Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
3
Replies

Problems with SCCP reserved bits

rob.obrien
Level 1
Level 1

‎04-21-2011 07:47 AM - edited ‎03-16-2019 04:38 AM

We are using multiple phone models within our environment.  We use SCCP as our signalling method.  We are using Call Manager version: 7.1.3.33039-1.  We were experiencing dropped calls in one of our remote offices and started to troubleshoot using Wireshark and VQManager from ManageEngine.  Neither tool is recognizing the VoIP calls properly due to the SCCP packets.  For some reason the header on the packets to this office are not the same as the headers to other offices.  An example SCCP packet (only the SCCP payload, no tcp, IP or MAC headers inclulded) looks like this:

14:00:00:00:12:00:00:00:85:00:00:00:01:00:00:00:01:00:00:00:00:00:00:00:00:00:00:00

The problem appears to be the 5th byte.  This looks to be the start of the reserved portion of the SCCP header and in most of our other traffic, it's all zeros.  For some reason, this one (and all similar packets to this site) starts with Hex 12, which causes wireshark and other tools to not recognize the packet properly as SCCP signalling, although looking at it I can see it's a set ringer packet due to the hex 85 starting the SCCP data part of the packet.

Is this a new implementation of SCCP?  Is there a CallManager setting to set the reserved section to all zeros?  Because this is defintely causing troubleshooting issues, and might even be the cause of our dropped calls.

This packet with the 12 in the reserved field is between Call Manager and a 7942G phone running SCCP42.9-0-3S.  It would appear that all packets we have going tot he 7942G phones have this change in the reserved field.

Labels:
0 Helpful
3 Replies 3

paolo bevilacqua
Hall of Fame
Hall of Fame

‎04-21-2011 07:51 AM

I understand the pragmatic approach, but why not leaving reverse engineering aside, call the TAC instead and demand the the product worlk as advertised ?

Cisco has never released any SCCP detail and it's unlikely thta will do in the future.

0 Helpful

rob.obrien
Level 1
Level 1
In response to paolo bevilacqua

‎04-28-2011 07:08 AM

Paolo,

Technically, their product is working as advertised.  The VoIP system works, it's the third party monitoring/troubleshooting tools that aren't working.  They can change their proprietary protocol all they want if it still works.  I'm just looking for confirmation that this is a permanent change to the protocol and it isn't some sort of setting with Call Manager.

I did get a TAC engineer to confirm with me that it is a permanent change to Cisco's protocol.  I just find it a little odd that Wireshark hasn't already been updated to handle this, if it is, in fact a permanent Cisco change.  It would seem an easy fix, if they just have to ignore the fact that the reserved packets are no longer zero.  All the reset of the packet is the same.

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to rob.obrien

‎04-28-2011 07:19 AM

Being Wireshark open-software, shouldn't be a a big problem.

You can make the necessary changes yourself or by a programmer for a small cost.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents