Wireshark trace or SIPp's -trace_msg log would be useful, I think, in order to see the PRACK that's being matched.
On 3 October 2014 23:28, Paul Miller <idkpmil...@sip2serve.com> wrote: > Hi Volkan, > > It caused a mall formed packet alert in wireshark and shows like this: > > Status-Line: SIP/2.0 200 OK > Via: SIP/2.0/UDP > 192.168.0.65:5060;branch=z9hG4bKPj6fdc4a99f1cb4e47bcea48de5e1c1d57 > From: "Paul" <sip:192.168.0.65>;tag=cb3ad175c1b24240afa45c21759c818f > To: <sip:123@192.168.0.220>;tag=1 > Date: Fri, 03 Oct 2014 22:08:00 GMT > Call-ID: 8de1d05d49f149b291c8fed43b874836 > Server: Cisco-SIPGateway/IOS-15.3.2.T > branch=z9hG4bKPj6fdc4a99f1cb4e47bcea48de5e1c1d57 > CSeq: > Content-Length: 0 > > I am not sure if I can attach an image to the mailing list, but I am willing > to sent my scenario and the wireshark trace if anyone thinks I am somehow > adding non standard characters. > > Thanks > > Paul > > > On Sat, Oct 4, 2014 at 10:03 AM, Volkan KUMBASAR <kumba...@netas.com.tr> > wrote: >> >> >> Hi Paul, >> >> You need to add “CSeq:” header. So, could you re-test the scenario with >> following 200 OK: >> >> <send> >> <![CDATA[ >> >> SIP/2.0 200 OK >> Via: SIP/2.0/[transport] [remote_ip]:[remote_port];[$PRKbranch] >> [last_From:] >> [last_To:] >> Date: [date] >> [last_Call-ID:] >> Server: Cisco-SIPGateway/IOS-15.3.2.T >> CSeq: [$PRKcseq] >> Content-Length: 0 >> >> ]]> >> </send> >> >> >> >> >> >> On 03 Oct 2014, at 22:44, Paul Miller >> <idkpmil...@sip2serve.com<mailto:idkpmil...@sip2serve.com>> wrote: >> >> Hi there, >> I am trying to get the CSeq number from a UAS transaction in fact a PRACK >> message, I have tried many regex and have finally realised there is >> something else going on. As you can see below the branch parameter is being >> handled correctly but the CSeq header is not, ideas? >> >> XML Extract: >> >> <!-- >> PRACK transaction initiated by Network >> --> >> >> <recv request="PRACK"> >> <action> >> <ereg regexp="[Bb]ranch=(.*)" search_in="hdr" header="Via:" >> check_it="true" assign_to="PRKbranch" /> >> <ereg regexp=":\s+(.*)@" search_in="hdr" header="From:" check_it="true" >> assign_to="INVFromUser" /> >> <ereg regexp=".*" search_in="hdr" header="To:" check_it="true" >> assign_to="INVTo" /> >> <ereg regexp=".*" search_in="hdr" header="CSeq:" check_it="true" >> assign_to="PRKcseq" /> >> </action> >> </recv> >> >> <!-- >> 200 OK (PRACK)...... >> --> >> <send> >> <![CDATA[ >> SIP/2.0 200 OK >> Via: SIP/2.0/[transport] [remote_ip]:[remote_port];[$PRKbranch] >> [last_From:] >> [last_To:] >> Date: [date] >> [last_Call-ID:] >> Server: Cisco-SIPGateway/IOS-15.3.2.T >> [$PRKbranch] >> [$PRKcseq] >> Content-Length: 0 >> >> ]]> >> </send> >> >> >> The 200 OK from wireshark (note the Branch is there twice once as a >> parameter of the via hdr and once on the base message (correct) but the Cseq >> line is not there at all) >> >> >> SIP/2.0 200 OK >> Via: SIP/2.0/UDP >> 192.168.0.65:5060;branch=z9hG4bKPjb7d0a29d01fc4f308efa40f0cfea6a76 >> From: "Paul" >> <sip:5...@sip2serve.com<mailto:sip%3a5...@sip2serve.com>>;tag=aa189dfaa2904bf78deb3c90e81776a0 >> To: <sip:1...@sip2serve.com<mailto:sip%3a...@sip2serve.com>>;tag=1 >> Date: Thu, 02 Oct 2014 04:23:41 GMT >> Call-ID: eecb48282c5e413c9dce2439bfdde27b >> Server: Cisco-SIPGateway/IOS-15.3.2.T >> branch=z9hG4bKPjb7d0a29d01fc4f308efa40f0cfea6a76 >> Content-Length: 0 >> >> Thanks >> >> Paul >> >> ------------------------------------------------------------------------------ >> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer >> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports >> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper >> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer >> >> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________ >> Sipp-users mailing list >> Sipp-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sipp-users >> >> Bu e-posta mesaji ve ekleri gönderildigi kisi ya da kuruma özeldir ve >> gizlidir. Ayrica hukuken de gizli olabilir. Hiçbir sekilde üçüncü kisilere >> açiklanamaz ve yayinlanamaz. Eger mesajin gönderildigi alici degilseniz bu >> elektronik postanin içerigini açiklamaniz, kopyalamaniz, yönlendirmeniz ve >> kullanmaniz kesinlikle yasaktir ve bu elektronik postayi ve eklerini derhal >> silmeniz gerekmektedir. NETAS TELEKOMÜNIKASYON A.S. bu mesajin içerdigi >> bilgilerin dogrulugu veya eksiksiz oldugu konusunda herhangi bir garanti >> vermemektedir. Bu nedenle bu bilgilerin ne sekilde olursa olsun içeriginden, >> iletilmesinden, alinmasindan, saklanmasindan ve kullanilmasindan sorumlu >> degildir. Bu mesajdaki görüsler gönderen kisiye ait olup, NETAS >> TELEKOMÜNIKASYON A.S.’nin görüslerini yansitmayabilir. >> ------------------------------------------------------- >> This e-mail and its attachments are private and confidential and intended >> for the exclusive use of the individual or entity to whom it is addressed. >> It may also be legally confidential. Any disclosure, distribution or other >> dissemination of this message to any third party is strictly prohibited. If >> you are not the intended recipient you are hereby notified that any >> dissemination, forwarding, copying or use of any of the information is >> strictly prohibited, and the e-mail should immediately be deleted. NETAS >> TELEKOMÜNIKASYON A.S. makes no warranty as to the accuracy or completeness >> of any information contained in this message and hereby excludes any >> liability of any kind for the information contained therein or for the >> transmission, reception, storage or use of such information in any way >> whatsoever. The opinions expressed in this message are those of the sender >> and may not necessarily reflect the opinions of NETAS TELEKOMÜNIKASYON A.S. > > > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > _______________________________________________ > Sipp-users mailing list > Sipp-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sipp-users > ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Sipp-users mailing list Sipp-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sipp-users
