Hi Volkan,
It caused a mall formed packet alert in wireshark and shows like this:
Status-Line: SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.0.65:5060
;branch=z9hG4bKPj6fdc4a99f1cb4e47bcea48de5e1c1d57
From: "Paul" <sip:192.168.0.65>;tag=cb3ad175c1b24240afa45c21759c818f
To: <sip:123@192.168.0.220>;tag=1
Date: Fri, 03 Oct 2014 22:08:00 GMT
Call-ID: 8de1d05d49f149b291c8fed43b874836
Server: Cisco-SIPGateway/IOS-15.3.2.T
branch=z9hG4bKPj6fdc4a99f1cb4e47bcea48de5e1c1d57
CSeq:
Content-Length: 0
I am not sure if I can attach an image to the mailing list, but I am
willing to sent my scenario and the wireshark trace if anyone thinks I am
somehow adding non standard characters.
Thanks
Paul
On Sat, Oct 4, 2014 at 10:03 AM, Volkan KUMBASAR <kumba...@netas.com.tr>
wrote:
>
> Hi Paul,
>
> You need to add “CSeq:” header. So, could you re-test the scenario with
> following 200 OK:
>
> <send>
> <![CDATA[
>
> SIP/2.0 200 OK
> Via: SIP/2.0/[transport] [remote_ip]:[remote_port];[$PRKbranch]
> [last_From:]
> [last_To:]
> Date: [date]
> [last_Call-ID:]
> Server: Cisco-SIPGateway/IOS-15.3.2.T
> CSeq: [$PRKcseq]
> Content-Length: 0
>
> ]]>
> </send>
>
>
>
>
>
> On 03 Oct 2014, at 22:44, Paul Miller <idkpmil...@sip2serve.com<mailto:
> idkpmil...@sip2serve.com>> wrote:
>
> Hi there,
> I am trying to get the CSeq number from a UAS transaction in fact a PRACK
> message, I have tried many regex and have finally realised there is
> something else going on. As you can see below the branch parameter is being
> handled correctly but the CSeq header is not, ideas?
>
> XML Extract:
>
> <!--
> PRACK transaction initiated by Network
> -->
>
> <recv request="PRACK">
> <action>
> <ereg regexp="[Bb]ranch=(.*)" search_in="hdr" header="Via:"
> check_it="true" assign_to="PRKbranch" />
> <ereg regexp=":\s+(.*)@" search_in="hdr" header="From:" check_it="true"
> assign_to="INVFromUser" />
> <ereg regexp=".*" search_in="hdr" header="To:" check_it="true"
> assign_to="INVTo" />
> <ereg regexp=".*" search_in="hdr" header="CSeq:" check_it="true"
> assign_to="PRKcseq" />
> </action>
> </recv>
>
> <!--
> 200 OK (PRACK)......
> -->
> <send>
> <![CDATA[
> SIP/2.0 200 OK
> Via: SIP/2.0/[transport] [remote_ip]:[remote_port];[$PRKbranch]
> [last_From:]
> [last_To:]
> Date: [date]
> [last_Call-ID:]
> Server: Cisco-SIPGateway/IOS-15.3.2.T
> [$PRKbranch]
> [$PRKcseq]
> Content-Length: 0
>
> ]]>
> </send>
>
>
> The 200 OK from wireshark (note the Branch is there twice once as a
> parameter of the via hdr and once on the base message (correct) but the
> Cseq line is not there at all)
>
>
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP 192.168.0.65:5060
> ;branch=z9hG4bKPjb7d0a29d01fc4f308efa40f0cfea6a76
> From: "Paul" <sip:5...@sip2serve.com<mailto:sip%3a5...@sip2serve.com
> >>;tag=aa189dfaa2904bf78deb3c90e81776a0
> To: <sip:1...@sip2serve.com<mailto:sip%3a...@sip2serve.com>>;tag=1
> Date: Thu, 02 Oct 2014 04:23:41 GMT
> Call-ID: eecb48282c5e413c9dce2439bfdde27b
> Server: Cisco-SIPGateway/IOS-15.3.2.T
> branch=z9hG4bKPjb7d0a29d01fc4f308efa40f0cfea6a76
> Content-Length: 0
>
> Thanks
>
> Paul
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________
> Sipp-users mailing list
> Sipp-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sipp-users
>
> Bu e-posta mesaji ve ekleri gönderildigi kisi ya da kuruma özeldir ve
> gizlidir. Ayrica hukuken de gizli olabilir. Hiçbir sekilde üçüncü kisilere
> açiklanamaz ve yayinlanamaz. Eger mesajin gönderildigi alici degilseniz bu
> elektronik postanin içerigini açiklamaniz, kopyalamaniz, yönlendirmeniz ve
> kullanmaniz kesinlikle yasaktir ve bu elektronik postayi ve eklerini derhal
> silmeniz gerekmektedir. NETAS TELEKOMÜNIKASYON A.S. bu mesajin içerdigi
> bilgilerin dogrulugu veya eksiksiz oldugu konusunda herhangi bir garanti
> vermemektedir. Bu nedenle bu bilgilerin ne sekilde olursa olsun
> içeriginden, iletilmesinden, alinmasindan, saklanmasindan ve
> kullanilmasindan sorumlu degildir. Bu mesajdaki görüsler gönderen kisiye
> ait olup, NETAS TELEKOMÜNIKASYON A.S.’nin görüslerini yansitmayabilir.
> -------------------------------------------------------
> This e-mail and its attachments are private and confidential and intended
> for the exclusive use of the individual or entity to whom it is addressed.
> It may also be legally confidential. Any disclosure, distribution or other
> dissemination of this message to any third party is strictly prohibited. If
> you are not the intended recipient you are hereby notified that any
> dissemination, forwarding, copying or use of any of the information is
> strictly prohibited, and the e-mail should immediately be deleted. NETAS
> TELEKOMÜNIKASYON A.S. makes no warranty as to the accuracy or completeness
> of any information contained in this message and hereby excludes any
> liability of any kind for the information contained therein or for the
> transmission, reception, storage or use of such information in any way
> whatsoever. The opinions expressed in this message are those of the sender
> and may not necessarily reflect the opinions of NETAS TELEKOMÜNIKASYON A.S.
>
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Sipp-users mailing list
Sipp-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sipp-users
