Understanding and Analyzing Session Description Protocol (SDP) Packets

Introduction

The Session Description Protocol (SDP) is a standard that defines the format for conveying multimedia session descriptions. It doesn't actually deliver media, but it describes the media streams and how they should be processed. SDP is commonly used in conjunction with signaling protocols like SIP (Session Initiation Protocol) to negotiate the parameters of media sessions.

What are SDP Packets?

An SDP packet describes the properties of a media session, such as the type of media (audio, video, text, etc.), the transport protocol to be used, the codec, IP address, port number, and other session-specific parameters.

A typical SDP description might look like this:

v=0
o=jdoe 2890844526 2890842807 IN IP4 10.47.16.5
s=SDP Seminar
c=IN IP4 10.47.16.5
t=2873397496 2873404696
a=recvonly
m=audio 49170 RTP/AVP 0
a=rtpmap:0 PCMU/8000

Each line of the SDP description starts with a one-character type, followed by an "=" sign and then the content.

Analyzing SDP Packets

To analyze SDP packets, you need to understand the meaning of the main fields:

1. v=: Protocol Version. Typically, this is "0".
2. o=: Originator and session identifier. It contains a username, session ID, version, network type, address type, and address.
3. s=: Session name.
4. c=: Connection Information. This typically includes the IP address where the media should be sent.
5. t=: Time the session is active.
6. m=: Media description. It starts with the media type, port, transport, and format.
7. a=: Attribute lines. They provide additional session-specific information.

Tools for Analyzing SDP Packets

There are several tools that can help you capture and analyze SDP packets:

1. Wireshark: A popular packet analyzer that can capture and decode SDP packets in real-time. Filters can be applied to only view SDP-related packets or to inspect associated protocols like SIP.
2. sngrep: A tool specifically designed for SIP calls inspection. It presents SDP information in a more readable format.
3. SDPInspect: A tool to validate and inspect SDP payloads.

Steps to Analyze SDP Packets with Wireshark:

1. Start capturing data on the desired interface using Wireshark.
2. Apply a filter for SIP (if SDP is being used in conjunction with SIP): sip
3. Browse through the captured packets to find SIP INVITE or other SIP messages that contain SDP payloads.
4. Click on the packet, and in the details pane, expand the SDP section to inspect the details.

Common Issues Identified Through SDP Analysis:

1. Codec mismatches: One end might be proposing a codec that the other end doesn't support.
2. IP/Port mismatches: The IP or port specified in the SDP might not be reachable or might be incorrect.
3. Attribute errors: Incorrect attributes or unsupported attributes can cause issues in session establishment.

Conclusion

Analyzing SDP packets provides valuable insights into multimedia session setups and potential issues. With the right tools and a deep understanding of the protocol, one can ensure smoother media session establishments and troubleshoot existing issues effectively.