Transcription
SSCA CertificationExam ObjectivesThe SSCA exam is designed to test your skills and knowledge on the protocol SIP (SessionInitiation Protocol). Everything that you need to cover in order to pass this test is covered inthe SSCA SIP training program but if you decide to learn about SIP elsewhere then theseare the topics that you should learn about in order to be prepared for the test.This list is the same as the ‘course topics’ list also found under the ‘outline’ button next tothe course name in the Catalog.Please note that if you go along an alternate training path it is possible that you may get aquestion that may not have been covered in that path. It’s up to you!Please view the following pages for the complete topic list .
Core SIPSubject matter that may be included in the testSIP Why SIP?What is SIP?SIP ‘from the RFC’What are ‘Requests for Comments’ – RFCs?More than just 3261New RFCsIETF Working groupsBased on HTTPWhere does SIP fit in?SIP Clients and ServersSIP User AgentsSIP Dialog - INVITESIP System ArchitectureThe URI - Unique Resource IdentifierSIP AddressingSIP Addressing ExamplesSIP Servers and Operation RegistrationRe-RegistrationSIP Proxy servers and why we need themProxy Server ‘State’ typesDHCP and SIPSIP Proxy – Trapezoid ModelSIP Server – Proxy ModeSIP Server – Re-Direct ModeLocation ServicesSIP Server in Proxy ModeSIP Server in Proxy Redirect ModeStateful and Stateless ProxiesLocation ServeroComponentsoInformation SourcesoExampleSIP Client Configuration Configuration scenariosSome basic elements needed to configure a clientSIP Messaging Request MethodsResponse CodesSIP HeadersINVITE – ExampleRESPONSE (200 OK) – ExampleMore on HeadersSupport and Require HeadersoTimer (Session Times)o100rel (PRACK)Short form ‘compact’ HeadersSDP – the Session Description Protocol SDP – The Session Description ProtocolSDP in a SIP MessageAn SDP ExampleExtending SDPMultiple ‘m’ linesChanging Session ParametersSDP Example - Put a call on HoldSDP Example - Call Hold Trace
Call Hold – Old and New MethodsMusic on Hold exampleINVITE and reINVITESIP Mobility SIP MobilitySIP Call Forking - ParallelSIP Call Forking - SequentialCall legs, dialogs and Call IDsDialog trace exampleDialogs and TransactionsBranch IdsCall Forward to VoicemailCall Forward - No AnswerReplaces headerDiversion headersHistory-infoMore on Proxies and SIP Routing Stateless ProxyStateful ProxyMore Proxy informationVIA and Record RouteVIA DetailsRecord-Route DefinedRecord Route ExampleLoose and Strict RoutingSession PoliciesMIME MIMEMultiple MIME partsSIP and B2BUA B2BUA - Back to Back User AgentB2BUA ExampleB2BUA Benefits and FeaturesSIP ‘Call Process’ Summary The Call ProcessWiresharkSubject matter that may be included in the testWireshark What is Wireshark?Initial SetupFree SIP Account optionsFree @thesipschool.com SIP account / addressTest NumbersDesktop clientsoJitsi client for testingoBlink client for testingoBria Solo client for testingoPhonerLite client for testingMobile clientsoBria Solo for testingoMizuPhone for testingoLinphone for testingoWeePhone SIP for testingSIP phone in a BrowserSIP Browser clientsFree DID and CreditSecurity and SIP in WiresharkSocial Study directorySecurity and SIP in Wireshark
Download WiresharkWiresharkoIntroductionoMenus, Screens and ViewsoCapturing trafficoProfilesoDisplay FiltersoCapture FiltersoSIP Packet AnalysisoSIP ladders and Audio PlaybackoOther Menu optionsoSIP INVITE AnalysisoFollow a UDP StreamoFrame RelationshipsoColouring RulesoRTP StreamsUse the CloudPCAPs from ‘other’ placesLAB ExercisesWhat are the codes?SIP, the PSTN and SIP-TSubject matter that may be included in the testSIP and the PSTN SIP to PSTN OverviewSIP to PSTN Call FlowSIP to PSTN DetailPSTN to SIP Call FlowSIP to PSTN Call FailureSIP Codes and the PSTNEarly Media Early Media explainedEarly Media - SIP to PSTN CallEarly Offer and Delayed Offer Early Offer / Delayed OfferGateways Default Gateway?Gateways and expectationsSIP-T and PSTN Bridging SIP-T and SIP-ISS7, ISDN and SIPISUP and SIP MessagesISDN User Part (ISUP) to SIP CodesPSTN to PSTN via SIPISUP EncapsulationISUP Encapsulation / SDPAddressing NotesSIP and DTMF DTMF - Quick Re-CapWhat is DTMF?Inband vs Out-of-bandRFC 2833 ‘Trace’ exampleRFC 4733 replaces 2833RFC 4734SIP INFO 6086RFC 2833 ‘Trace’ exampleSIP INFO ‘Trace’ example
SIP, VVoIP and QoSSubject matter that may be included in the testWhat is VoIP or Voice over IP? What is VoIP?What is Voice over IP?VoIP – ‘A Basic Call’VoIP and TCP / UDPVoIP over the InternetBranch to Branch VoIPSignaling pathsSpeech pathsIP PBXVoice Sampling and Codecs EncodingCodecs for VoiceDynamic [RTP Payload type]The ‘Codec Test’MOS, R-Factor and High Definition (HD) VoiceSound testsCodecs and BandwidthPacket Rate / Packets per secondVariable bit rate / Constant bit rate codecsWideband (HD) codecsOpus codecOpus audio examplesThe Real Time Protocol or RTP RTP IntroRTP EncapsulationRTP Header TraceReal Time Control Protocol (RTCP)RTCP-XR (Extended Reports)RTP / RTCP and UDP PortsQuality of Service QoS describedQoS IssuesMeasuring DelayJitter and Packet LossGeneral VoIP Acceptance CriteriaQoS across all Networks802.1Q – VLANs802.1Q/P Tagging802.1P - L2 ClassificationTOS and DiffServLayer 3 ClassificationDSCP with Assured forwarding (AF)Bandwidth decisionsLink options – Symmetric DSL (SDSL)Bandwidth (kbps) vs. Packet per Second (pps)Network Behavior AnalysisIssues that can affect QoSQoS SummaryTesting your linkSIP, SDP and VoIP SIP in the TCP/IP ModelSIP and SDP Messages (e.g. Invite and 200OK)SIP and SDP Codec mappingVideo over IP
What is Video over IP?Streaming Voice and Video – 1 Way TransmissionTwo-way Conferencing with RTPCodec and Bandwidth ConsiderationsVideo bitrate CalculatorSetting Video Codecs on DevicesAudio and Video in the SDP bodyAssured SIP Services Assured SIP introService Provider ArchitectureProxy and Access Router functionsResource-PriorityVideo ‘example’Reason Header for Pre-emption EventsMore Proxy detailsMulti-Level Pre-emption and Precedence (MLPP)SummarySIP Security and IdentitySubject matter that may be included in the testAuthentication and Authorization SIP Proxy Authentication – in detail401 and 407 AuthorizationSIP AuthorizationPROXY AuthenticationHashing Algorithms [MD5, SHA etc.]Encryption Why Encrypt SIP?Encryption types (Symmetric / Asymmetric)Keying and HashingCertificate AuthoritiesCertificate ExampleThe Certificate application processInstalling your new CertificateBackup your Private keySelf-Signed CertificatesPublic Key Infrastructure - PKITLS – Transport Layer Security TLS in ActionTLS 1.2 Capture exampleTLS 1.3SSL/TLS checkingSecuring SIP signaling Securing SIP Signalling and then the media‘SIPS’ addressingTLS and SIP in actionCombinations of what you may see Securing the Media Stream Secure RTP (SRTP)Setting SRTP on SIP DevicesSecure RTP (SRTP) - ExampleSRTP and SRTCPsdes and the Crypto attributeCrypto attribute exampleSRTP Call example ‘showing’ CryptoCrypto – multiple streamsDTLS/SRTPSRTP with ZRTP
Encryption summarySIP trunks and Security SIP trunks and SecurityEnhancing SIP Trunk SecurityAttacks and Responses Types of Attack on a VoIP/SIP NetworkFBI network examplesResponses and ProtectionResponse Identity – A Problem!Rogue SIP ProxyPhishing and SIP exploitMore Examples RFC 4475Try for yourself with ‘example’ software toolsNIST Recommendations NIST Recommendations on securing VoIP3rd party training to extend your knowledge The SANS instituteSTIR/SHAKENSubject matter that may be included in the testSTIR/SHAKEN Introduction and topicsWho’s calling? The PSTN Caller ID Spoofing problemThe ‘scale’ of the problem (USA)Caller Identity Caller IdentityEnterprise IdentitiesP-Preferred and P-AssertedCNAM/eCNAM Spoofing a number - VideoSpoofingSTIR/SHAKEN Robocalling and moreWhy this is a problemA First Step: STIR/SHAKENSTIR/SHAKEN in a NutshellWhat is a PASSporT?Haven’t I Heard of SIP Identity Already?STIR/SHAKEN ArchitectureSigned INVITE ExamplePASSporT Token from ExamplePASSporT Token in JSONPASSporT Token Protected HeaderPASSporT Token PayloadThe ‘digital signature’Fetching CertificateSuccess Call FlowFailure Call Flow – Missing Identity HeaderFailure Call Flow – Bad Identity HeaderCertificate management for STIR/SHAKEN
Partner systemSTI Certificate for AuthenticationAttestationThe SIP School ‘test system’VerstatSTIR/SHAKEN in actionVideo - Authentication to VerificationService providers with SHAKENEnterprises and the ‘A’ The ‘Attestation gap’How to ‘fix’ the gap – some optionsDelegate CertificatesDelegate Certificates base PASSporTDelegate Certificates for OTT providersEnterprise CertificatesTN DatabasesDistributed LedgerTrustGetting ‘Creative’Which option is best?Rich Call Data What is Rich Call Data?Rich Call data locationAdding Rich Call DataRich Call Data in the tokenRCD jCard / rcdiRCD and Delegated certsInternational STIR/SHAKEN International AttestationATIS and International calls – BilateralATIS and International calls – Central RegistryOut of Band STIR/SHAKEN Why is this a problem?Out of Band (OOB) STIR with TDMAnother OOB exampleCall Diversion Diverted call flow“div” in a SIP INVITE“div-o”Call Analytics An overviewWhat’s happening now The Traced ActWhere are we now?‘Other Services and TechniquesBringing it all togetherPossible extensionsFCC mandateRobocall mitigationFind the call originatorIndustry Traceback Group (ITG)Resources ‘Some’ other companies offering STIR/SHAKENATIS testbedSTIR and SHAKEN referencesSTIR/SHAKEN conferenceBest practices.
Firewalls, NAT and Session Border ControllersSubject matter that may be included in the testFirewalls What does a Firewall do?Are Firewalls effective?NAT or Network Address Translation What is NAT?NAT RequestNAT ResponseUDP Hole punchingNAT HairpinningMedia Hairpinning/TromboningMultiple NATsNAT in more detail Types of NATNAT – Full ConeNAT – Restricted ConeNAT – Port Restricted ConeNAT – SymmetricNew TerminologiesoMapping and FilteringEndpoint Independent MappingAddress Dependent MappingAddress and Port Dependent MappingNAT Filtering RulesThe NAT & Firewall ‘problem’ The NAT problemThe NAPT or (PAT) ProblemThe Firewall ProblemThe Solutions Interactive Connectivity Establishment (ICE)‘Classic STUN’ (Session Traversal Utilities for NAT)VIA received parameterVIA rport parameterProblems with ‘Classic’ STUNSymmetric RTPSTUN RFC 8489Request and Response exampleTURN (Traversal Using Relays around NAT)ICE ‘In Theory’Candidate information and other ‘ICE stuff’.ICE ‘In action’ICE tagsICE-Lite and Trickle-ICEICE Client settingsMore on ICEMedia ProxyThe Solutions (continued) Application Level GatewaySIP Aware Firewalls - IncomingSIP Aware Firewalls - OutgoingUniversal Plug and Play (UPnP)‘Near end’ NAT‘Far end’ NATGRUU (Globally Routable User Agent)Session Border Controllers SBC for the Enterprise and SBC for the ITSPRecommended Session Border Controller features
SBCs in Action!SBCs and message manipulation / normalizationSIP ‘Refer’ problemsSBC ‘Interop’ exampleSBC Manufacturers – examplesSBCs in the Cloud / as a ServiceSIP TrunkingSubject matter that may be included in the testSIP Trunks What is a SIP TrunkAlternative to TDMSeparate Data and Voice connectionsConverging the networkSIP Trunks and CodecsSIP Trunk BenefitsSIP Trunking – In More Depth SIP Trunk CapabilitiesSIP Trunking Network ExamplesSIP PeeringPeering problems?Least Cost routing (LCR)Disaster RecoveryDisaster Recovery ‘Expanded detail’Disaster Recovery – Last resort?Number ConsolidationVirtual PresencesTrunking Variations Single Site, No ‘Forklift’Single Site, TDM PBXSingle Site, ConvergedConverged – SIP/IP PBXMultiple Site, ‘Converged’Multiple Site, ‘Converged’ central SBCMultiple Site, ‘Converged’ Multiple SBCsMedia Gateways SIP PBX to Non-SIP PBXSIP PBX to Non-SIP PBX, Call FlowSIP Trunk Performance Connection typesThe ADSL issueCodecs, Voice and DataSymmetric DSL (SDSL)Bandwidth CalculatorTesting your linkADSL DevelopmentsFibre OptionsTrunk ‘bursting’Elastic SIPSIP Trunks, MPLS and SD-WAN MPLS, basic explanationMPLS Label formatMPLS in a MAC frameMPLS example networkMPLS benefitsYour own private WANbut ‘Not the only client’Separate MPLS networksVPLS explained
WAN Optimization, Hybrids and SD-WANSoftware Defined WANs explainedoOrchestratoroPoliciesoSD-WAN device capabilitiesSetting up a SIP Trunk SIP trunk configuration on ‘sample’ PBXOutbound ‘Dialling’ RuleCalling across the trunkCall analysis with WiresharkoCall FlowoSIP ladderModes of Operation Registration ModeStatic ModeSecurity and SIP Trunks SIP Trunk Security - OverviewMicrosoft (a little) Skype for Business and SIP TrunksServers and ProtocolsMicrosoft Teams and Calling plansMicrosoft Teams and Direct RoutingTroubleshooting and Interops SIP Trunks and Common ProblemsThe SIP ForumSIP ConnectSIP Connect 1.1 onto 2.0Interoperability testingChoosing an ITSP Understanding ITSP Offerings'Sticking points’?What you may need in the futureSIP trunk ‘connectivity’oThings to watch out for when connecting to your ITSP‘Finding’ an ITSPSIP trunking Checklist for ITSP evaluationTesting, Troubleshooting and InteroperabilitySubject matter that may be included in the testSetting up your test environment Your SetupUsing SIP IP Phones and SoftphonesJitsi, Blink, Bria Solo and PhonerLite setup – reminder.Choosing a ‘Trial/Test’ ITSPGet ‘another’ SIP accountSIP2SIP accountConfigure Blink and Jitsi on the same PC for testingUsing ‘Test Numbers’Wireshark Where to ‘capture’More options for Packet CapturingWireshark ‘Revisited’Colours and the Intelligent ScrollbarPacket ‘Marking’ and ‘Comments’New Packet Window
Exporting ‘Specified’ FramesRTP StreamsTShark (Terminal-based Wireshark)PCAP-ng and PCAP formatsAlternatives to WiresharkYou try!Interoperability Testing Interop Testing and why Interop can be toughDifferent interpretations in the RFC 3261Interop Test ScenarioInterop Test OperationsSample Interop Traces with WiresharkWireshark example videos to help understand interop issuesMore Sample capturesVideo call testingVideo tests with Wireshark trace analysis‘Basic’ Interop Test ListSIPIT eventsCommon SIP problems Will it ever work?Where can you start checking?What else can you do?Common SIP/VoIP ProblemsTroubleshooting SIP Trunks4xx — Client Failure Responses5xx — Server Failure Responses6xx — Global Failure ResponsesMore SIP Testing Tools SIP WorkbenchSIP ScanVisualware for testingHoverIPNSLookupVoip-info for more tools!Using the NET to find answersOther SIP Resources
ENUM, Peering and InterconnectSubject matter that may be included in the testENUM Explained What is E.164?What is ENUM?Why ENUM?Call Routing and ENUM - ExampleEnum, DNS and Domains Why are we using DNS?DNS OperationDNS Root Server ‘Mirrors’‘Finding’ Domain name servers using NSLookupThe e164.arpa DomainApproved ENUM Delegations (RIPE)TIERS 0, 1, 2 and 3e164.arpa Domain ‘in action‘ENUM DelegationsAddress of RecordPSTN to SIP UA – ExampleThe ENUM QueryDNS Response to an ENUM queryNAPTR and DNS recordsFinding SIP servers using the tool - DIGIP to PSTN (Simplified)RFC 6140Types of ENUM Different ‘Types’ of ENUMThe Problems with ‘Public’ ENUMExample – ‘Private’ ENUM‘Carrier’ ENUM and e164enum.netPeering and Interconnect (for VoIP and Video) Stay ‘On-NetFrom ITSP to PSTN and Back !Loss of features with the PSTNPeering Profiles and AgreementsBi-lateral PeeringMulti-lateral PeeringBack to ENUMA complete ‘infrastructure’Who’s involved?IP-NNI Network-to-Network interface [NNI]ATIS and the SIP Forum for NNIBenefits of SIP NNIHistory of IP NNI EffortLayers of InterconnectionoIP Interconnection ProfileoIP Interconnection RoutingIP NNI ProfileIP NNI Trust ModelIdentitiesCodecsDTMF and FaxFault Isolation and TroubleshootingQoSSIP-Specific Details of IP NNIIP Interconnection RoutingAggregate ApproachPer-Telephone Number (TN) ApproachWhat’s Next for NNI
ENUM Explained What is E.164?What is ENUM?Why ENUM?Call Routing and ENUM - ExampleEnum, DNS and Domains Why are we using DNS?DNS OperationDNS Root Server ‘Mirrors’‘Finding’ Domain name servers using NSLookupThe e164.arpa DomainApproved ENUM Delegations (RIPE)TIERS 0, 1, 2 and 3e164.arpa Domain ‘in action‘ENUM DelegationsAddress of RecordPSTN to SIP UA – ExampleThe ENUM QueryDNS Response to an ENUM queryNAPTR and DNS recordsFinding SIP servers using the tool - DIGIP to PSTN (Simplified)RFC 6140Types of ENUM Different ‘Types’ of ENUMThe Problems with ‘Public’ ENUMExample – ‘Private’ ENUM‘Carrier’ ENUM and e164enum.netPeering and Interconnect (for VoIP and Video) Stay ‘On-NetFrom ITSP to PSTN and Back !Loss of features with the PSTNPeering Profiles and AgreementsBi-lateral PeeringMulti-lateral PeeringBack to ENUMA complete ‘infrastructure’Who’s involved?IP-NNI Network-to-Network interface [NNI]ATIS and the SIP Forum for NNIBenefits of SIP NNIHistory of IP NNI EffortLayers of InterconnectionoIP Interconnection ProfileoIP Interconnection RoutingIP NNI ProfileIP NNI Trust ModelIP-NNI (continued) IdentitiesCodecsDTMF and FaxFault Isolation and TroubleshootingQoSSIP-Specific Details of IP NNIIP Interconnection RoutingAggregate ApproachPer-Telephone Number (TN) ApproachWhat’s Next for NNI
SIP in the CloudSubject matter that may be included in the test‘Types' of ‘Cloud’ Public, Private and HybridHosted SIP What Hosted SIP service isHosted functions and featuresExample Network including ‘failover’‘Hosted’ clients in actionWhy Hosted – Benefits and things to considerWhy on-site PBX – Benefits and things to considerAuto Provisioning Auto Provisioning ExampleBoot ServerClient ConfigClient boot sequenceClient config downloadRFC 6011Zero-Touch ProvisioningZero-touch exampleBenefits of Hosted SIP ServiceBenefits of Onsite PBX and SIP trunksPBX in the Cloud with SIP Trunks Cloud and SIP trunk Config overviewConfiguring a SIP trunk on the ‘Hosted’ PBX (in the Cloud)E.164 Outbound routing exampleCalling from Softphone via Cloud PBXPCAP for analysisSIP, LTE, the IMS and VoLTE Network OverviewRAN, eNodeB, EPC, IP Core and 3GPP4G, LTE, LTE Advanced, WiMAX2The RAN and EPCDefault Bearer SetupIntroduction to the Servers and Functions in the IMSoCSCFoS-CSCFoP-CSCFoI-CSCFoHome Subscriber Server HSSoApplication ServeroTASoPSCFoDNS and ENUMDevice Registration (with SIP)SIP Registration packet exampleSIP in the IMS – Call Flow explainedIntroduction to VoLTE and the threat of OTT servicesMaking VoLTE workoSIP Preconditions in ActionoWith Codec examples within SDPSIP Call flow for VoLTEQuality settings ‘recap’VoLTE media flowMore on VoLTEThe IMSLayers architectureoApplicationoIMS / Session ControloAccess and Transporto3GPP
Multiple access devicesoRCS and OTTWho provides IMS solutions?IPX and Peering for Security, QoS and SLAsGSMA and IR.92HD Voice NewsSIP in Cellular networksSubject matter that may be included in the testSIP in Cellular networks Network OverviewRAN, eNodeB, EPC, IP Core and 3GPP4G, LTE, LTE Advanced LTA-Pro, WiMAX2The RAN and EPCDefault Bearer SetupIntroduction to the Servers and Functions in the IMSoCSCFoS-CSCFoP-CSCFoI-CSCFoHome Subscriber Server HSSoApplication ServeroTASoPSCFoDNS and ENUMDevice Registration (with SIP)SIP Registration packet exampleSIP in the IMS – Call Flow explainedIntroduction to VoLTE and the threat of OTT servicesMaking VoLTE workoSIP Preconditions in ActionoWith Codec examples within SDPSIP Call flow for VoLTEQuality settings ‘recap’VoLTE media flowMore on Vo
Bandwidth (kbps) vs. Packet per Second (pps) Network Behavior Analysis Issues that can affect QoS QoS Summary Testing your link SIP, SDP and VoIP SIP in the TCP/IP Model SIP and SDP Messages (e.g. Invite and 200OK) SIP and SDP Codec mapping Video over IP
