[
https://bro-tracker.atlassian.net/browse/BIT-1458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21701#comment-21701
]
Gary Faulkner commented on BIT-1458:
------------------------------------
Also seeing the problem (originally reported by a user on the SO mailing list):
Here is an example dpd.log entry with the corresponding sip.log entry. For some
reason I have 2 binpac errors for the same UID:
dpd.log (2):
1439948399.686688 Caw7aCOdBBH3URbN2 85.93.88.110 5072
10.10.142.119 5060 udp SIP Binpac exception: binpac exception:
string mismatch at
/nsm/bro/git/bro2.4-10/bro/src/analyzer/protocol/sip/sip-protocol.pac:70:
\x0aexpected pattern: ":"\x0aactual data: " 110906697 562075942 IN IP4
85.93.88.110\x0d\x0as=sipcli\x0d\x0ac=IN IP4 85.93.88.110\x0d\x0at=0
0\x0d\x0am=audio 5074 RTP/AVP 18 0 8 101\x0d\x0aa=fmtp:101
0-15\x0d\x0aa=rtpmap:18 G729/8000\x0d\x0aa=rtpmap:0 PCMU/8000\x0d\x0aa=rtpmap:8
PCMA/8000\x0d\x0aa=rtpmap:101
telephone-event/8000\x0d\x0aa=ptime:20\x0d\x0aa=sendrecv\x0d\x0a"
1439948399.698850 Caw7aCOdBBH3URbN2 85.93.88.110 5072
10.10.142.119 5060 udp SIP Binpac exception: binpac exception:
string mismatch at
/nsm/bro/git/bro2.4-10/bro/src/analyzer/protocol/sip/sip-protocol.pac:70:
\x0aexpected pattern: ":"\x0aactual data: " 110906697 562075942 IN IP4
85.93.88.110\x0d\x0as=sipcli\x0d\x0ac=IN IP4 85.93.88.110\x0d\x0at=0
0\x0d\x0am=audio 5074 RTP/AVP 18 0 8 101\x0d\x0aa=fmtp:101
0-15\x0d\x0aa=rtpmap:18 G729/8000\x0d\x0aa=rtpmap:0 PCMU/8000\x0d\x0aa=rtpmap:8
PCMA/8000\x0d\x0aa=rtpmap:101
telephone-event/8000\x0d\x0aa=ptime:20\x0d\x0aa=sendrecv\x0d\x0a"
sip.log:
1439948399.686688 Caw7aCOdBBH3URbN2 85.93.88.110 5072
10.10.142.119 5060 0 INVITE sip:[email protected] -
1003<sip:[email protected]>
9011441224928088<sip:[email protected]>
1003<sip:[email protected]>
9011441224928088<sip:[email protected]>;tag=d4ff6c9dcee8f11ai0 -
b2a424f8e92e14efb90fd1a9630095d3 1 INVITE SIP/2.0/UDP
85.93.88.110:5072,SIP/2.0/UDP 85.93.88.110:5072 SIP/2.0/UDP
85.93.88.110:5072 sipcli/v1.8 404 Not Found - 279 0
-
> Lots of binpac exceptions in SIP
> --------------------------------
>
> Key: BIT-1458
> URL: https://bro-tracker.atlassian.net/browse/BIT-1458
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: BinPAC
> Affects Versions: 2.4
> Environment: Linux 3.19, Ubuntu 14.04 LTS, Asterisk for VOIP, plain
> SIP plus RDP no encryption
> Reporter: Michal Purzynski
>
> There's quite a bit of binpac exception in dpd.log on office sensors, that
> can see SIP traffic. The log message is always the same (I think).
> 1439957552.911869 ChGboH2ZriUae63ufg 23.92.80.45 5089
> 10.252.40.4 5060 udp SIP Binpac exception: binpac exception:
> string mismatch at
> /home/mpurzynski/src/bro/bro-2.4-pfring/src/analyzer/protocol/sip/sip-protocol.pac:70:
> \x0aexpected pattern: ":"\x0aactual data: " 496704993 2096249773 IN IP4
> 23.92.80.45\x0d\x0as=sipcli\x0d\x0ac=IN IP4 23.92.80.45\x0d\x0at=0
> 0\x0d\x0am=audio 5097 RTP/AVP 18 0 8 101\x0d\x0aa=fmtp:101
> 0-15\x0d\x0aa=rtpmap:18 G729/8000\x0d\x0aa=rtpmap:0
> PCMU/8000\x0d\x0aa=rtpmap:8 PCMA/8000\x0d\x0aa=rtpmap:101
> telephone-event/8000\x0d\x0aa=ptime:20\x0d\x0aa=sendrecv\x0d\x0a"
> What kind of data do you want me to attach, to help debugging the issue?
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-01-193#70101)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
