HET 436 Broadband Multimedia Networks Assignment Using SIP for Internet Telephony

Lecturer: Mr. Mujahid Tabassum

AMRAH BABA-ALI (4230078) DUAA FATIMA SAQIB KHAN (4231139)

2013

PART ONE
QUESTION 1 Session Initiation Protocol (SIP) is a signaling communications protocol, used for setting up, modifying and ending real-time sessions between peers over a data network. SIP is actually text-based and highly extensible, similar to HTTP and SMTP. Components of SIP The components of a standard SIP configuration have different functions in communication, serving as clients, servers, or at times, both. There are generally 5 components, listed and explained briefly below. User Agent (UA) an endpoint entity further broken down to User Agent Client (UAC) which initiates SIP request, and User Agent Server(UAS) which contacts and responds on behalf of the user. Proxy Server an intermediary entity that makes requests on behalf of other clients. Redirect Server similar to the proxy server but does not pass on the request to other servers. Registrar an endpoint component which accepts register requests and places the received information into the location service for the domain it handles. Location Server used by the proxy server to gain knowledge

about possible locations of the party being called. SIP Messages There are two types of SIP messages. a) Requests messages sent from the client to the server. Methods of sending a request include SIP Invite which is a connection establishing request between user agents. It can initiate a call and change the call parameters like in re-invite; ack which responds for invite; bye which terminates the call and cancel which terminates a pending request. SIP Register is used by the User Agent (UA) for registration with SIP proxy. Its used to indicate current IP address and the URLs for which it would like to receive calls. b) Responses messages sent from server to client. The response messages are either provisional or final, in digital format as listed below. 1xx = provisional, information messages 2xx = final, successful completion 3xx = final, call forwarding 4xx = final, error 5xx = final, server error 6xx = final, global failure A nonce is an arbitrary number generated for a specific use, like session authentication. Using a nonce prevents a malicious user from performing a replay attack in order to log into a clients system. It is normally sent in SIP control messages when repetition of a transmission is not wanted, and the response is different 1

Amrah & Fatima

for each authentication session, making a replay attack impossible. QUESTION 2 SDP Session Description Protocol is used to describe streaming multimedia session parameters. Simply put, it conveys information in multimedia sessions which allow recipients of specified descriptions to participate in the session (Handley 1998). SDP include information like the session name and purpose, and the time the session is active. Additional information like the bandwidth used by the session and contact information of client is sometimes included for clarity in participation (no name, 2012) G.711 The G.711 is an ITU-T standard for voice transmission over telecommunication lines, used in the modern digital telephone network. It has a sampling frequency of 8kHz, a 64kb/s bitrate, sample period 20 ms and a 160 frame size. G.711 has two versions; A-law and Ulaw. G.711 A-law This uses a 13-bit linear PCM as input, and then converts it to 8-bit value. This provides a more dynamic range as compared to the U-law, with better suppressed sampling artifacts. G.711 U-law This law on the other hand, uses a 14bit linear PCM as input, increases it by 32 before converting to 8-bit values.

This yields an encoded channel with samples coded 0xFF in the octets. G.711 A-law Uses 13-bit linear PCM as input Has a lower dynamic range G.711 U-law Uses 14-bit linear PCM as input Has a larger dynamic range as compared to Alaw Used widely in Generally used Europe throughout North America and Japan
Fig 1.0 summarized differences between A-law and U-law

G.726 This is an upgraded version of the G.711 standard, which can be used for voice transmission at 16 kb/s, 24 kb/s, 32kb/s and 40kb/s channels. Also has a sampling frequency of 8 kHz, 20 ms sample period and a frame size of 80. G.729 This standard operates at 8kb/s using CS-ACELP (Conjugate-Structure Algebraic Code-Exited linearPrediction). It compresses voice audio in 10 millisecond frames. Because of the lower bitrate, it is ideal for use in scenarios with limited bandwidths, like international VoIP service and satellite connections. It also has frame size of 10. Comfort Noise Generation Basically, a Comfort Noise Generator (CNG) is a program used for creation of noise during voice communication when there is a period of silence (Sakhnov, Simak 2010). The CNG is used in association with discontinuous transmission (DTX), which means that 2

Amrah & Fatima

the transmitter is switched off during silent periods. In a VoIP service, comfort noise is generated when the DTX module sends Silence Insertion Descriptor (SID) frames to the CNG module. This inserts artificial background noise between speech periods so that the users on both ends dont notice switching in the conversation.

= 1578 bytes

Packets sec (pps) = = = 5.33 pps Bandwidth per call = packet size * pps = 8*1578*5.33 = 67328 bytes/s Therefore, no. of VoIP concurrent = =

per

calls

= 148.52 This means total number of calls that can be handled is approximately 149 calls. The 802.11b link has a capacity of 11Mbps; this means that for each VoIP call made through this link, it will use up some capacity of the link. Since each call has a bandwidth of 67328 bytes/s, the potential capacity stolen from TCP traffic for 1 call = 1(67328)bps = 67.328 kbps 3 calls = 3(67328)bps = 201.984kbps 5 calls = 5(67328)bps = 336.64 kbps 7 calls = &(67328) bps = 471.296 kbps QUESTION 4 NAT Network address translation (NAT) is an internet standard which allows a LAN to use a particular set of IP address for the internal traffic and a different set for external traffic. It 3 Amrah & Fatima

Fig 2.0 comfort noise generator (Sakhnov, Simak 2010)

Seen above is a summarized image of a proposed comfort noise generator by Sakhnov and Simak in a 2010 research paper about noise generation. The model is based on a set of noise model parameters which were based on actual background measurements in the echo suppressing system. QUESTION 3 Given: bandwidth = 10 Mbps Ethernet MTU = 1500 bytes Number of VoIP concurrent calls = Packet size = Ethernet Overhead + RTP
Overhead + Payload = 40 + 38 + 1500

provides security for the internal set of address by hiding them behind a firewall. Full Cone NAT Also known as one-one NAT. This is the least restrictive kind of NAT because the port is permanently open and allows inbound connections from any external host (Leofort ,2013)

only accepting connections from the IP address and port it sent the outbound request to.

Fig 2.2 Port Restricted Cone NAT (Wikipedia 2013)

Symmetric NAT This is the strictest kind of NAT, because a socket is only made available to a specific host for a specific request. Only an external host that receives a packet from an internal host can send back a packet.

Fig 2.0 Full Cone NAT (Wikipedia 2013)

Restricted Cone NAT This works the same way as the Full Cone NAT works, the difference being a few IP address restrictions. The internal hosts would have to send packets to an external host before they can receive anything from the same external hosts.

Fig 2.3 Symmetric NAT (Wikipedia 2013)

Fig 2.1 Restricted Cone NAT (Wikipedia 2013)

Port Restricted Cone NAT This works the same way as the Restricted Cone NAT works, the difference being the added restrictions on the port. The Port Restricted Cone NAT restricts connections further by Amrah & Fatima

If one home VoIP client dials the other clients phone number, the resulting RTP stream will not stay entirely within the home LAN. This is because VoIP uses dynamic port numbers that are negotiated while establishing a call. The broadband home router would have to scan and translate the addresses first because of the NAT, before identifying and attempting to

connect to the client within the network.

PART TWO
QUESTION 5 IP address The trace file was created by capturing the packets at a certain point between a SIP Client and a SIP Proxy. The IP addresses of the two are as follows: 1- IP address of SIP Client: 136.186.229.95 2- IP address of SIP Proxy: 210.50.193.198 This was confirmed by the following flow graph obtained from WireShark

TTL is assumed to be 64 hops, then the TTL value from the client to the device running Wireshark is 64 hops and the TTL value from the proxy to the device running Wireshark is 51 hops evident from the following figures:

Fig. 4.0: TTL value from client

Fig. 5.0: TTL value from Proxy

Hence, No. of hops from client = 64 - 64 = 0 Hops No. of hops from proxy = 64 -51 = 13 Hops MAC Address The following figure shows the Ethernet addresses during the communication between the client and server, as it can be observed that the source MAC address is 00:08:74:df:70:3e which is the physical address of the client and the destination address is 00:00:0c:07:ac:e5 which is to all HSRP routers. This destination MAC address represents the virtual address of all the HSRP routers in the WAN.

Fig. 3.0: Flow Graph of Communication

From the figure it can be observed that the Requests i.e. messages sent from Client to server are generated by 136.186.229.95 whereas the Responses i.e. the messages sent from sent from the server to the client are generated by 210.50.193.198. Time-To-Live (TTL) TTL is a value in an Internet Protocol (IP) packet that specifies the number of hops that a packet is permitted to travel before being discarded by a router. In the provided trace file, if the default Amrah & Fatima

Fig. 6.0: Ethernet address from client to server

The following figure shows the Ethernet addresses during the communication between the server to the client. It can be observed that when the HSRP router replies to clients request, it uses its own MAC address i.e. 00:14:f1:02:78:00, instead of the destination address used in the above figure and also uses the client MAC address as the destination.

It consisted of the following types of SIP packets (responses as well as requests)

Fig. 7.0: Ethernet address from HSRP router to client

QUESTION 6 No. of Calls There were two (2) phone calls captured in the tracefile which can be verified by using the VoIP call option of WireShark as shown below:

Fig. 10.0: Types of SIP Packets

The number of RTP packets captured can be calculated by adding the RTP packets for all the 4 streams as shown below:

Fig. 11.0: No. of RTP Packets for 4 streams Fig. 8.0: No. of calls

The Number of SIP Packets captured was 41 Packets, which can be verified by the SIP statistics as shown in the following figure

Total no. of RTP packets = 4186 + 5506 + 4134 + 5141 = 18967 packets Direction, duration of call The details of both the calls can be observed from Fig. 8.0. First Call Wharrop with SIP ID of <wharrop@210.50.193.198> made a call to Lawrence Stewart with SIP ID <lstewart@136.186.229.95>. The 6

Fig. 9.0: No. of SIP Packets

Amrah & Fatima

duration of the call can be calculated by subtracting the start and stop time i.e. Duration of call = Stop Time Start Time= 115.398481 14.991120 = 100.407361 seconds i.e. Wharrop was calling Lawrence Second Call Lawrence Stewart with SIP ID of <lstewart@sip.room52.net> made a call to client with SIP ID <770@sip.room52.net>. The duration of the call is given by: Duration of call = Stop Time Start Time= 279.332307 168.326766 = 111.005541 seconds. QUESTION 7 A SIP registration process consists of the following steps:

Fig. 13.0: Registration process for the tracefile

A second registration message was sent by the client after the failure of the first registration attempt failed, with the following authorization information:

A nonce value of 362bafac was provided by the SIP server in response to the clients initial attempts to register. The very last REGISTER message in the provided tracefile had an 'Expires' value of zero as the registration was being cancelled. The flow graph shows the time between the initial INVITE message and the first RTP media stream and the time spent while waiting for the call to be picked:

Fig. 12.0: SIP Registration Process

401 Unauthorized message is generated by the SIP server in order to get authentication from the client which was also seen in the provided tracefile, in which clients initial attempt to register was rejected with a 401 Unauthorized message by the SIP server. This can be confirmed by the flow graph:

7 Amrah & Fatima

Fig. 14.0: SIP INVITE Message & 1st RTU media stram

as compared to the second call. The arrival times of packets for the first call keeps varying with time which could be due to network congestion, improper queuing, or configuration errors on the intermediary devices on the network.

Time between the initial IVITE and the first RTP media stream of the first phone call was = 31.573882 14.991120 = 16.582762 sec The Time Spent while waiting for the call to be picked up = 31.573882 15.007001 (100 Trying message) = 16.566881sec QUESTION 8 The distribution of inter-packet arrival times of RTP frames in from caller to the one being called is shown in the following graphs for each of the call
Fig. 18.0: Inter-Packet Arrival Time Graph For Second Call Fig. 17.0: Inter-Packet Arrival Time Graph For First Call

The distribution does not vary greatly for the first call in the reverse direction as can be observed in the first graph, which is a result of the congestion due to traffic traversing different bandwidth links. However, in the second call, the interpacket arrival time for the reverse direction remains fairly constant throughout the call evident from the second graph, which is a result of queuing delay on the devices in the reverse direction. As it can be concluded that as packets traversing the internet follow different paths having different bandwidth or increased traffic which can cause the arrival times of packets to vary. 8

Fig. 15.0: Inter-packet Arrival Time Graph for First Call

Fig. 16.0: Inter-packet Arrival Time Graph for Second Call

It can be observed that the inter-packet arrival time for the first call is higher Amrah & Fatima

QUESTION 9 The IP-level bitrate and packet rate over time for each RTP flow in each direction was plotted using the IO Graph in WireShark as shown in the following graph. The Internet Message Format (IMF) packet was used to find the secret message. IMF is the protocol used for text messages transferred over the internet. Hence in order to find the secret message first the IMF packet was searched for by the filter option in WireShark as shown below:

Fig. 19.0: IP-Level bit rate over time plot

Fig. 21.0: Search result for IMF Packet (WireShark)

The IMF protocol packet was selected which is packet number 14306 as shown in the above figure. The secret message was found in the line-based test data, as shown below:
Fig. 20.0: IP-Level packet rate over time plot

From the above graphs it can be observed that the bitrate and packet rate is at its peak value at certain periods whereas it is almost flat for the rest of the periods. It can be concluded that here were 2 calls being made, the first from 30 sec - 120 sec, with a bit rate and packet rate 170000 bits and 100 packets respectively and a calling time of 90 sec, whereas the second 170 sec - 280 sec, with a bit rate and packet rate similar to the first call and total calling time of 110 sec. It can further explained that the bit rate and packet rate was almost completely utilized during the calls. After the first call, it was left unused for some period and then the second call was made and left it unused again after it has finished.

Fig. 22.0: Secret Message in Line-based text data

Fig. 23.0: Secret Message.

From the above figure, the secret message is visible and is: I have a secret to tell you and only you. The secret is: I forgot my pen That is all. Lawrence.

9 Amrah & Fatima

References
1- Handley, Mark (1998) SDP: Session Description Protocol www.ietf.org/rfc/rfc2327.txt viewed 15/05/2013 2- Leofort, Joe Understanding NAT When Setting up Lync, Part 2 STUN and TURN Explained http://blogs.technet.com/b/mspf e/archive/2012/04/17/understan ding_2d00_nat_2d00_when_2d 00_setting_2d00_up_2d00_lyn c_2d00_part_2d00_2_2d00_stu n_2d00_and_2d00_turn_2d00_ explained.aspx viewed 13/05/2013 3- No name (2012) SIP: Protocol Overview, http://www.radvision.com/nr/rd onlyres/51855e82-bd7c-4d9daa8ae822e3f4a81f/0/radvisionsippro tocoloverview.pdf viewed 15/05/2013 4- Sakhnov, Kirill; Simak, Boris (2010) Method for Comfort Noise Generation and Voice Activity Detection for use in Echo Cancellation System Prague, 2010 5- http://www.voipinfo.org/wiki/view/ITU+G.711 viewed 17/05/2013 6- http://www.webopedia.com/TE RM/G/G_729.html viewed 12/05/2013

7- https://en.wikipedia.org/wiki/N etwork_address_translation#Ap plications_affected_by_NAT viewed 17/05/2013

10 Amrah & Fatima