Reputation: 3
SIP protocol analysis with Wireshark
I'm trying to learn SIP protocols with Wireshark. here are two problems that I have met.
1.when having a complete calling, the called one had caught 2 ACK packs, among which the second appears to be replying the first, as is shown in the picture bellow. enter image description here I wonder why would this happen?
2.when the calling side cancelled the call before it's answered, it caught a 488 package, meaning that "not acceptable here". But Wireshark interpreted it as "request terminated", which should be 487. Why would I catch such a pack? enter image description here
Upvotes: 0
Views: 476
Answers (1)
Reputation: 1745
1/ The second ACK is not a reply to the first one: it's an exact duplicate of the first one. This is happening because there is some delay and the other side is sending twice the 200 OK for INVITE. Each 200 OK needs an ACK. (See retransmission timers in rfc3261)
2/ The 488 is most probably an error in the client (or server?) sending the answer. It should be 487. There is no interpretation by Wireshark. The text and code is controlled by the client (or server) creating the "488 Request Terminated" answer.
Upvotes: 1
Related Questions
- Parsing SIP message body
- Sip headers understanding
- Testing the SIP basics with netcat udp
- Interconnection of SIP applications
- Behavior of sip INVITE
- Capture RTP and SIP Traffic using tcpdump
- Session Initiation Protocol
- How can I decode SIP/TLS (non default SIPS port) packets through Wireshark?
- how to monitor sip packets on android phone/
- parsing sip using pjsip