I captured the flow of SIP packets between my router and the SIP registrar, to find out why my telephone is occasionally unable to make and receive calls.
I discovered, that the SIP registration is not renewed correctly at one point, shortly before the telephone is "dead".
However, I am unsure where the actual fault is located, because there seem to be multiple network actors involved.
- There is the registrar named
sip.alice-voip.dewith IP address62.53.223.131. - There an IP address
93.129.234.136, which is the router if I am not mistaken. - There is an unknown actor
2.57.121.124, which sends a SIP OPTIONS request, the purpose of which is unclear to me in this context. However it could be a security mechanism somewhere in the network, as the request contains headers related to the Sipvicious software. The actor appears only once in the whole capture. However other IP addresses repeat the same request later in time. - There is an another unknown actor
51.159.93.41, which sends a wrong SIP REGISTER request and appears only once in the whole capture. It occured to me that since the highlighted SIP REGISTER request comes from outside to my router (which is not a registrar) the router should just ignore it and continue with its registrar. Is it safe to assume that there is a bug in the router that prevents that?
I am not experienced in this kind of analysis, but I read about how SIP is supposed to work, and would be happy to learn how to find the faulty actor in such a case. I hope this is a good place to ask.