[Bro-Dev] [JIRA] (BIT-1458) Lots of binpac exceptions in SIP

Michal Purzynski (JIRA) jira at bro-tracker.atlassian.net
Tue Aug 18 21:19:00 PDT 2015

Michal Purzynski created BIT-1458:

             Summary: Lots of binpac exceptions in SIP
                 Key: BIT-1458
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1458
             Project: Bro Issue Tracker
          Issue Type: Problem
          Components: BinPAC
    Affects Versions: 2.4
         Environment: Linux 3.19, Ubuntu 14.04 LTS, Asterisk for VOIP, plain SIP plus RDP no encryption
            Reporter: Michal Purzynski

There's quite a bit of binpac exception in dpd.log on office sensors, that can see SIP traffic. The log message is always the same (I think).

1439957552.911869	ChGboH2ZriUae63ufg	5089	5060	udp	SIP	Binpac exception: binpac exception: string mismatch at /home/mpurzynski/src/bro/bro-2.4-pfring/src/analyzer/protocol/sip/sip-protocol.pac:70: \x0aexpected pattern: ":"\x0aactual data: " 496704993 2096249773 IN IP4\x0d\x0as=sipcli\x0d\x0ac=IN IP4\x0d\x0at=0 0\x0d\x0am=audio 5097 RTP/AVP 18 0 8 101\x0d\x0aa=fmtp:101 0-15\x0d\x0aa=rtpmap:18 G729/8000\x0d\x0aa=rtpmap:0 PCMU/8000\x0d\x0aa=rtpmap:8 PCMA/8000\x0d\x0aa=rtpmap:101 telephone-event/8000\x0d\x0aa=ptime:20\x0d\x0aa=sendrecv\x0d\x0a"

What kind of data do you want me to attach, to help debugging the issue?

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list