12

Contact-URI Host Port: 58764

Contact parameter: transport=TCP>

To: <sip:76.92.229.122:1681;transport=TCP>;tag=271eda37;dstip=213.192.59.75;dstport=5060

SIP to address: sip:76.92.229.122:1681;transport=TCP

SIP to address Host Part: 76.92.229.122

SIP to address Host Port: 1681

SIP tag: 271eda37

From: <sip:registrar@127.0.0.1:9>;tag=1

SIP from address: sip:registrar@127.0.0.1:9

SIP from address User Part: registrar

SIP from address Host Part: 127.0.0.1

SIP tag: 1

Call-ID: fa60e65

CSeq: 1 OPTIONS

Sequence Number: 1

Method: OPTIONS

Accept: application/sdp

Accept-Language: en

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO

User-Agent: X-Lite release 1100l stamp 47546

Content-Length: 0

Advertisements

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: