Hi Mike, Evans, Thanks a lot for your suggestions. I actually went ahead with Mike's suggestions and was able to figure out the appropriate response corresponding to the request.
I correlated the response to the userid by maintaining a mapping of userid and the corresponding requests. Thanks for your help. Regards, Sushant Sushant Hiray, Senior Undergrad CSE, IIT Bombay On Sun, Oct 19, 2014 at 4:29 PM, Mike Evans <[email protected]> wrote: > Sushant > > If the issue is correlating HTTP responses to the appropriate request, you > could do this using the TCP connection as there can only be a single HTTP > request outstanding on a TCP connection at a time. So, when you've found > an HTTP request in the capture, extract the source/target IP address/port > and then find the next HTTP response in the capture with the matching > target/source IP address/port (obviously flipped in relation to the > request). > > Mike > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Eleanor Merry > Sent: 17 October 2014 20:43 > To: Sushant Hiray; [email protected] > Subject: Re: [Clearwater] Benchmarking per-hop delays > > Hi Sushant, > > The ha1 value is the md5 hash of username:realm:password, so you could > correlate the packets by working out this for each username in your other > packets. I don't know of a better workflow than you've already described > though. > > Ellie > > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Sushant Hiray > Sent: 10 October 2014 20:51 > To: [email protected] > Subject: [Clearwater] Benchmarking per-hop delays > > Dear All, > > As a part of my project, I'm trying to benchmark the per hop delays > corresponding to the sip-register request. > > For the packet inspection I'm using Scapy < > http://www.secdev.org/projects/scapy/> > > I'm facing a bit of difficulty in tracing the route between sprout and > homestead. > > Here are the payloads: > > In [26]: pkts[3].load > Out[26]: 'GET /impi/user1%40ims.hom/av?impu=sip%3Auser1%40ims.hom > HTTP/1.1\r\nHost: 10.129.34.49:8888\r\nAccept: > */*\r\nX-SAS-HTTP-Branch-ID: > f0b4177d-2053-40b6-b6a6-ed9e3bc24400\r\n\r\n' > > In [27]: pkts[5].load > Out[27]: 'HTTP/1.1 200 OK\r\nContent-Length: 84\r\nContent-Type: > > text/plain\r\n\r\n{"digest":{"ha1":"52774557028aebeaf0115c259d970965","realm":"ims.hom","qop":"auth"}}' > > In [25]: pkts[13].load > Out[25]: 'PUT > /impu/sip%3Auser1%40ims.hom/reg-data?private_id=user1%40ims.hom > HTTP/1.1\r\nHost: 10.129.34.49:8888\r\nAccept: > */*\r\nX-SAS-HTTP-Branch-ID: > 74992e9e-2e9b-45c2-9d1b-bebaaf0b1ae3\r\nContent-Length: 18\r\nContent-Type: > application/x-www-form-urlencoded\r\n\r\n{"reqtype": "reg"}' > > In [24]: pkts[15].load > Out[24]: 'HTTP/1.1 200 OK\r\nContent-Length: 847\r\nContent-Type: > > text/plain\r\n\r\n<ClearwaterRegData>\n\t<RegistrationState>REGISTERED</RegistrationState>\n\t<IMSSubscription > xsi="http://www.w3.org/2001/XMLSchema-instance"; > noNamespaceSchemaLocation="CxDataType.xsd">\n\t\t<PrivateID>user1 > > @ims.hom</PrivateID>\n\t\t<ServiceProfile>\n\t\t\t<InitialFilterCriteria>\n\t\t\t\t<TriggerPoint>\n\t\t\t\t\t<ConditionTypeCNF>0</ConditionTypeCNF>\n\t\t\t\t\t<SPT>\n\t\t\t\t\t\t<ConditionNegated>0</ConditionNegated>\n\t\t\t\t\t\t<Group>0</Group>\n\t\t\t\t\t\t<Method>INVITE</Method>\n\t\t\t\t\t\t<Extension/>\n\t\t\t\t\t</SPT>\n\t\t\t\t</TriggerPoint>\n\t\t\t\t<ApplicationServer>\n\t\t\t\t\t<ServerName>sip:mmtel.Unknown</ServerName>\n\t\t\t\t\t<DefaultHandling>0</DefaultHandling>\n\t\t\t\t</ApplicationServer>\n\t\t\t</InitialFilterCriteria>\n\t\t\t<PublicIdentity>\n\t\t\t\t<BarringIndication>1</BarringIndication>\n\t\t\t\t<Identity>sip:[email protected] > > </Identity>\n\t\t\t</PublicIdentity>\n\t\t</ServiceProfile>\n\t</IMSSubscription>\n</ClearwaterRegData>\n\n' > > So in response corresponding to the GET request by sprout, hss sends a > STATUS 200/OK message. However, I couldn't find any identification in this > packet so as to figure out, the response is corresponding to which user. > > In all the other 3 packets, there is an explicit mention of the exact user. > Can you please help me figure out the appropriate identification in the > packet. > I can see there is an "ha1" hash in the payload, but I'm not sure, how is > this linked to the username. > > On a sidenote: is there any better tool/workflow to benchmark per hop > delays. > My current workflow is to capture packets via tcpdump and then parse them > and extract information using scapy. I would be happy to see if there is > any better way to do the same. > > Thanks for your help. > > Regards, > Sushant Hiray, > Senior Undergrad CSE, > IIT Bombay > _______________________________________________ > Clearwater mailing list > [email protected] > http://lists.projectclearwater.org/listinfo/clearwater > _______________________________________________ > Clearwater mailing list > [email protected] > http://lists.projectclearwater.org/listinfo/clearwater > _______________________________________________ Clearwater mailing list [email protected] http://lists.projectclearwater.org/listinfo/clearwater
