SIP Session Tracking - sip

I am currently working on a project that collect a users login and extension information through parsing SIP header messages after capturing packets. I am currently using PCAP.net and SIPSorcery libraries to accomplish this. The project is written in C#
How it works:
By using filters in PCAP.net I can zone in on the SIP related traffic. Each time a packet is captured an event is fired and I check for the packet type e.g. whether it is SIP or something else UDP related such as DNS. If this is a SIP message I parse the header pulling out the information I am interested in
The problem:
Some SIP endpoints generates multiple registration packets which contains the same UID. It is hard to keep track of a single session and when the endpoint is actually finally registered (i.e. receives the 200OK from the SIP Server). I tried using Dictionary with CallID and then checking when a packet is received if it is already in the Dictionary.
The question:
How do I keep track the session so I know when I receive the 200OK for that particular session, it is registered and stream is complete

A SIP endpoint sends a REGISTER request to bind its contact address(es) to an address-of-record. Such a registration is identified by the Call-ID header field.
Keep in mind that multiple REGISTER requests with the same Call-ID value can occur because:
the endpoint will periodically update its registration, since every registration has an expiration interval
a REGISTER request is challenged for authentication and the SIP endpoint sends a new request with authentication information.
retransmissions
Furthermore, a 200 response doesn't mean that the endpoint is registered. You should check the 'expires' header and/or contact parameter to know how long the registration will remain valid.

Call-ID field in the SIP message is used to track a SIP session. Check RFC 3261 to get more details about Call-ID.
Call-IDs act as unique identifier for a SIP session. In your case you can try searching the Call-ID from the SIP-REGISTER message to track the subsequent messages.

Related

Multiple contact headers in 200OK response for a Register request

I am using a Linphone mobile app on android and a Freeswitch server for Audio/video calls.
Now when Linphone sends a Register request to server it gets multiple contact headers in the 200OK response from the Freeswitch Server.
**Contact:
;expires=3211
**Contact: ;expires=3303
**Contact: ;expires=3475
**Contact: ;expires=3600
Because of these bindings,server tries to send invite to multiple contacts for B-leg at the time of call.
Can somebody help me with the probable cause for multiple contact headers in 200OK from server side?
RFC 3261 states in 10.2.4 Refreshing Bindings:
The 200 (OK) response from the registrar contains a list of Contact fields enumerating all current bindings.
Multiple bindings for a single AOR can be registered
by different SIP instances, each registering their own contact address, and/or
by a single SIP instance when it has multiple contact addresses
by a single SIP instance when it registers its new contact address without first unregistering its previous (outdated) address
Looking at your comment it appears the same number (1008) is registered with multiple IP addresses. You should check the REGISTER request(s) your Linphone app sends:
If it contains multiple contact addresses then the host your app runs on is multihomed.
If it registers different contact addresses in subsequent sessions you could consider unregistering a contact address before ending a session.
Otherwise probably other SIP phones in the system register with the same number.
Update:
Extended answer to reflect comment by #artemy-vysotsky

SIP REGISTER getting 500 server internal error - 63

Scenario is regarding SIP register on LTE network.
Device latch with the network and sends SIP register with call id 4EdqB3YwpQHIYGPtj9c and CSeq no. 1
Network responded back with 401 unauthorized.
Device sends the register message with nonce value with call id 4EdqB3YwpQHIYGPtj9c and CSeq no. 2. and registration get successful.
Device reattach with the network. like switch off and on.
Device again sends REGISTER message with same call id 4EdqB3YwpQHIYGPtj9c and Cseq no. 1, for which receives 500 server internal error - 63 from the network.
After a while device again sends REGISTER message, this time call id is different 3Qp8ssj7hpKpspDn0mELU1v and cseq no. 1. after getting 401 response from n/w, resend REGISTER again which get successful as well.
My query is that:
Does after reattach cseq no. reset to 1?
Does after reattach, device should use different call id to initiate the REGISTER message?
What is the error code 63 means in 500 internal server error?
Thanks in advance
Does after reattach Cseq no. reset to 1?
A new SIP registration can start with any new random number. It can start with Cseq: 1 also. In the User equipment you are checking, it might be starting all new registrations with Cseq 1.
When a new registration is received at Sip-Registrar (i.e., S-CSCF in case of IP Multimedia Subsystem); a binding is created with Call-ID value. This brings us to the next question.
Does after reattach, device should use different call id to initiate the REGISTER message?
Registrations are time-bound and will expire after some time. Before that expiry, a Re-registration should be sent. This subsequent Register request should bind to that old registration at Sip-Registrar. For that we will maintain same call-Id. (and also same Contact, To, From, and From tag : which all headers and parameters used for binding is a different topic altogether; we will skip this for now.). According to RFC3261, A UA should use the same Call-ID for all registrations during a single boot cycle.
Coming to your case, It is not possible to guess why 500 Internal server error is sent for the new Register request having the same call-Id as the older register.
There is a possibility that the older binding is still be lingering at the Sip-Registrar and during detach, resource cleaning might not have taken place. This new registration might be be attaching to the older binding because of same call Id. (mind you this is just speculation, I am not sure what is happening at your Sip-Registrar)
What is the error code 63 means in 500 internal server error?
This number 63 is a proprietary implementation. In response, after 500, the text can be manipulated to add anything that creates a meaningful reason.
For further info on how registration is handled at SIP-Registrar you can go through the following RFC link:
https://www.rfc-editor.org/rfc/rfc3261#section-10.3
Regards,
KNP

How to Detect sip call forward to server's Voice mail?

Am Using Pjsip libraries for SIP implementation . Using Pjsip lib i can able to make IP calls perfectly . My problem is While I Make call if other End User Decline/not Reachable or No answer ,My call will connect with Voice mail and get 200k(call connected state) from sip server as same like other end user Answering call.
Not Reachable Case i can differentiate 200 ok By missing 183 Session Progress Message. But noanswer and decline case I couldn't get the actual State of call .
is any way to find call connected state and Voice mail connected state ?
There isn't any one way of a user agent knowing it has reached a voicemail server versus a person answering.
Usually what will happen is that your user agent will send an INVITE to a From URI, and some proxy responsible for that URI will fork the INVITE to the various user agents the remote party uses: her phone, her voicemail service, and so on. The first user agent to return a 2xx response sets up the call.
You will however always know to which user agent you have connected, in the Contact header of the 200 OK.
Presumably a voicemail server will indicate in its SDP offer/answer that while it accepts certain incoming media streams, it will not send anything, by marking the stream with an a=recvonly attribute (See RFC 3264).

How does the persistence work in XMPP?

I'm trying to understand the differences between AMQP and XMPP and among other things I don't really understand if XMPP works like it had Queues.
When you send a message to various clients what happen if one of them is down? The server enqueues the message up to the client is up again or how does it work?
Thanks
It depends on the XMPP server implementation how messages and iq's are handeld when the JID is offline. Section 11.1 of RFC 3921:
Else if the JID is of the form and there are no
available resources associated with the user, how the stanza is
handled depends on the stanza type:
...
For message stanzas, the server MAY choose to store the stanza on
behalf of the user and deliver it when the user next becomes
available, or forward the message to the user via some other means
(e.g., to the user's email account). However, if offline message
storage or message forwarding is not enabled, the server MUST return
to the sender a stanza error. (Note: Offline
message storage and message forwarding are not defined in XMPP, since
they are strictly a matter of implementation and service
provisioning.)
For IQ stanzas, the server itself MUST reply on behalf of the user
with either an IQ result or an IQ error. Specifically, if the
semantics of the qualifying namespace define a reply that the server
can provide, the server MUST reply to the stanza on behalf of the
user; if not, the server MUST reply with a
stanza error.

Send XMPP message without starting a chat

I am basically writing a XMPP client to automatically reply to "specific" chat messages.
My setup is like this:
I have pidgin running on my machine configured to run with an account x#xyz.com.
I have my own jabber client configured to run with the same account x#xyz.com.
There could be other XMPP clients .
Here is my requirement:
I am trying to automate certain kind of messages that I receive on gtalk. So whenever I receive a specific message eg: "How are you" , my own XMPP client should reply automatically with say "fine". How are you". All messages sent (before and after my client replies) to x#xyz.com but should be received by all clients (my own client does not have a UI and can only respond to specific messages.).
Now I have already coded my client to reply automatically. This works fine. But the problem I am facing is that as soon as I reply (I use the smack library), all subsequent messages that are sent to x#xyz.com are received only by my XMPP client. This is obviously a problem as my own client is quite dump and does not have a UI, so I don't get to see the rest of the messages sent to me, thereby making me "lose" messages.
I have observed the same behavior with other XMPP clients as well. Now the question is, is this is a requirement of XMPP (I am sorry but I haven't read XMPP protocol too well). Is it possible to code an XMPP client to send a reply to a user and still be able to receive all subsequent messages in all clients currently listening for messages? Making my client a full fledged XMPP client is a solution, but I don't want to go that route.
I hope my question is clear.
You may have to set a negative presence priority for your bot..
First thing to know is that in XMPP protocol every client is supposed to have a full JID. This is a bare JID - in your case x#xyz.com with a resource in the end e.g. x#xyz.com/pidgin or x#xyz.com/home (where /pidgin and /home are the resource). This is a part of how routing messages to different clients is supposed to be achieved.
Then there are the presence stanzas. When going online a client usually sends a presence stanza to the server. This informs about e.g. if the client is available for chat or away for lunch. Along with this information can be sent a priority. When there are more than one clients connected the one with the highest priority will receive the messages sent to the bare JID (e.g. ClientA(prio=50) and ClientB(prio=60) -> ClientB receives the messages sent to x#xyz.com). But there are also negative priorities. A priority less than 0 states that this client should never be sent any messages. Such a stanza might look like this
<presence from="x#xyz.com/bot">
<priority>-1</priority>
</presence>
This may fit your case. Please keep in mind it also depends on the XMPP server where your account is located, which may or may have not fully implemented this part of the protocol.
So to summarize: I recommend you to look through the Smack API how to set a presence and set the priority to <0 for your bot client right after it connected.