[Bro-Dev] [JIRA] (BIT-1458) Lots of binpac exceptions in SIP
Michal Purzynski (JIRA)
jira at bro-tracker.atlassian.net
Tue Aug 18 21:19:00 PDT 2015
Michal Purzynski created BIT-1458:
-------------------------------------
Summary: Lots of binpac exceptions in SIP
Key: BIT-1458
URL: https://bro-tracker.atlassian.net/browse/BIT-1458
Project: Bro Issue Tracker
Issue Type: Problem
Components: BinPAC
Affects Versions: 2.4
Environment: Linux 3.19, Ubuntu 14.04 LTS, Asterisk for VOIP, plain SIP plus RDP no encryption
Reporter: Michal Purzynski
There's quite a bit of binpac exception in dpd.log on office sensors, that can see SIP traffic. The log message is always the same (I think).
1439957552.911869 ChGboH2ZriUae63ufg 23.92.80.45 5089 10.252.40.4 5060 udp SIP Binpac exception: binpac exception: string mismatch at /home/mpurzynski/src/bro/bro-2.4-pfring/src/analyzer/protocol/sip/sip-protocol.pac:70: \x0aexpected pattern: ":"\x0aactual data: " 496704993 2096249773 IN IP4 23.92.80.45\x0d\x0as=sipcli\x0d\x0ac=IN IP4 23.92.80.45\x0d\x0at=0 0\x0d\x0am=audio 5097 RTP/AVP 18 0 8 101\x0d\x0aa=fmtp:101 0-15\x0d\x0aa=rtpmap:18 G729/8000\x0d\x0aa=rtpmap:0 PCMU/8000\x0d\x0aa=rtpmap:8 PCMA/8000\x0d\x0aa=rtpmap:101 telephone-event/8000\x0d\x0aa=ptime:20\x0d\x0aa=sendrecv\x0d\x0a"
What kind of data do you want me to attach, to help debugging the issue?
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-01-193#70101)
More information about the bro-dev
mailing list