Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: [Wireshark-dev] SIP heuristics

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Wed, 7 Jun 2006 15:32:25 +0200 (CEST)

Hi,

Now that the dust is settling (until the user community comes barging in
;) let us slowly get back to the real stuff.

I've got trouble with SIP heuristics. Currently it tries to see if the
packet contains what looks like a few tokens, which are checked to certain
criteria. The trouble is that I've got SIP lines packed up in other
(binary coded) protocols, which do contain NULL characters. Still the SIP
heuristics take that as being part of the request line...... That can't be
right, can it? Shouldn't the heuristics take the UDP/TCP payload and take
the _zero terminated_ string in there to determine if it is a SIP packet
after all?

Your thoughts please,
Jaap
  • Prev by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 18308: /trunk/ /trunk/epan/dissectors/: Makefile.common /trunk/: AUTHORS
  • Next by Date: [Wireshark-dev] Major announcement
  • Previous by thread: Re: [Wireshark-dev] [Wireshark-commits] rev 18308: /trunk/ /trunk/epan/dissectors/: Makefile.common /trunk/: AUTHORS
  • Next by thread: [Wireshark-dev] SIP heuristics
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation