Creating and sending INVITE and CANCEL SIP text messages

Emin Gabrielyan

2007-04-03

Switzernet Sΰrl

 

SIP is based on HTTP-like request/response transaction model. SIP messages are text encoded. We show how to manually invoke an INVITE text message making a SIP phone to ring and we show how to interrupt the ringing by manually sending a CANCEL text message.

 

SIP messages: Minimum required set for generating INVITE and CANCEL packets. 1

1....... Test configuration. 1

2....... How to send text messages within UDP packets. 1

3....... Sending the INVITE and CANCEL messages to a SIP phone via a Proxy server 2

4....... Sending the INVITE and CANCEL messages directly to the SIP phone bypassing the proxy server 5

5....... Links. 6

6....... Glossary. 6

 

1.   Our test configuration

 

In our configuration we have a SIP phone which received from DHCP server the following IP address 192.168.1.39. It is a Grandstream Budge Tone-100 SIP phone [configuration]. Its phone number is set to 41215500309.

 

We have a SER proxy server [configuration] which is running under IP address 192.168.1.15.

 

We have a computer at IP address 192.168.1.9 where from we can transmit text messages via UDP packets.

 

2.   How to send text messages within UDP packets

 

On the computer 192.168.1.9 we are using UDPFlood freeware from Foundstone. UDPFlood is a UDP packet sender. It sends out UDP packets to the specified IP and port. Packets can be made from a typed text stored in a file.

 

Antivirus software identifies this package as a Denial of Service (DoS) agent (UDPFlood actually can be used to transmit UDP packets at a high rate and can therefore affect the performance of target hosts). You may need to temporarily disable your antivirus software in order to run UDPFlood on your computer. Normally, while your antivirus program is running you cannot even unzip the executable [zip, 5.32KB], [at Foundstone].

 

3.   Sending the INVITE and CANCEL messages to a SIP phone via a Proxy server

 

Here is an example of a SIP INVITE message from RFC 3261 [unix, dos, pp. 10-12]

      INVITE sip:bob@biloxi.com SIP/2.0

      Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK776asdhds

      Max-Forwards: 70

      To: Bob <sip:bob@biloxi.com>

      From: Alice <sip:alice@atlanta.com>;tag=1928301774

      Call-ID: a84b4c76e66710@pc33.atlanta.com

      CSeq: 314159 INVITE

      Contact: <sip:alice@pc33.atlanta.com>

      Content-Type: application/sdp

      Content-Length: 142

 

The first line of the text-encoded message contains the method name (INVITE). The lines that follow are a list of header fields. This example contains a minimum required set. The header fields are described in the referred doc [rfc3261, pp. 10-12].

 

We prepared two short text files. One contains the INVITE message [txt]:

INVITE sip:41215500309@192.168.1.15 SIP/2.0

Via: SIP/2.0/UDP 192.168.1.9;branch=z9hG4bKfae8cb69f547b8cb

Max-Forwards: 70

To: <sip:41215500309@192.168.1.15>

From: <sip:41215500311@192.168.1.15>;tag=102

User-Agent: UDP Packet Sender

Call-ID: 070403-200101@192.168.1.9

CSeq: 5000 INVITE

Contact: <sip:41215500311@192.168.1.9>

Content-Type: application/sdp

Content-Length: 0

 

Another one contains the CANCEL message [txt]:

CANCEL sip:41215500309@192.168.1.15 SIP/2.0

Via: SIP/2.0/UDP 192.168.1.9;branch=z9hG4bKfae8cb69f547b8cb

Max-Forwards: 70

To: <sip:41215500309@192.168.1.15>

From: <sip:41215500311@192.168.1.15>;tag=102

User-Agent: UDP Packet Sender

Call-ID: 070403-200101@192.168.1.9

CSeq: 5000 CANCEL

Contact: <sip:41215500311@192.168.1.9>

Content-Type: application/sdp

Content-Length: 0

 

Two instances of UDP sender application are running. The first instance will send a packet to the Proxy server (at 192.168.1.15) containing the INVITE text message from the corresponding file:

(Only one packet is send when [Go] button is pressed)

 

Another instance of the UDP sender is prepared to send the CANCEL packet to the Proxy server:

 

As soon as we send the INVITE packet, the phone 41215500309 starts ringing. The ringing is interrupted as soon as the CANCEL packet is sent. It is important to have the same tag (within the From field) and the same Call-Id in both messages. Otherwise the CANCEL message cannot be associated with the previous INVITE message. The tag parameter of the From field, used for identification purposes, contains a random string which is normally added to the URI by the SIP phone or softphone [rfc3261, pp. 10-12].

 

Below is the screen output of the SER proxy server [txt].

 0(10799) +---------------------------------+

 0(10799) | Starting the main routing logic |

 0(10799) +---------------------------------+

 0(10799) INVITE

 0(10799) Via: SIP/2.0/UDP 192.168.1.9;branch=z9hG4bKfae8cb69f547b8cb

 0(10799) Max-Forwards: 70

 0(10799) To: <sip:41215500309@192.168.1.15>

 0(10799) From: <sip:41215500311@192.168.1.15>;tag=102

 0(10799) User-Agent: UDP Packet Sender

 0(10799) Call-ID: 070403-200101@192.168.1.9

 0(10799) CSeq: 5000 INVITE

 0(10799) Contact: <sip:41215500311@192.168.1.9>

 0(10799) Content-Type: application/sdp

 0(10799) Content-Length: 0

 0(10799) Before t_relay()

 0(10799) After t_relay(1)

 0(10799) +---------------------------------+

 0(10799) | Starting the main routing logic |

 0(10799) +---------------------------------+

 0(10799) CANCEL

 0(10799) Via: SIP/2.0/UDP 192.168.1.9;branch=z9hG4bKfae8cb69f547b8cb

 0(10799) Max-Forwards: 70

 0(10799) To: <sip:41215500309@192.168.1.15>

 0(10799) From: <sip:41215500311@192.168.1.15>;tag=102

 0(10799) User-Agent: UDP Packet Sender

 0(10799) Call-ID: 070403-200199@192.168.1.9

 0(10799) CSeq: 5000 CANCEL

 0(10799) Contact: <sip:41215500311@192.168.1.9>

 0(10799) Content-Type: application/sdp

 0(10799) Content-Length: 0

 0(10799) Before t_relay()

 0(10799) After t_relay(1)

 0(10799) +---------------------------------+

 0(10799) | Starting the main routing logic |

 0(10799) +---------------------------------+

 0(10799) CANCEL

 0(10799) Via: SIP/2.0/UDP 192.168.1.9;branch=z9hG4bKfae8cb69f547b8cb

 0(10799) Max-Forwards: 70

 0(10799) To: <sip:41215500309@192.168.1.15>

 0(10799) From: <sip:41215500311@192.168.1.15>;tag=102

 0(10799) User-Agent: UDP Packet Sender

 0(10799) Call-ID: 070403-200101@192.168.1.9

 0(10799) CSeq: 5000 CANCEL

 0(10799) Contact: <sip:41215500311@192.168.1.9>

 0(10799) Content-Type: application/sdp

 0(10799) Content-Length: 0

 0(10799) Before t_relay()

 0(10799) After t_relay(1)

This output contains logs printed by the SER proxy for every SIP message being transited through the server. The logged text is defined in SER configuration text file [unix, dos].

 

The SER screenshot shows one INVITE message and two CANCEL messages. All these three messages are sent from 192.168.1.9 computer using the UDP sender. As soon as the first message is sent (i.e. the INVITE), the proxy server redirects it to the SIP phone which starts ringing. The second message is CANCEL. However the call-id of this message does not match with the call-id of the previous INVITE. The CANCEL is probably forwarded to the SIP phone, but the SIP phone continues to ring since the CANCEL message is not associated with the previous INVITE. The third packet is again CANCEL, but this time with the call-id matching with that of the initial INVITE. As soon as the third packet (i.e. the good CANCEL) is transmitted the SIP phone stops ringing.

 

4.   Sending the INVITE and CANCEL messages directly to the SIP phone bypassing the proxy server

 

We can configure the UDP sender to send the packets directly to the SIP phone (at 192.168.1.39):

 

The SIP phone accepts the INVITE (since the incoming SIP messages are not denied from IP addresses other than its SIP server [configuration]) and starts ringing. The ringing can be terminated by a CANCEL message. Below is the text file [txt] which is directly transmitted to the SI P phone:

INVITE sip:0 SIP/2.0

Via: SIP/2.0/UDP 192.168.1.9;branch=107

Max-Forwards: 70

To: <sip:0>

From: <sip:41215500311@192.168.1.15>;tag=102

User-Agent: UDP Packet Sender

Call-ID: 070403-191201@192.168.1.9

CSeq: 1000 INVITE

Contact: <sip:41215500311@192.168.1.9>

Content-Type: application/sdp

Content-Length: 0

 

We deliberately inserted 0 as R-URI in the first line after the method name and in the To field. It signifies that the SIP phone does not control if the URI of SIP messages matches with its phone number (41215500309, the Authentication ID or SIP user ID, [configuration]). The CANCEL message is obtained by simply rewriting the method name in the first line of the text file (it works even if the CSeq field wrongly remains unmodified). The tag of the From field and the call-id of the CANCEL message must match with the initial INVITE message. A CANCEL packet sent with wrong tag or call-id will be ignored and the phone will continue to ring, until a matching CANCEL packet is sent.

 

For two cases (when sending the messages through SER and when sending them directly), different behaviors are observed when changing tag (within the From field) and branch (within the Via field) parameters [readme].

 

5.   Links

 

http://www.foundstone.com/resources/proddesc/udpflood.htm

http://www.ietf.org/rfc/rfc3261.txt

http://rfc.net/rfc3261.html

This document [doc], [htm], [MS htm]

6.   Glossary

 

SIP – Session Initiation Protocol

URI – Uniform Resource Identifier

R-URI – Request-URI

UDP – User Datagram Protocol

HTTP – Hypertext Transfer Protocol

DHCP – Dynamic Host Configuration Protocol

DoS – Denial of Service

RFC – Request for Comments

SER – SIP Express Router

SDP – Session Description Protocol

CSeq – Command Sequence