Speedport packet monitor (DSL, Ethernet, VoIP)
Using one of the following router links, you can capture all Ethernet/Internet packets via a web-browser to a file (in Wireshark pcap format) for later analysis.
Fritzbox realtime packet monitor (DSL, Ethernet, VoIP)
Modern Fritzbox VoIP/DSL routers allow to capture all Ethernet/Internet packets via a web-browser (http://fritz.box/html/capture.html) to a file (in Wireshark pcap format) for later analysis. This greatly helps to analyze network-related problems (in my case VoIP/SIP packet communication).
Using the approach below, you can capture all Ethernet/Internet packets that are transmitted to or from your Fritzbox and monitor them in real-time using Wireshark.
What you need:
- Windows XP, Vista, Win7, Win8 or higher
- A Fritzbox router that supports challenge/SID authentification (e.g. Fritzbox 7240)
- Wireshark packet analyzer (I have tested Wireshark 1.12.2)
- My ‘fritzwire‘ Windows app
- Start the ‘fritzwire‘ app using your Fritzbox IP and your Fritzbox password via Windows comand line prompt (Windows start->Run: cmd):
fritzwire.exe 192.168.2.1 password internet OR: fritzwire.exe 192.168.2.1 password iface=lan
- Now start Wireshark like this (it will capture the named pipe):
c:\program files\wireshark\wireshark.exe -k -i \\.pipe\\wireshark
It will start capturing packets immediately (and you can define filters for all kind of protocols, analyze them etc.):
Analyzing Voice-Over-IP (VoIP) / SIP messages
A SIP registrar enables client applications to associate a user name (SIP phone number) with a specific network address (IP). In essence, registering provides a way for a user to say ‘Here I am!’.
sip:phone-number@sip-registrar —-> IP
A SIP proxy server is really just an entry point into a larger network of proxy servers. SIP messages that arrive at one proxy are routed to an appropriate destination, which is usually another proxy server or an end point (SIP client). Although SIP messages can be sent directly between SIP clients (e.g. Fritzbox VoIP), they are usually routed through a proxy server (e.g. Telekom proxy server).
To understand the details below, here’s an overview of the SIP registration (1., 2.) and the SIP phone call request (3.-8.) and RTP phone conversation (10.):
SIP domain resolving
There exist hundreds of registrar servers – so how does one SIP registrar server (in SIP domain A) resolve the domain lookup of a SIP client (in SIP domain B)?
‘sip:phone-number@registrar-domainA‘ —> ‘sip:phone-number@registrar-domainB‘
Now let’s see some examples – In the examples below, I did use a filter for VoIP messages (entered ‘sip || rtp’ as filter in Wireshark).
As you can see below, the Fritzbox issues a SIP re-registration (‘SIP REGISTER’) for the same phone number in several variants (first without user/password which fails, then again with user/password etc) :
Below is an example of VoIP incoming phone call request (‘SIP INVITE’). And this is the issue in our case: sometimes, the phone rings exactly ONE time, then hooks off itself – why? You can see the reason here: The Fritzbox automatically sends a ‘SIP 200 OK’, followed by a ‘SIP BYE’ directly after the ‘SIP INVITE’, although we did not touch the phone at all ! (no manual hook-off)
We also tried to use the Fritzbox built-in DECT port only (instead of the plain old telephone port) – no difference. We also tried to use SIP client-to-client conversation only (see further below). No difference.
Playback VoIP phone conversation data
You can playback VoIP phone conversation data (RTP payload data) with Audicity:
- In Wireshark, choose RTP packet, then Telephony->RTP->Stream analysis…
- Choose ‘Save payload’.
- In Audicity, choose File->import->Raw (for G.711 PCMA: alaw, 1 channel, 8 Khz)
Direct SIP calls in your local network
Using a software VoIP phone (SIP client, e.g. Linphone), you can make an SIP call from your PC to your Fritzbox within your local network (SIP client to SIP client) like this. Simply enter the phone number and IP of your Fritzbox:
SIP client (Windows app ‘Linphone’):
local SIP address: sip:email@example.com:5060 (default)
SIP client (Fritzbox VoIP and registered DECT phone):
Fritzbox SIP address: sip:firstname.lastname@example.org (your-phone-number@your-Fritzbox-IP)
SIP server proxies
VoIP (SIP) works using proxy servers – to find them out use ‘nslookup’ via Windows command line prompt (Windows start->Run: cmd):
Further examples of VoIP/SIP-related packet analysis can be found here.
DSL Annex J
In the DSL protocol (ADSL2+ Annex J / G.992.5 Annex J) that we use with our Fritzbox 7240, the lower ‘plain-old-telephone’ (POTS) / ISDN bands (up to 120 Khz) are also used for DSL communication as you can see in this spectrum plot:
Plain old telephone (POTS) signaling
This signal plot shows the involved phases of the plain old telephone signaling (e.g. used on Fritzbox Fon ports): on-hook, ring, off-hook, on-hook
The Fritzbox also offers some basic diagnostics for DECT handset phones (defined in ‘ETSI EN 300 175 Part1-Part8’ – uses 1880-1980 Mhz, 60 channels, 1728 kHz bandwidth, GFSK modulation, 1152 KBit data bitrate):
Additionally, you can capture DECT packets via the Fritzbox Web interface by choosing to capture a ‘dtrace‘: http://fritz.box/html/capture.html
DECT example packet flow
Incoming call (via SIP phone) to the DECT portable part (PP), and portable part initiating a call termination.
(PP: portable part, FP: fixed part, MAC: media access control layer, DLC: data link control layer, NWL: network layer, Fritzbox Controllers: 1=ISDN, 2=ISDN, 3=S0-Bus, 4=POTS, 5=SIP)
DECT PP DECT FP VoIP/SIP phone | |<----- INVITE ---------| | |------ 100 TRYING ---->| |<--- CC_SETUP ----------| | |---- CC_ALERTING ------>| | | |------ 180 RINGING --->| |---- CC_CONNECT-------->| | | |------ 200 OK -------->| | |<------ACK ------------| |<--- CC_CONNECT_ACK-----| | ... data transfer ... |-----CC_RELEASE-------->| | | |------- BYE ---------->| |<--- CC_RELEASE_COMLETE-| | | |<------ 200 OK --------|
Fritzbox support file
For support purposes, your Fritzbox can generate a file containing different log files of your Fritzbox (details about DSL, VoIP, DECT, detailed packets of last 10 calls etc.): http://fritz.box/support.lua
Experienced Linux users can enable (unsecure) telnet by calling your Fritzbox via phone number:
Enable telnet: #96*7*
Disable telnet: #96*8*
Now, you should be able to telnet (e.g. via PUTTY) your Fritzbox like this: telnet 192.168.2.1
Warning: you will loose warranty if activating telnet!
Fritzbox call monitor
You can monitor incoming calls – activate call monitor by calling your Fritzbox via phone number:
Enable callmonitor: #96*5*
Disable callmonitor: #96*4*
Now, you should be able to see incoming calls via TCP port 1012 (e.g. via PUTTY):
15.12.14 17:52:16;RING;0;00;123456789;SIP2; 15.12.14 17:52:35;DISCONNECT;0;0; 15.12.14 17:53:07;CALL;1;11;123456789;123456789;SIP0; 15.12.14 17:53:20;CONNECT;1;11;123456789;