This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

MATE - SIP MESSAGE call flow

0

Hello Experts,

I need your help on the Gop per SIP MESSAGE call flow.

The complete SIP MESSAGE call flow is like

Client   ------SIP MESSAGE with sip.Call-ID="a1"-----------> Sever  (this is client sends MESSAGE)
Client   <----SIP 202 Accepted with sip.Call-ID="a1"--------- Sever
Client   <----SIP MESSAGE with sip.Call-ID="b1" and sip.In-Reply-To="a1"----------- Sever (this is status report from server to Client)
Client   -----SIP 200 OK with sip.Call-ID="b1"-----------> Sever

The question is how can use Gop to extract both transactions with either sip.In-Reply-To or sip.Status.Code?

// Create a "SIP-pdu" that contains various pieces of the processed SIP
// message.
Pdu sip_pdu Proto sip Transport udp {
        Extract callid From sip.Call-ID;
        Extract callid From sip.In-Reply-To;
        Extract cseq_method From sip.CSeq.method;
        Extract status_code From sip.Status-Code;
};
// Then create a GOP (Group Of Pdus) where the each GOP contains all the PDUs
// (msgs) that whose call-id, sip.CSeq.seq,and sip.CSeq.method match.
Gop sip_transaction On sip_pdu Match (callid,cseq_method) {
        Start();
        Stop(never);
    // Store the result code in the GOP
    Extra(status_code);

};

Done;

Thank you so much!

asked 04 Nov '15, 02:24

Alex%20Lu's gravatar image

Alex Lu
1333
accept rate: 0%

edited 04 Nov '15, 04:12

Jaap's gravatar image

Jaap ♦
11.7k16101

One Answer:

0

Hmmm, I'm not sure you could get the 2 transactions (I guess you want all the transactions where sip.In-Reply-To or sip.Call-Id have the value "a1", for example) into one GoP.

To do this I think you'd need to create a GoP that contains each transaction and then a GoG (Group of Groups) that contains the 2 transactions. Something like:

Gog sip_thingy {
    Member callid (call);
    Member inreplyto (call)
};

(Of course your gop would need to put Call-Id and In-Reply-To into separate fields named callid and inreplyto, respectively.)

answered 10 Nov '15, 17:14

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

edited 11 Nov '15, 18:04

Thank you Jeff for the insight!

However the key here is to use sip.Call-ID as the SIP Response on 2nd part is only showing the sip.Call-Id not including the sip.In-Reply-To.

each Gop need trap sip.Call-Id and it will trigger alarm if used in multiple Gops.

(10 Nov '15, 22:36) Alex Lu

Hmm, I think it should work. You'll end up with 2 GoPs: one with callid of "a1" (and no inreplyto) and a 2nd with callid of "b1" and inreplyto of "a1".

The GoG will then group these 2 GoPs together because the first's callid matches the 2nd's inreplyto.

Admittedly I haven't tried it...

(11 Nov '15, 18:09) JeffMorriss ♦

Thanks again for the details and I will try that out.

(13 Nov '15, 00:11) Alex Lu