Friday, August 24, 2012

VoIP STUN Request/Response Packet Structure


STUN stands for Session Traversal Utilities for NAT mainly used in NAT Traversal for IP Applications (say Voice, Video, Messaging).

Below snapshot shows STUN Request Packet

Below snapshot shows STUN Response Packet 
Text view of full capture
Request
No.     Time        Source                Destination           Protocol Length Info
    264 200.289545  10.0.0.2              77.72.169.158         CLASSIC-STUN 62     Message: Binding Request

Frame 264: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
    Arrival Time: Aug 23, 2012 16:36:32.609220000 India Standard Time
    Epoch Time: 1345719992.609220000 seconds
    [Time delta from previous captured frame: 7.022449000 seconds]
    [Time delta from previous displayed frame: 15.027355000 seconds]
    [Time since reference or first frame: 200.289545000 seconds]
    Frame Number: 264
    Frame Length: 62 bytes (496 bits)
    Capture Length: 62 bytes (496 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:udp:classicstun]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
Ethernet II, Src: Vmware_ef:18:30 (00:0c:29:ef:18:30), Dst: (00:bb:f7:00:8b:1f)
    Destination: (00:bb:f7:00:8b:1f)
        Address: (00:bb:f7:00:8b:1f)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Vmware_ef:18:30 (00:0c:29:ef:18:30)
        Address: Vmware_ef:18:30 (00:0c:29:ef:18:30)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.0.0.2 (10.0.0.2), Dst: 77.72.169.158 (77.72.169.158)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 48
    Identification: 0x3eea (16106)
    Flags: 0x00
        0... .... = Reserved bit: Not set
        .0.. .... = Don't fragment: Not set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (17)
    Header checksum: 0xfaea [correct]
        [Good: True]
        [Bad: False]
    Source: 10.0.0.2 (10.0.0.2)
    Destination: 77.72.169.158 (77.72.169.158)
User Datagram Protocol, Src Port: 8006 (8006), Dst Port: stun (3478)
    Source port: 8006 (8006)
    Destination port: stun (3478)
    Length: 28
    Checksum: 0x1f88 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
Simple Traversal of UDP Through NAT
    [Response In: 265]
    Message Type: Binding Request (0x0001)
    Message Length: 0x0000
    Message Transaction ID: 000000007e5634120000000000000000


Response
No.     Time        Source                Destination           Protocol Length Info
    265 200.465322  77.72.169.158         10.0.0.2              CLASSIC-STUN 98     Message: Binding Response

Frame 265: 98 bytes on wire (784 bits), 98 bytes captured (784 bits)
    Arrival Time: Aug 23, 2012 16:36:32.784997000 India Standard Time
    Epoch Time: 1345719992.784997000 seconds
    [Time delta from previous captured frame: 0.175777000 seconds]
    [Time delta from previous displayed frame: 0.175777000 seconds]
    [Time since reference or first frame: 200.465322000 seconds]
    Frame Number: 265
    Frame Length: 98 bytes (784 bits)
    Capture Length: 98 bytes (784 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:udp:classicstun]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
Ethernet II, Src: (00:bb:f7:00:8b:1f), Dst: Vmware_ef:18:30 (00:0c:29:ef:18:30)
    Destination: Vmware_ef:18:30 (00:0c:29:ef:18:30)
        Address: Vmware_ef:18:30 (00:0c:29:ef:18:30)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: (00:bb:f7:00:8b:1f)
        Address: (00:bb:f7:00:8b:1f)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 77.72.169.158 (77.72.169.158), Dst: 10.0.0.2 (10.0.0.2)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 84
    Identification: 0x19c5 (6597)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 238
    Protocol: UDP (17)
    Header checksum: 0x71eb [correct]
        [Good: True]
        [Bad: False]
    Source: 77.72.169.158 (77.72.169.158)
    Destination: 10.0.0.2 (10.0.0.2)
User Datagram Protocol, Src Port: stun (3478), Dst Port: 8006 (8006)
    Source port: stun (3478)
    Destination port: 8006 (8006)
    Length: 64
    Checksum: 0xac24 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
Simple Traversal of UDP Through NAT
    [Request In: 264]
    [Time: 0.175777000 seconds]
    Message Type: Binding Response (0x0101)
    Message Length: 0x0024
    Message Transaction ID: 000000007e5634120000000000000000
    Attributes
        Attribute: MAPPED-ADDRESS
            Attribute Type: MAPPED-ADDRESS (0x0001)
            Attribute Length: 8
            Protocol Family: IPv4 (0x0001)
            Port: 8006
            IP: 61.12.12.132 (61.12.12.132)
        Attribute: SOURCE-ADDRESS
            Attribute Type: SOURCE-ADDRESS (0x0004)
            Attribute Length: 8
            Protocol Family: IPv4 (0x0001)
            Port: 3478
            IP: 77.72.169.158 (77.72.169.158)
        Attribute: CHANGED-ADDRESS
            Attribute Type: CHANGED-ADDRESS (0x0005)
            Attribute Length: 8
            Protocol Family: IPv4 (0x0001)
            Port: 3479
            IP: 77.72.169.159 (77.72.169.159)

Other articles of your interest might be
http://darshanams.blogspot.in/2012/06/sip-security1-scanning-voippbx-servers.html
http://darshanams.blogspot.in/2008/11/deciphering-google-talk-jabber.html
http://darshanams.blogspot.in/2009/03/i-was-just-checking-my-mails.html

Posted by at
Labels: ,

2 comments:

  1. cloudshinepro.comOctober 13, 2020 at 9:58 AM

    These kinds of proposals are exceptionally helpful to me. You are giving acceptable information about pocket. I trust everybody will appreciate this article as much as me. Much obliged to you for offering this to us. Oracle Fusion Cloud Manufacturing training Course

    ReplyDelete
  2. M. TahaDecember 3, 2020 at 4:31 AM

    Yes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!THANKS!!!!!! getresponse review

    ReplyDelete

Subscribe to: Post Comments (Atom)