It’s challenge time, this time we’re going to be looking at an IMS PCAP, and answering some questions to test your IMS analysis chops!
Here’s the packet capture:
Easy Questions
- What QCI value is used for the IMS bearer?
- What is the registration expiry?
- What is the E-UTRAN Cell ID the Subscriber is served by?
- What is the AMBR of the IMS APN?
Intermediate Questions
- Is this the first or subsequent registration?
- What is the Integrity-Key for the registration?
- What is the FQDN of the S-CSCF?
- What Nonce value is used and what does it do?
- What P-CSCF Addresses are returned?
- What time would the UE need to re-register by in order to stay active?
- What is the AA-Request in #476 doing?
- Who is the(opens in a new tab)(opens in a new tab)(opens in a new tab) OEM of the handset?
- What is the MSISDN associated with this user?
Hard Questions
- What port is used for the ESP data?
- Which encryption algorithm and algorithm is used?
- How many packets are sent over the ESP tunnel to the UE?
- Where should SIP SUBSCRIBE requests get routed?
- What’s the model of phone?
The answers for each question are on the next page, let me know in the comments how you went, and if there’s any tricky ones!
Answers: