Sushant If the issue is correlating HTTP responses to the appropriate request, you could do this using the TCP connection as there can only be a single HTTP request outstanding on a TCP connection at a time. So, when you've found an HTTP request in the capture, extract the source/target IP address/port and then find the next HTTP response in the capture with the matching target/source IP address/port (obviously flipped in relation to the request).
Mike -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Eleanor Merry Sent: 17 October 2014 20:43 To: Sushant Hiray; [email protected] Subject: Re: [Clearwater] Benchmarking per-hop delays Hi Sushant, The ha1 value is the md5 hash of username:realm:password, so you could correlate the packets by working out this for each username in your other packets. I don't know of a better workflow than you've already described though. Ellie -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Sushant Hiray Sent: 10 October 2014 20:51 To: [email protected] Subject: [Clearwater] Benchmarking per-hop delays Dear All, As a part of my project, I'm trying to benchmark the per hop delays corresponding to the sip-register request. For the packet inspection I'm using Scapy <http://www.secdev.org/projects/scapy/> I'm facing a bit of difficulty in tracing the route between sprout and homestead. Here are the payloads: In [26]: pkts[3].load Out[26]: 'GET /impi/user1%40ims.hom/av?impu=sip%3Auser1%40ims.hom HTTP/1.1\r\nHost: 10.129.34.49:8888\r\nAccept: */*\r\nX-SAS-HTTP-Branch-ID: f0b4177d-2053-40b6-b6a6-ed9e3bc24400\r\n\r\n' In [27]: pkts[5].load Out[27]: 'HTTP/1.1 200 OK\r\nContent-Length: 84\r\nContent-Type: text/plain\r\n\r\n{"digest":{"ha1":"52774557028aebeaf0115c259d970965","realm":"ims.hom","qop":"auth"}}' In [25]: pkts[13].load Out[25]: 'PUT /impu/sip%3Auser1%40ims.hom/reg-data?private_id=user1%40ims.hom HTTP/1.1\r\nHost: 10.129.34.49:8888\r\nAccept: */*\r\nX-SAS-HTTP-Branch-ID: 74992e9e-2e9b-45c2-9d1b-bebaaf0b1ae3\r\nContent-Length: 18\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n{"reqtype": "reg"}' In [24]: pkts[15].load Out[24]: 'HTTP/1.1 200 OK\r\nContent-Length: 847\r\nContent-Type: text/plain\r\n\r\n<ClearwaterRegData>\n\t<RegistrationState>REGISTERED</RegistrationState>\n\t<IMSSubscription xsi="http://www.w3.org/2001/XMLSchema-instance"; noNamespaceSchemaLocation="CxDataType.xsd">\n\t\t<PrivateID>user1 @ims.hom</PrivateID>\n\t\t<ServiceProfile>\n\t\t\t<InitialFilterCriteria>\n\t\t\t\t<TriggerPoint>\n\t\t\t\t\t<ConditionTypeCNF>0</ConditionTypeCNF>\n\t\t\t\t\t<SPT>\n\t\t\t\t\t\t<ConditionNegated>0</ConditionNegated>\n\t\t\t\t\t\t<Group>0</Group>\n\t\t\t\t\t\t<Method>INVITE</Method>\n\t\t\t\t\t\t<Extension/>\n\t\t\t\t\t</SPT>\n\t\t\t\t</TriggerPoint>\n\t\t\t\t<ApplicationServer>\n\t\t\t\t\t<ServerName>sip:mmtel.Unknown</ServerName>\n\t\t\t\t\t<DefaultHandling>0</DefaultHandling>\n\t\t\t\t</ApplicationServer>\n\t\t\t</InitialFilterCriteria>\n\t\t\t<PublicIdentity>\n\t\t\t\t<BarringIndication>1</BarringIndication>\n\t\t\t\t<Identity>sip:[email protected] </Identity>\n\t\t\t</PublicIdentity>\n\t\t</ServiceProfile>\n\t</IMSSubscription>\n</ClearwaterRegData>\n\n' So in response corresponding to the GET request by sprout, hss sends a STATUS 200/OK message. However, I couldn't find any identification in this packet so as to figure out, the response is corresponding to which user. In all the other 3 packets, there is an explicit mention of the exact user. Can you please help me figure out the appropriate identification in the packet. I can see there is an "ha1" hash in the payload, but I'm not sure, how is this linked to the username. On a sidenote: is there any better tool/workflow to benchmark per hop delays. My current workflow is to capture packets via tcpdump and then parse them and extract information using scapy. I would be happy to see if there is any better way to do the same. Thanks for your help. Regards, Sushant Hiray, Senior Undergrad CSE, IIT Bombay _______________________________________________ Clearwater mailing list [email protected] http://lists.projectclearwater.org/listinfo/clearwater _______________________________________________ Clearwater mailing list [email protected] http://lists.projectclearwater.org/listinfo/clearwater _______________________________________________ Clearwater mailing list [email protected] http://lists.projectclearwater.org/listinfo/clearwater
