Jeremy double-clicks on Vadim N. Korepin, who is in his contact list, to open a messaging window, as shown in Figure 4-13.

Figure 4-13. Communicator 2007—Messaging window

Jeremy types the message, "Sorry to hear about the coffee cup :)," into the text box at the bottom of the messaging window, and the message is sent when he hits Enter on the keyboard. This sends a message to Vadim, and Jeremy's message is shown in the current message history window to make tracking the conversation easier, as shown in Figure 4-14.

Figure 4-14. Communicator 2007—Message sent

Vadim receives a notification on his desktop, as shown in Figure 4-15, alerting him that Jeremy sent him a message to initiate a new conversation. This notification can be clicked to open the messaging window, or Vadim can open the window directly from the task bar. (It will be blinking to show that an unread message has been received.)

Figure 4-15. Communicator 2007—Message notification

Jeremy receives the message from his coworker, and it shows up in the message history window, as shown in Figure 4-16.

Figure 4-16. Communicator 2007—Receiving a message

Jeremy sends a hyperlink to an interesting article by pasting the URL into the text box and sending it, as shown in Figure 4-17.

Figure 4-17. Communicator 2007—Sending a hyperlink

Vadim receives the hyperlink, but it has a leading "_" inserted, which prevents it from showing up properly as a hyperlink, as shown in Figure 4-18. More information about what is happening here with content filtering is provided in the next section, Examining the Technical Details Behind the Instant Messaging Scenario.

Figure 4-18. Communicator 2007—Receiving a hyperlink

Jeremy sends a file by using the file icon button on the top-right of the messaging window and waits for Vadim to accept the file, as shown in Figure 4-19. Vadim receives a similar view where he can accept the transfer and view the file by clicking on the file icon shown in the messaging history after the download completes.

Figure 4-19. Communicator 2007—Sending a file

Jeremy decides to share video, because both he and Vadim have a camera. After they talk briefly, they stop sharing the video session, as shown in Figure 4-20.

Figure 4-20. Communicator 2007—Sharing video

At some point the conversation is complete, so Jeremy closes the window, effectively ending the conversation.

Setting up a conversation at a protocol level is much more involved than it would seem from the user interface. A summary of the protocol messages involved are shown in the diagram shown in Figure 4-21, which also serves as a visual overview of the protocol message flow involved in establishing a messaging session and in sending the first message.

Figure 4-21. Session establishment and sending a message

When the first message is sent—"Sorry to hear about the coffee cup :)"—a messaging session is established at a protocol level. This is initiated by an INVITE message to establish the session. The INVITE actually carries the first message in the session and is base64 encoded into the ms-body parameter of the Ms-Text-Format header so that it can be presented with the request to start a messaging session.

INVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/TLS 192.168.3.100:1467
Max-Forwards: 70
From: <sip:[email protected]>;tag=e57383c75b;epid=aa6d968e18
To: <sip:[email protected]>
Call-ID: d1a1cdc2192048f7a8e9703774cfebcc
CSeq: 1 INVITE
Contact: <sip:[email protected];opaque=user:epid:upbza9anR1KJ-8E7UvWEDQAA;gruu>
User-Agent: UCCP/2.0.6093.0 OC/2.0.6093.0 (Microsoft Office Communicator)
Ms-Text-Format: text/plain; charset=UTF-8;
msgr=WAAtAE0ATQBTAC0ASQBNAC0ARgBvAHIAbQBhAHQAOgAgAEYATgA9AE0AUwAlADIAMABTAGgAZ
QBsAGwAJQAyADAARABsAGcAJQAyADAAMgA7ACAARQBGAD0AOwAgAEMATwA9ADAAOwAgAEMAUwA9ADA
AOwAgAFAARgA9ADAACgANAAoADQA;  ms-
body=U29ycnkgdG8gaGVhciBhYm91dCB0aGUgY29mZmVlIGN1cCA6KQ== Supported: ms-delayed-accept
Supported: ms-renders-isf
Supported: ms-renders-gif
Supported: ms-renders-mime-alternative
Ms-Conversation-ID: AceOhaxSC0KoxENJSUqzhraNmoHCew==
Supported: timerSupported: ms-sender
Roster-Manager: sip:[email protected]
EndPoints: <sip:[email protected]>, <sip:[email protected]>
Supported: com.microsoft.rtc-multiparty
Supported: ms-mspms-keep-alive: UAC;hop-hop=yesSupported: ms-conf-invite
Proxy-Authorization: Kerberos qop="auth", realm="SIP Communications Service",
opaque="E8EA7EDD", crand="e870674a", cnum="19",
targetname="sip/srv.contoso.com", response=
"602306092a864886f71201020201011100ffffffff3ee9fabb267878a043ed3695933d69f8"
Content-Type: application/sdp
Content-Length: 205
v=0o=- 0 0 IN IP4 192.168.3.100s=sessionc=IN IP4 192.168.3.100t=0 0
m=message 5060 sip nulla=accept-types:text/rtf application/x-ms-ink image/gif
multipart/alternative application/ms-imdn+xml

The body of the message describes more about what capabilities the initiator has, and this is talked about both in the Session Initiation Protocol (SIP) RFC 3261 standard, as well as in Chapter 18, "Background Information," which provides detailed information about SIP.

The first server that receives the message responds with a 100 response, and then the remote client responds immediately to provide a temporary response. However, it does not send a final receipt of confirmation until the invitation is accepted by a user. This three-way handshake establishes the session and allows a negotiation of session information between both clients, as follows:

SIP/2.0 100 Trying
Authentication-Info: Kerberos rspauth=
"602306092A864886F71201020201011100FFFFFFFF4CC448BBF8DD25781477D1A85E1D3DBC",
srand="EAE80D89", snum="31", opaque="E8EA7EDD", qop="auth",
targetname="sip/srv.contoso.com", realm="SIP Communications Service"
Via: SIP/2.0/TLS 192.168.3.100:1467;ms-received-port=1467;ms-received-cid=A00
From: <sip:[email protected]>;tag=e57383c75b;epid=aa6d968e18
To: <sip:[email protected]>
Call-ID: d1a1cdc2192048f7a8e9703774cfebcc
CSeq: 1 INVITE
Content-Length: 0

The remote client sends a temporary response to confirm that it is waiting for the user to respond to the request, as follows:

SIP/2.0 180 Ringing
Authentication-Info: Kerberos rspauth=
"602306092A864886F71201020201011100FFFFFFFF69BE23EA5A0169F00998D21963CEABF6",
srand="44C23DFA", snum="32", opaque="E8EA7EDD", qop="auth",
targetname="sip/srv.contoso.com", realm="SIP Communications Service"
Via: SIP/2.0/TLS 192.168.3.100:1467;ms-received-port=1467;ms-received-cid="A00
From: "Jeremy Los"<sip:[email protected]>;tag=e57383c75b;epid=aa6d968e18
To: "" <sip:[email protected]>;epid=6fe87e039b;tag=5c939f2392
Call-ID: d1a1cdc2192048f7a8e9703774cfebcc
CSeq: 1 INVITE
User-Agent: UCCP/2.0.6093.0 OC/2.0.6093.0 (Microsoft Office Communicator)
Content-Length: 0

The remote client confirms that the invitation is accepted and provides session capability information in the body of the message, as follows:

SIP/2.0 200 OK
Authentication-Info: Kerberos rspauth=
"602306092A864886F71201020201011100FFFFFFFF885A98EB35E99BF2452E8B1F57D22F91",
srand="B636FA2D", snum="33", opaque="E8EA7EDD", qop="auth",
targetname="sip/srv.contoso.com", realm="SIP Communications Service"
Via: SIP/2.0/TLS 192.168.3.100:1467;ms-received-port=1467;ms-received-cid="A00
From: "Jeremy Los"<sip:[email protected]>;tag=e57383c75b;epid="aa6d968e18
To: "" <sip:[email protected]>;epid=6fe87e039b;tag=5c939f2392
Call-ID: d1a1cdc2192048f7a8e9703774cfebcc
CSeq: 1 INVITE
Record-Route: <sip:srv.contoso.com:5061;transport=tls;ms-role-rs-from;
ms-role-rs-to;ms-opaque=aaB_D3-f9AM9QxeVkH0WddzAAA;lr; ms-route-
sig=aasNJ0Ib7XhG1fWKA4UvKlDEpMRMM2Fwj8K3gtHgAA>
Contact:
<sip:[email protected];opaque=user:epid:EfpLp1FJKl6EFEzM2Ml2OQAA;gruu>
User-Agent: UCCP/2.0.6093.0 OC/2.0.6093.0 (Microsoft Office Communicator)
Require: com.microsoft.rtc-multiparty
Supported: com.microsoft.rtc-multiparty
Supported: ms-sender
Supported: ms-renders-isf
Supported: ms-renders-gif
Supported: ms-renders-mime-alternative
Supported: ms-conf-invite
Content-Type: application/sdp
Content-Length: 222
v=0o=- 0 0 IN IP4 192.168.3.101s=sessionc=IN IP4 192.168.3.101t=0 0
m=message 5060 sip sip:[email protected]=accept-types:text/rtf application/
x-ms-ink image/gif multipart/alternative application/ms-imdn+xml

This response establishes a few things for the dialog so that communications can begin. First, it establishes that both parties are interested in communicating and that they are able to reach each other. Second, it establishes routes and contact points for each user. This tells Communicator how to route messages. Communicator uses the Record-Route and the Contact headers to directly send messages to the end point with which it has established the dialog. The Record-Route header contains a signed route that can easily be validated by the server and used to directly route the request. The Contact header has a unique identifier (the epid, or end-point identifier) that can be used by the home server to route the request to the specific Communicator instance of interest (if multiple instances are logged in). Third, it provides capabilities information through the body to both parties so that the means of communication are known and the interaction can be extended or upgraded as desired. For more details on the body of INVITE messages, refer to Chapter 18.

The initiating client acknowledges the session capabilities and completes the three-way handshake to establish the session, as follows:

ACK sip:srv.contoso.com:5061;transport=tls;ms-role-rs-from;ms-role-rs-to;
ms-opaque=aaB_D3-f9AM9QxeVkH0WddzAAA;lr; ms-route-
sig=aasNJ0Ib7XhG1fWKA4UvKlDEpMRMM2Fwj8K3gtHgAA SIP/2.0
Via: SIP/2.0/TLS 192.168.3.100:1467
Max-Forwards: 70
From: <sip:[email protected]>;tag=e57383c75b;epid="aa6d968e18
To: "" <sip:[email protected]>;epid=6fe87e039b;tag=5c939f2392
Call-ID: d1a1cdc2192048f7a8e9703774cfebcc
CSeq: 1 ACK
Route: <sip:[email protected];opaque=user:epid:EfpLp1FJKl6EFEzM2Ml2OQAA;gruu>
User-Agent: UCCP/2.0.6093.0 OC/2.0.6093.0 (Microsoft Office Communicator)
Proxy-Authorization: Kerberos qop="auth", realm="SIP Communications Service",
opaque="E8EA7EDD", crand="e4f67482", cnum="20",
targetname="sip/srv.contoso.com", response=
"602306092a864886f71201020201011100ffffffffc78b87bfa700f1757a4e60fed1847916"
Content-Length: 0

This ACK request finalizes the dialog by using the route set provided to test that it works properly. From this point on, the initiating client expects that the dialog is available and the recipient expects that the dialog is established after the ACK arrives as a confirmation that the route set worked in at least one direction. The first line of the request contains the request URI, which is the information used to route the request. This line contains the information that was sent back in the Record-Route header from the 200 OK response (including the signature). Additionally, the next routing target (gathered from the Contact header in the 200 OK response) is placed in the Route header. Additional information on SIP and routing details is provided in Chapter 18.

Note that this section does not discuss messaging sessions with multiple recipients. This is because after more than two people are involved in a session, a conference is created with which all clients interact. Detailed information on conferencing is covered in Chapter 5, "Conferencing Scenario."

Another message type that you see during interactions is the INFO message. This message is used to send little notifications within an INVITE dialog—to alert the other party when a user is typing a message (before it is sent), for example. Here is an example of the INFO message received by Jeremy from Vadim before his response was sent to signal that he was typing a response. The KeyboardActivity data in the body is the key information being passed by this message, as follows:

INFO sip:192.168.3.100:1467;transport=tls;ms-opaque=7c11559fb8; ms-received-
cid=00000A00;grid SIP/2.0
Via: SIP/2.0/TLS 192.168.3.1:5061;
branch=z9hG4bKEC902A23.8CE260FA;branched=
FALSE;ms-internal-info="ba9qTQQ5XMtq_uYWsHUg3gqjoqThSM4mD6sl50CgAA"
Authentication-Info: Kerberos rspauth=
"602306092A864886F71201020201011100FFFFFFFFC03B6B0D6388E4EE53C6ABA080FFAC55",
srand="53D1DBCD", snum="35", opaque="E8EA7EDD", qop="auth",
targetname="sip/srv.contoso.com", realm="SIP Communications Service"
Max-Forwards: 69
Via: SIP/2.0/TLS 192.168.3.101:1073;ms-received-port=1073;ms-received-cid="C00
From: "" <sip:[email protected]>;epid=6fe87e039b;tag=5c939f2392
To: "Jeremy Los"<sip:[email protected]>;tag=e57383c75b;epid=aa6d968e18
Call-ID: d1a1cdc2192048f7a8e9703774cfebcc
CSeq: 1 INFO
Contact: <sip:[email protected];opaque=user:epid:EfpLp1FJKl6EFEzM2Ml2OQAA;gruu>
User-Agent: UCCP/2.0.6093.0 OC/2.0.6093.0 (Microsoft Office Communicator)
Supported: timer
Content-Type: application/xml
Content-Length: 87
<?xml version="1.0"?>
<KeyboardActivity>
 <status status="type" />
</KeyboardActivity>

When a message is received (or sent) within a messaging session, a MESSAGE message is used. An example of the MESSAGE received by Jeremy from his coworker (transmitted within the INVITE session by using the same Call-ID) is shown next:

MESSAGE sip:192.168.3.100:1467;transport=tls;ms-opaque=7c11559fb8;ms-received-
cid=00000A00;grid SIP/2.0
Via: SIP/2.0/TLS 192.168.3.1:5061;branch=z9hG4bK06E6DAB4.5A2D0AB6;
branched=FALSE;ms-internal-info="baj3AsctgNBuSN4A27AfVbksRFndBaLQq2sl50CgAA"
Authentication-Info: Kerberos rspauth=
"602306092A864886F71201020201011100FFFFFFFF3D2E62CC853438235B3E6E21C525BA76",
srand="A7C06D90", snum="37", opaque="E8EA7EDD", qop="auth",
targetname="sip/srv.contoso.com", realm="SIP Communications Service"
Max-Forwards: 69
Via: SIP/2.0/TLS 192.168.3.101:1073;ms-received-port=1073;ms-received-cid="C00
From: "" <sip:[email protected]>;epid="6fe87e039b;tag=5c939f2392
To: "Jeremy Los"<sip:[email protected]>;tag=e57383c75b;epid=aa6d968e18
Call-ID: d1a1cdc2192048f7a8e9703774cfebcc
CSeq: 3 MESSAGE
Contact: <sip:[email protected];opaque=user:epid:EfpLp1FJKl6EFEzM2Ml2OQAA;gruu>
User-Agent: UCCP/2.0.6093.0 OC/2.0.6093.0 (Microsoft Office Communicator)
Supported: timer
Content-Type: text/rtf
Content-Length: 242

{
tf1ansiansicpg1252deff0deflang1033{fonttbl{f0fnilfcharset0 MS Shell
Dlg 2;}{f1fnil MS Shell Dlg 2;}}
{colortbl ;
ed0green0lue0;}
{*generator Msftedit 5.41.15.1507;}viewkind4uc1pard	x720cf1f0fs20 thanksf1par
}

In MESSAGE messages, the body contains the textual message ("thanks" in this example) to be transmitted, with formatting information wrapping it to describe the font, color, and so on. Additional details on SIP sessions and how they work are explained in Chapter 18.

When a hyperlink or Web link (such as http://www.microsoft.com/rtc) is sent as text to another user, many things are happening in the background. First, the message is sent as raw text along with the rest of the message in a MESSAGE message, just as any other text a user might have typed. However, intermediate internal servers, intermediate Access Edge Servers, and the remote client might interpret, alter, or display the message differently based on policy. Office Communications Server 2007 installs with the Intelligent IM Filter active and allows local intranet URLs. However, it inserts a "_" character in front of Internet URLs to prevent it from showing up as an active hyperlink.

An example that shows the IIMFilter server log processing this request is shown next (in place of the protocol message, which would just contain the content shown in the log). This log can be gathered on the server using the logging tool. Additional details on the logging tool are described in this book's Part VI. The log shown next is summarized where you see ellipses (…) to make it easier to read and to remove information that is not of interest to our example. The log basically tracks the filter, watching message content for clickable URLs and then adding an underscore (_) character to the beginning, as follows:

TL_INFO ... ContentType: text/rtf
TL_INFO ... ReadonlyPrefixLength: 0
TL_INFO ... Content:
'{
tf1ansiansicpg1252deff0deflang1033{fonttbl{f0fnilfcharset0 MS
Shell Dlg 2;}}
{colortbl ;
ed0green0lue0;}
{*generator Msftedit 5.41.15.1507;}viewkind4uc1pard	x720cf1f0fs20
http://www.microsoft.com/rtcpar
}'
TL_INFO ... (IIMFilter,IIMFilter.CheckForClickableURL:462.idx(775))( 028F1359 )
http://www.microsoft.com/rtc - URL NOT ignored - SecurityZone = Internet
TL_INFO ... Request modified to convert one or more clickable URLs to unclickable URLs
TL_INFO ... Updated content with ContentType: text/rtf
TL_INFO ... Content:
'{
tf1ansiansicpg1252deff0deflang1033{fonttbl{f0fnilfcharset0 MS
Shell Dlg 2;}}
{colortbl ;
ed0green0lue0;}
{*generator Msftedit 5.41.15.1507;}viewkind4uc1pard	x720cf1f0fs20
_http://www.microsoft.com/rtcpar
}'
TL_INFO ... Proxy request

Communicator also has a group policy setting (EnableURL) that it enforces to either display hyperlinks as clickable text or as raw text to require the user to manually copy the text into a browser. All of this is happening simply to allow more control from the network and to prevent bad links from being circulated or accidentally clicked by unsuspecting users.

Sending a file to another user involves a few SIP transactions and then a direct connection between Communicator clients to transfer the file. The file transfer does not go through any of the server infrastructure at all other than the negotiation transactions. Figure 4-22 provides an overview of the protocol interactions and the establishment of the direct connection between Communicator clients (for the purpose of transferring the file).

Figure 4-22. File Transfer Handshaking

When Jeremy initiates a file transfer request, the existing session is used and a MESSAGE is sent where the body identifies that a file is available for transfer, as follows:

MESSAGE sip:srv.contoso.com:5061;transport=tls;ms-role-rs-from;ms-role-rs-to;
ms-opaque=aaB_D3-f9AM9QxeVkH0WddzAAA;lr;ms-route-sig=
aasNJ0Ib7XhG1fWKA4UvKlDEpMRMM2Fwj8K3gtHgAA SIP/2.0
Via: SIP/2.0/TLS 192.168.3.100:1467
Max-Forwards: 70
From: <sip:[email protected]>;tag=e57383c75b;epid="aa6d968e18
To: "" <sip:[email protected]>;epid=6fe87e039b;tag=5c939f2392
Call-ID: d1a1cdc2192048f7a8e9703774cfebcc
CSeq: 6 MESSAGE
Route: <sip:[email protected];opaque=user:epid:EfpLp1FJKl6EFEzM2Ml2OQAA;gruu>
Contact: <sip:[email protected];opaque=user:epid:upbza9anR1KJ-8E7UvWEDQAA;gruu>
User-Agent: UCCP/2.0.6093.0 OC/2.0.6093.0 (Microsoft Office Communicator)
Supported: timer
Proxy-Authorization: Kerberos qop="auth", realm="SIP Communications Service",
opaque="E8EA7EDD", crand="760faa07", cnum="28",
targetname="sip/srv.contoso.com",
response= "602306092a864886f71201020201011100ffffffff2a46ed40d0acdeacd7bbf79110ea5214"
Content-Type: text/x-msmsgsinvite; charset=UTF-8
Content-Length: 234

Application-Name: File TransferApplication-GUID: {5D3E02AB-6190-11d3-BBBB-
00C04F795683}Invitation-Command: INVITEInvitation-Cookie: 625392Application-
File: doc.txtApplication-FileSize: 28Connectivity: NEncryption: R

The body of the message identifies that this is a file transfer request and not a messaging request. The Application-Name parameter specifies that a file transfer is offered, and the Application-File parameter specifies the name of the file. The file size is also specified so that the recipient knows how much it must transfer. The Connectivity parameter identifies whether the client is behind a Network Address Translation (NAT) device or not and an "N" indicates that it is. The Encryption parameter identifies whether the sender supports (S) or requires (R) encryption of the transferred file. This information begins the handshake for the file transfer and provides the Invitation-Cookie for reference in responding to this offer in a later MESSAGE from the recipient.

For our example, Vadim's Communicator confirms receipt of the MESSAGE offering a file transfer, as follows:

SIP/2.0 200 OK
Authentication-Info: Kerberos rspauth=
"602306092A864886F71201020201011100FFFFFFFF74C5A6869E5717FA67441D92794710E5",
srand="F5AE7002", snum="41", opaque="E8EA7EDD", qop="auth",
targetname="sip/srv.contoso.com", realm="SIP Communications Service"
Via: SIP/2.0/TLS 192.168.3.100:1467;ms-received-port=1467;ms-received-cid=A00
From: <sip:[email protected]>;tag=e57383c75b;epid="aa6d968e18
To: "" <sip:[email protected]>;epid=6fe87e039b;tag=5c939f2392
Call-ID: d1a1cdc2192048f7a8e9703774cfebcc
CSeq: 6 MESSAGE
Contact: <sip:[email protected];opaque=user:epid:EfpLp1FJKl6EFEzM2Ml2OQAA;gruu>
User-Agent: UCCP/2.0.6093.0 OC/2.0.6093.0 (Microsoft Office Communicator)
Content-Length: 0

Next, Vadim's Communicator sends a MESSAGE back when Vadim accepts the file transfer to identify where the file should be sent, as follows:

MESSAGE sip:192.168.3.100:1467;transport=tls;ms-opaque=7c11559fb8;ms-received-
cid=00000A00;grid SIP/2.0
Via: SIP/2.0/TLS 192.168.3.1:5061;branch=z9hG4bK9310B3FD.583AF9C8;
branched=FALSE;ms-internal-info="bamr7aJF7hHA-WG_mThfb47YQEs0tYOvnIsl50CgAA"
Authentication-Info: Kerberos rspauth=
"602306092A864886F71201020201011100FFFFFFFFE00D15EEBF15E83C6D8C14A42A949B80",
srand="3B024C50", snum="42", opaque="E8EA7EDD", qop="auth",
targetname="sip/srv.contoso.com", realm="SIP Communications Service"
Max-Forwards: 69
Via: SIP/2.0/TLS 192.168.3.101:1073;ms-received-port=1073;ms-received-cid="C00
From: "" <sip:[email protected]>;epid="6fe87e039b;tag=5c939f2392
To: "Jeremy Los"<sip:[email protected]>;tag=e57383c75b;epid=aa6d968e18
Call-ID: d1a1cdc2192048f7a8e9703774cfebcc
CSeq: 4 MESSAGE
Contact: <sip:[email protected];opaque=user:epid:EfpLp1FJKl6EFEzM2Ml2OQAA;gruu>
User-Agent: UCCP/2.0.6093.0 OC/2.0.6093.0 (Microsoft Office Communicator)
Supported: timer
Content-Type: text/x-msmsgsinvite; charset=UTF-8
Content-Length: 302

Invitation-Command: ACCEPTInvitation-Cookie: 625392Request-Data:
IP-Address:Encryption-Key: jdQO/KXdOgzT6pxHI3pG9qc/+HEC0ZchHash-Key:
bKJQfXeSgWBpFI2LG0HZ/0QveOJwoBwDIP-Address: 192.168.3.101Port: 6891PortX:
11178AuthCookie: 27079318Request-Data: IP-Address:Sender-Connect: TRUE

This information tells Jeremy's Communicator that it should connect to the IP address and port specified to send the encrypted file with the key specified. The AuthCookie specified is also used on the simple FTP connection between the clients as a handshaking device to disambiguate the session.

Jeremy's Communicator client confirms receipt of the MESSAGE accepting the file transfer, as follows:

SIP/2.0 200 OK
Via: SIP/2.0/TLS 192.168.3.1:5061;branch=z9hG4bK9310B3FD.583AF9C8;branched=FALSE;
ms-internal-info="bamr7aJF7hHA-WG_mThfb47YQEs0tYOvnIsl50CgAA"
Via: SIP/2.0/TLS 192.168.3.101:1073;ms-received-port=1073;ms-received-cid="C00
From: -id002"" <sip:[email protected]>;epid=6fe87e039b;tag=5c939f2392
To: <sip:[email protected]>;tag=e57383c75b;epid=aa6d968e18
Call-ID: d1a1cdc2192048f7a8e9703774cfebcc
CSeq: 4 MESSAGE
Contact: <sip:[email protected];opaque=user:epid:upbza9anR1KJ-8E7UvWEDQAA;gruu>
User-Agent: UCCP/2.0.6093.0 OC/2.0.6093.0 (Microsoft Office Communicator)
Proxy-Authorization: Kerberos qop="auth", realm="SIP Communications Service",
opaque="E8EA7EDD", crand="bebf384d", cnum="29",
targetname="sip/srv.contoso.com",
response= "602306092a864886f71201020201011100ffffffff4c249327d5a9c2195e194c3235e84318"
Content-Length: 0

At this point, Jeremy's Communicator connects directly to Vadim's Communicator (at the IP address and port specified) and begins a simple FTP session where the encrypted file is transferred. The wire protocol is not explained in detail here, but a quick view of what is happening is laid out simply for completeness in the following code sample. (The use of "Jeremy" and "Vadim" in the example actually refers to the Communicator client each is using.)

[Jeremy connects to Vadim]
Vadim sends: VER MSN_SECURE_FTP
Jeremy sends: VER MSN_SECURE_FTP
Vadim sends: USR [email protected] 27079318
Jeremy sends: FIL 28
Vadim sends: TFR
[Jeremy sends binary encrypted data]
Vadim sends: BYE 16777989
Jeremy sends: MAC [signature using hash]
[Jeremy closes the connection]

The preceding interaction is simply a minimal handshake on a raw socket to transfer the encrypted file with a signature. After this interaction, the file transfer is complete.

Negotiating an audio and video session can involve a lot of handshaking. The protocol messages that were involved are shown in the diagram shown in Figure 4-23, which serves as an overview for the section. However, only the bodies of the INVITE and 200 OK messages are discussed in detail in this section.

Figure 4-23. Audio and video session handshaking

When video is added to the session, Jeremy's Communicator client negotiates a new session including video and audio by sending an INVITE message for a new session. For brevity, only the protocol message bodies are shown and irrelevant protocol messages are skipped entirely. The body of the INVITE message from Jeremy's Communicator client follows:

v=0o=- 0 0 IN IP4 192.168.3.100s=sessionc=IN IP4 192.168.3.100b=CT:99980t=0 0
m=audio 60160 RTP/AVP 114 111 112 115 116 4 8 0 97
101k=base64:WYvabwXemv2PqGEj52+xHzXlpUN+MKRUJ2j2Rra/o/7JGjPiQBJHLM/Gr+xya=
candidate:XAP7A3WqUxk5m9zYTfROszesQz9Jdgvoqu5B5zzqwFw 1 7c99RFukBeRXvntIUMo4CA
UDP 0.830 192.168.3.100 60160 a=
candidate:XAP7A3WqUxk5m9zYTfROszesQz9Jdgvoqu5B5zzqwFw 2 7c99RFukBeRXvntIUMo4CA
UDP 0.830 192.168.3.100 21120 a=cryptoscale:1 client AES_CM_128_HMAC_SHA1_80
inline:OC8ZUW5hfFMjxwMk5GwUARUcuevPVTDjuLAvr93K|2^31|1:1a=
crypto:2 AES_CM_128_HMAC_SHA1_80
inline:UrEdZ6/u+pj+MABtYK7y/3/ZL/JSRjHe3tEjNEGn|2^31|1:1a=maxptime:200a=rtcp:2
1120a=rtpmap:114 x-msrta/16000a=fmtp:114 bitrate=12000a=rtpmap:111
SIREN/16000a=fmtp:111 bitrate=16000a=rtpmap:112 G7221/16000a=fmtp:112
bitrate=24000a=rtpmap:115 x-msrta/8000a=fmtp:115 bitrate=12000a=rtpmap:116
AAL2-G726-32/8000a=rtpmap:4 G723/8000a=rtpmap:8 PCMA/8000a=rtpmap:0
PCMU/8000a=rtpmap:97 RED/8000a=rtpmap:101 telephone-event/8000a=
fmtp:101 0-16a=encryption:optional
m=video 13952 RTP/AVP 121 34 31k=
base64:3QA+RtpnuOd4cCaj/rWBfeW+Hn9AvxcLhLDkB9yVzwJVftCkEcBSL+lBAmOua=
candidate:PVp0w5+rY86zX6Emqm+9zIGUlfTTOU9iEeBBKRfsvks 1 gt+GQX3LSYECKrIM9skhWg
UDP 0.840 192.168.3.100 13952 a=
candidate:PVp0w5+rY86zX6Emqm+9zIGUlfTTOU9iEeBBKRfsvks 2 gt+GQX3LSYECKrIM9skhWg
UDP 0.840 192.168.3.100 50944 a=cryptoscale:1 client AES_CM_128_HMAC_SHA1_80
inline:BsqZIvEl3PQRq4kwE8lRxSeSeDRriKAyS6uPIRBY|2^31|1:1a=crypto:2
AES_CM_128_HMAC_SHA1_80 inline:E3eOmRQAY7c2fSrzR3zrGX8Z1WUI1lGBRxk7GiH2|2^31|1:1a=
maxptime:200a=rtcp:50944a=rtpmap:121 x-rtvc1/90000a=rtpmap:34 H263/90000a=
rtpmap:31 H261/90000a=encryption:optional

This INVITE message body asks for an audio/video peer-to-peer conference and offers the media parameters and capabilities for the initiating Communicator client.

The 100 and 180 temporary responses are not shown here for the sake of brevity and because they do not really provide any interesting information. However, the 200 response provides capability information from the recipient, as follows:

v=0o=- 0 0 IN IP4 192.168.3.101s=sessionc=IN IP4 192.168.3.101b=CT:99980t=0 0
m=audio 10496 RTP/AVP 114 111 112 115 116 4 8 0 97
101a=candidate:jUpPjJEHNyN3RNHn+LlReOz7YZbWN3BpqnNqJw9KSrA 1
9VE2N1fM/Ug4DHk/KSO/xw UDP 0.830 192.168.3.101 10496 a=
candidate:jUpPjJEHNyN3RNHn+LlReOz7YZbWN3BpqnNqJw9KSrA 2 9VE2N1fM/Ug4DHk/KSO/xw
UDP 0.830 192.168.3.101 53120 a=crypto:2 AES_CM_128_HMAC_SHA1_80
inline:FxTfuRY3zY0R7EPAvnkKjOlOSm4Dwbc/ov1v1qkB|2^31|1:1a=maxptime:200a=
rtcp:53120a=rtpmap:114 x-msrta/16000a=fmtp:114 bitrate=12000a=rtpmap:111
SIREN/16000a=fmtp:111 bitrate=16000a=rtpmap:112 G7221/16000a=fmtp:112
bitrate=24000a=rtpmap:115 x-msrta/8000a=fmtp:115 bitrate=12000a=rtpmap:116
AAL2-G726-32/8000a=rtpmap:4 G723/8000a=rtpmap:8 PCMA/8000a=rtpmap:0
PCMU/8000a=rtpmap:97 RED/8000a=rtpmap:101 telephone-event/8000a=fmtp:101
0-16a=encryption:optional
m=video 14976 RTP/AVP 121 34 31a=
candidate:lt+HmBqSsE7M8/xGXLbb4U0SG1drKqrEi/RhuqWA5Eo 1 87LtCGRXUnVdv8WaYO+85Q
UDP 0.840 192.168.3.101 14976 a=
candidate:lt+HmBqSsE7M8/xGXLbb4U0SG1drKqrEi/RhuqWA5Eo 2 87LtCGRXUnVdv8WaYO+85Q
UDP 0.840 192.168.3.101 2304 a=crypto:2 AES_CM_128_HMAC_SHA1_80
inline:foe41lE6qfhFItmaGWs13hIJXiAzq98kCZKSJDpB|2^31|1:1a=maxptime:200a=rtcp:2
304a=rtpmap:121 x-rtvc1/90000a=rtpmap:34 H263/90000a=rtpmap:31
H261/90000a=encryption:optional

This response confirms that audio and video are available, as well as identifies the media parameters and capabilities for the client.

An ACK message is sent from Jeremy's Communicator client to finish the handshake, but this is not shown because it does not provide any useful additional information.

A second round INVITE is sent next, with the only change being an additional field (a=remote-candidate) that is added in the body as shown in the following code sample. (The same is true of the 200 OK response.)

...
m=audio 60160 RTP/AVP 114 111 112 115 116 4 8 0 97 101a=
remote-candidate:jUpPjJEHNyN3RNHn+LlReOz7YZbWN3BpqnNqJw9KSrA...
m=video 13952 RTP/AVP 121 34 31
a=remote-candidate:lt+HmBqSsE7M8/xGXLbb4U0SG1drKqrEi/RhuqWA5Eo...

Finally, a third round INVITE is sent where the video media is simplified down (the same is true of the 200 OK response) to a single line descriptor, as follows:

...
m=video 0 RTP/AVP 34

This whole process is simply a way for the two Communicator clients to exchange information about each other that relates to preferences and capabilities. After this session is finally negotiated and created, User Datagram Protocol (UDP) messages are exchanged between the published IPs and ports for each Communicator client as video and audio are shared. This continues until the conference ends based on a user's request.

When Jeremy closes the messaging window, Communicator sends a BYE message within the dialog that was established in order to alert Vadim's client that the communication dialog is being closed. An example of the BYE message and the response from Vadim's client are shown here for reference:

BYE sip:srv.contoso.com:5061;transport=tls;ms-role-rs-from;ms-role-rs-to;
ms-opaque=aaB_D3-f9AM9QxeVkH0WddzAAA;lr;
ms-route-sig=aasNJ0Ib7XhG1fWKA4UvKlDEpMRMM2Fwj8K3gtHgAA SIP/2.0
Via: SIP/2.0/TLS 192.168.3.100:1467
Max-Forwards: 70
From: <sip:[email protected]>;tag=e57383c75b;epid="aa6d968e18
To: "" <sip:[email protected]>;epid=6fe87e039b;tag=5c939f2392
Call-ID: d1a1cdc2192048f7a8e9703774cfebcc
CSeq: 8 BYE
Route: <sip:[email protected];opaque=user:epid:EfpLp1FJKl6EFEzM2Ml2OQAA;gruu>
User-Agent: UCCP/2.0.6093.0 OC/2.0.6093.0 (Microsoft Office Communicator)
Proxy-Authorization: Kerberos qop="auth", realm="SIP Communications Service",
opaque="E8EA7EDD", crand="58dad80d", cnum="51",
targetname="sip/srv.contoso.com", response=
"602306092a864886f71201020201011100ffffffffec97e0568a70bf53982604eb4d04ebe5"
Content-Length: 0

Vadim's Communicator responds to acknowledge that it received the dialog close event, as follows:

SIP/2.0 200 OK
Authentication-Info: Kerberos rspauth=
"602306092A864886F71201020201011100FFFFFFFFFA46FDE2C8EC5FE1C8E3FBBDC650D58A",
srand="A4C56671", snum="76", opaque="E8EA7EDD", qop="auth",
targetname="sip/srv.contoso.com", realm="SIP Communications Service"
Via: SIP/2.0/TLS 192.168.3.100:1467;ms-received-port=1467;ms-received-cid="A00
From: "Jeremy Los"<sip:[email protected]>;tag=e57383c75b;epid="aa6d968e18
To: "" <sip:[email protected]>;epid=6fe87e039b;tag=5c939f2392
Call-ID: d1a1cdc2192048f7a8e9703774cfebcc
CSeq: 8 BYE
User-Agent: UCCP/2.0.6093.0 OC/2.0.6093.0 (Microsoft Office Communicator)
Content-Length: 0

Additional information about the Session Initiation Protocol is discussed in Chapter 18. However, at this point both clients have cleared any remaining state about the communication dialog and if another message is sent by either of them, a new dialog is established.