Characteristics of Real Open SIP-Server Traffic

  • Jan Stanek
  • Lukas Kencl
  • Jiri Kuthan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7799)


Voice-over-IP (VoIP) is currently one of the most commonly used communication options and Session Initiation Protocol (SIP) is most often used for VoIP deployment. However, there is not a lot of general knowledge about typical SIP traffic and research in this area largely works with various assumptions. To address this deficiency, we present a thorough study of traffic of a real, free and publicly open SIP server. The findings reveal, among others, a surprisingly high overhead of SIP due to connection maintenance through Network Address Translation (NAT) nodes, differences from typical Web server Zipf’s-law patterns and various unexpected creative uses of SIP servers.


  1. 1.
    Handley et. al. Sip: Session initiation protocol (rfc 2543),
  2. 2.
    Rosenberg et. al. Sip: Session initiation protocol (rfc 3261),
  3. 3.
    Rosenberg, J., et al.: Session traversal utilities for nat (stun),
  4. 4.
    Mahy, R., et al.: Traversal using relays around nat (turn): Relay extensions to session traversal utilities for nat (stun),
  5. 5.
    Rosenberg, J.: Ice: A protocol for network address translator traversal for offer/answer protocols,
  6. 6.
    Sparks, R.: Sip: Basics and beyond. Queue 5(2), 22–33 (2007)CrossRefGoogle Scholar
  7. 7.
    Prasad, J.K., Kumar, B.A.: Analysis of sip and realization of advanced ip-pbx features. In: ICECT 2011, vol. 6, pp. 218–222 (April 2011)Google Scholar
  8. 8.
    Yeryomin, Y., Evers, F., Seitz, J.: Solving the firewall and nat traversal issues for sip-based voip. In: ICT 2008, pp. 1–6 (June 2008)Google Scholar
  9. 9.
    Song, M., Chi, J., Pi, R., Song, J.: Implementing an express sip nat traversal server. In: ICPCA 2007, pp. 527–529 (July 2007)Google Scholar
  10. 10.
    Heo, J., Chen, E.Y., Kusumoto, T., Itoh, M.: Statistical sip traffic modeling and analysis system. In: ISCIT, pp. 1223 –1228 (2010)Google Scholar
  11. 11.
    Cortes, M., Ensor, J.R., Esteban, J.O.: On sip performance. Bell Labs Technical Journal 9(3), 155–172 (2004)CrossRefGoogle Scholar
  12. 12.
    Kang, H.J., Zhang, Z.-L., Ranjan, S., Nucci, A.: Sip-based voip traffic behavior profiling and its applications. In: MineNet 2007, pp. 39–44 (2007)Google Scholar
  13. 13.
    Ehlert, S., Wang, C., Magedanz, T., Sisalem, D.: Specification-based denial-of-service detection for sip voice-over-ip networks. In: Internet Monitoring and Protection, ICIMP 2008, June 29 -July 5, pp. 59–66 (2008)Google Scholar
  14. 14.
    Nassar, M., State, R., Festor, O.: Monitoring SIP Traffic Using Support Vector Machines. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 311–330. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Hentehzadeh, N., et al.: Statistical analysis of self-similar session initiation protocol (sip) messages for anomaly detection. In: 2011 4th IFIP Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5 (February 2011)Google Scholar
  16. 16.
    Ali Akbar, M., Farooq, M.: Application of evolutionary algorithms in detection of sip based flooding attacks. In: GECCO 2009 (2009)Google Scholar
  17. 17.
    Sisalem, D., Kuthan, J., Ehlert, S.: Denial of service attacks targeting a sip voip infrastructure: attack scenarios and prevention mechanisms. IEEE Network 20(5), 26–31 (2006)CrossRefGoogle Scholar
  18. 18.
    Andel, L., Kuthan, J., Sisalem, D.: Distributed media server architecture for sip using ip anycast. In: IPTComm 2009, pp. 5:1–5:11 (2009)Google Scholar
  19. 19.
    Community of developers. The sip router project (developed from openser),
  20. 20.
    Van Jacobson, Leres, C., McCanne, S., many later contributors: Tcpdump: Commandline packet analyzer,
  21. 21.
    Combs, G., contributors: Wireshark - network protocol analyzer,
  22. 22.
    WEBNet77. Ip to country multi-lookup tool,
  23. 23.
    ACM SIGCOMM partners. The internet traffic archive,

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Jan Stanek
    • 1
  • Lukas Kencl
    • 1
  • Jiri Kuthan
    • 2
  1. 1.Technicka 2Czech Technical University in PraguePrague 6Czech Republic
  2. 2.TekelecBerlinGermany

Personalised recommendations