Michal Purzynski created BIT-1458:
-------------------------------------
Summary: Lots of binpac exceptions in SIP
Key: BIT-1458
URL: https://bro-tracker.atlassian.net/browse/BIT-1458
Project: Bro Issue Tracker
Issue Type: Problem
Components: BinPAC
Affects Versions: 2.4
Environment: Linux 3.19, Ubuntu 14.04 LTS, Asterisk for VOIP, plain
SIP plus RDP no encryption
Reporter: Michal Purzynski
There's quite a bit of binpac exception in dpd.log on office sensors, that can
see SIP traffic. The log message is always the same (I think).
1439957552.911869 ChGboH2ZriUae63ufg 23.92.80.45 5089
10.252.40.4 5060 udp SIP Binpac exception: binpac exception:
string mismatch at
/home/mpurzynski/src/bro/bro-2.4-pfring/src/analyzer/protocol/sip/sip-protocol.pac:70:
\x0aexpected pattern: ":"\x0aactual data: " 496704993 2096249773 IN IP4
23.92.80.45\x0d\x0as=sipcli\x0d\x0ac=IN IP4 23.92.80.45\x0d\x0at=0
0\x0d\x0am=audio 5097 RTP/AVP 18 0 8 101\x0d\x0aa=fmtp:101
0-15\x0d\x0aa=rtpmap:18 G729/8000\x0d\x0aa=rtpmap:0 PCMU/8000\x0d\x0aa=rtpmap:8
PCMA/8000\x0d\x0aa=rtpmap:101
telephone-event/8000\x0d\x0aa=ptime:20\x0d\x0aa=sendrecv\x0d\x0a"
What kind of data do you want me to attach, to help debugging the issue?
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-01-193#70101)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
