Let’s dive into VoIP protocols — Episode 0
Introduction
Hi, in this series of article we are going to explore the main VoIP protocols through packet capture analysis. In each episode, after a short theoretical introduction, we will take a packet capture from the virtual lab dedicated to this series and dissect the information given by the network. Once this is done we’ll try to explore a few use cases with concrete examples based on additional capture if needed. All the packet captures used in the articles will be provided.
NOTE :In this series we will talk about Voice over IP but most of it can be also applied to Video over IP since it uses mostly the same protocols.
What is VoIP ?
If you already have a good understanding of VoIP Protocols you can skip to the next part.
Voice over IP is the practice of conferencing through IP networks, it is a field that is more and more critical for big companies in order to solve the challenges caused by globalization and space constrains. In fact VoIP is a very cost efficient way to communicate and allow broader possibilities that classic telephony such as multimedia streams and high interoperability between different types of devices. The key points in VoIP for professionals are :
- Quality of service : The voice need to be clear and have a low latency.
- Security : As in a lot of communication processes authentication, integrity, disponibility and confidentiality need to be enforced.
- Integration with classic telephony services.
In order to achieve these features, VoIP protocols are operating on two planes :
- The control and signaling plane : deals with the establishment of the sessions, definition or modification of the streams parameters. The two main standards are : SIP or H.323.
- The data plane : deals with the audio streaming. Mainly RTP and RSTP.
Summary :
In order to cover all of the ground we will focus on a single protocol for each of the first few episodes. Then, I’ll switch to thematic articles. The provisional summary is the following :
- SIP
- H.323
- RTP/RTCP
- RSVP & MGCP
- Cybersecurity
- Quality Of Service
The lab :
For this series, we will use a simple lab initially made of 5 virtual machines :
- 3 will play the role of the clients with different soft-phones : PC-Bruno using Ekiga (SIP & H.323), PC-Paul using Linphone (SIP) and PC-Alice also using Ekiga. A network capture will be done on the virtual switch between the clients.
- 3 of them will provide services : Asterisk and Kamilio for SIP and GNU Gatekepper (GnuGk) for H.323. A network capture will be done on the virtual switch between the servers.
The software :
We’ll use mainly PCAP-Inspector for the analysis. You can download it at https://www.pcap-inspector.com to get a free licence for 30 days.
PCAP-Inspector is an intuitive tool that allows users to quickly perform: Network hunting,
Incident forensics and Prevention. This solution provides a distraction free environment to leverage your PCAP data and explore your network. Efficiently import, filter, and analyze your packet captures.
Next article in the series will be available soon.
