Characteristics of Real Open SIP-Server Traffic

  • Jan Stanek
  • Lukas Kencl
  • Jiri Kuthan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7799)


Voice-over-IP (VoIP) is currently one of the most commonly used communication options and Session Initiation Protocol (SIP) is most often used for VoIP deployment. However, there is not a lot of general knowledge about typical SIP traffic and research in this area largely works with various assumptions. To address this deficiency, we present a thorough study of traffic of a real, free and publicly open SIP server. The findings reveal, among others, a surprisingly high overhead of SIP due to connection maintenance through Network Address Translation (NAT) nodes, differences from typical Web server Zipf’s-law patterns and various unexpected creative uses of SIP servers.


Session Initiation Protocol Session Initiation Protocol Server Session Initiation Protocol Message Register Message Register Request 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Handley et. al. Sip: Session initiation protocol (rfc 2543),
  2. 2.
    Rosenberg et. al. Sip: Session initiation protocol (rfc 3261),
  3. 3.
    Rosenberg, J., et al.: Session traversal utilities for nat (stun),
  4. 4.
    Mahy, R., et al.: Traversal using relays around nat (turn): Relay extensions to session traversal utilities for nat (stun),
  5. 5.
    Rosenberg, J.: Ice: A protocol for network address translator traversal for offer/answer protocols,
  6. 6.
    Sparks, R.: Sip: Basics and beyond. Queue 5(2), 22–33 (2007)CrossRefGoogle Scholar
  7. 7.
    Prasad, J.K., Kumar, B.A.: Analysis of sip and realization of advanced ip-pbx features. In: ICECT 2011, vol. 6, pp. 218–222 (April 2011)Google Scholar
  8. 8.
    Yeryomin, Y., Evers, F., Seitz, J.: Solving the firewall and nat traversal issues for sip-based voip. In: ICT 2008, pp. 1–6 (June 2008)Google Scholar
  9. 9.
    Song, M., Chi, J., Pi, R., Song, J.: Implementing an express sip nat traversal server. In: ICPCA 2007, pp. 527–529 (July 2007)Google Scholar
  10. 10.
    Heo, J., Chen, E.Y., Kusumoto, T., Itoh, M.: Statistical sip traffic modeling and analysis system. In: ISCIT, pp. 1223 –1228 (2010)Google Scholar
  11. 11.
    Cortes, M., Ensor, J.R., Esteban, J.O.: On sip performance. Bell Labs Technical Journal 9(3), 155–172 (2004)CrossRefGoogle Scholar
  12. 12.
    Kang, H.J., Zhang, Z.-L., Ranjan, S., Nucci, A.: Sip-based voip traffic behavior profiling and its applications. In: MineNet 2007, pp. 39–44 (2007)Google Scholar
  13. 13.
    Ehlert, S., Wang, C., Magedanz, T., Sisalem, D.: Specification-based denial-of-service detection for sip voice-over-ip networks. In: Internet Monitoring and Protection, ICIMP 2008, June 29 -July 5, pp. 59–66 (2008)Google Scholar
  14. 14.
    Nassar, M., State, R., Festor, O.: Monitoring SIP Traffic Using Support Vector Machines. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 311–330. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Hentehzadeh, N., et al.: Statistical analysis of self-similar session initiation protocol (sip) messages for anomaly detection. In: 2011 4th IFIP Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5 (February 2011)Google Scholar
  16. 16.
    Ali Akbar, M., Farooq, M.: Application of evolutionary algorithms in detection of sip based flooding attacks. In: GECCO 2009 (2009)Google Scholar
  17. 17.
    Sisalem, D., Kuthan, J., Ehlert, S.: Denial of service attacks targeting a sip voip infrastructure: attack scenarios and prevention mechanisms. IEEE Network 20(5), 26–31 (2006)CrossRefGoogle Scholar
  18. 18.
    Andel, L., Kuthan, J., Sisalem, D.: Distributed media server architecture for sip using ip anycast. In: IPTComm 2009, pp. 5:1–5:11 (2009)Google Scholar
  19. 19.
    Community of developers. The sip router project (developed from openser),
  20. 20.
    Van Jacobson, Leres, C., McCanne, S., many later contributors: Tcpdump: Commandline packet analyzer,
  21. 21.
    Combs, G., contributors: Wireshark - network protocol analyzer,
  22. 22.
    WEBNet77. Ip to country multi-lookup tool,
  23. 23.
    ACM SIGCOMM partners. The internet traffic archive,

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Jan Stanek
    • 1
  • Lukas Kencl
    • 1
  • Jiri Kuthan
    • 2
  1. 1.Technicka 2Czech Technical University in PraguePrague 6Czech Republic
  2. 2.TekelecBerlinGermany

Personalised recommendations