ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 3406] New: Wrong interpretation in SIP branch field of Via

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 10 Apr 2009 02:34:15 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3406

           Summary: Wrong interpretation in SIP branch field of Via Header
                    with multiple field implementation, with comma separed
                    values.
           Product: Wireshark
           Version: 1.0.7
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Critical
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: donatello.boccaforno@xxxxxxxxxx


Created an attachment (id=2927)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2927)
A Voice Call SIP flow. The 2nd INVITE has the issue

Build Information:
Version 1.0.7 (SVN Rev 28014)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with ADNS, with Lua 5.1, with GnuTLS 2.6.3, with Gcrypt 1.4.3, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, with AirPcap
2.0.0 build 708.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
In packet details View, I found a wrong interpretation of the SIP branch field
in Via header when multiple header fields of the same field name whose value is
a comma-separated list can be combined into one header field (so as mentioned
in RFC3261 page 29, paragraph 7.3).

I.e.: with header Via like following 

v: SIP/2.0/UDP
138.132.107.234:6060;branch=z9hG4bK.sSsS.8a846bea.fb49ad715b9bf5b1a2327444b4033ba-0.2093_root,
SIP/2.0/UDP 138.132.107.234:4003;branch=z9hG4bK-14302-1-9

branch field is displayed like this

Branch: z9hG4bK.sSsS.8a846bea.fb49ad715b9bf5b1a2327444b4033ba-0.2093_root,


See the attached SIP trace file.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube