http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1566
Summary: SIP parse error of the Via header
Product: Wireshark
Version: 0.99.5
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Major
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: orid@xxxxxxxxxxxx
Build Information:
Version 0.99.5 (SVN Rev 20677)
Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.10.7, with GLib 2.12.7, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0
(packet.dll version 4.0.0.755), based on libpcap version 0.9.5, without
AirPcap.
Built using Microsoft Visual C++ 6.0 build 8804
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
Some SIP packets are not analyzed correctly, and ended with the error
"[Malformed Packet: SIP]", although the packet is legal.
I suspect Wireshark does not parse correctly packets with the Via header when
the "received" and "rport" properties appear.
Example of such packet:
No. Time Source Destination Protocol
Info
469 14:28:51.160473 62.90.236.36 10.1.6.171 SIP
Status: 200 OK[Malformed Packet]
Frame 469 (631 bytes on wire, 631 bytes captured)
Ethernet II, Src: JuniperN_40:7c:e0 (00:14:f6:40:7c:e0), Dst: Ibm_cd:e8:43
(00:0d:60:cd:e8:43)
Internet Protocol, Src: 62.90.236.36 (62.90.236.36), Dst: 10.1.6.171
(10.1.6.171)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 617
Identification: 0x7b4d (31565)
Flags: 0x00
Fragment offset: 0
Time to live: 113
Protocol: UDP (0x11)
Header checksum: 0x910c [correct]
Source: 62.90.236.36 (62.90.236.36)
Destination: 10.1.6.171 (10.1.6.171)
User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 32828 (32828)
Session Initiation Protocol
Status-Line: SIP/2.0 200 OK
Status-Code: 200
Message Header
From: "Gilad"<sip:[email protected]>;tag=ba618766
SIP Display info: "Gilad"
SIP from address: sip:[email protected]
SIP tag: ba618766
To:
"76119"<sip:[email protected]>;tag=10754f70-24ec5a3e-13c4-45018-17b0cd-4bbaecbd-17b0cd
SIP Display info: "76119"
SIP to address: sip:[email protected]
SIP tag: 10754f70-24ec5a3e-13c4-45018-17b0cd-4bbaecbd-17b0cd
Call-ID: NGJlNDI1OTJiYzY4MjQ4MWYwODg5NjEzNWUzYjZlOWY.
CSeq: 1 INVITE
Accept-Language: 7
WWW-Authenticate: 1
[Malformed Packet: SIP]
0000 00 0d 60 cd e8 43 00 14 f6 40 7c e0 08 00 45 00 ..`..C...@|...E.
0010 02 69 7b 4d 00 00 71 11 91 0c 3e 5a ec 24 0a 01 .i{M..q...>Z.$..
0020 06 ab 13 c4 80 3c 02 55 05 65 53 49 50 2f 32 2e .....<.U.eSIP/2.
0030 30 20 32 30 30 20 4f 4b 0d 0a 46 72 6f 6d 3a 20 0 200 OK..From:
0040 22 47 69 6c 61 64 22 3c 73 69 70 3a 47 69 6c 61 "Gilad"<sip:Gila
0050 64 40 36 32 2e 39 30 2e 32 33 36 2e 33 36 3e 3b [email protected]>;
0060 74 61 67 3d 62 61 36 31 38 37 36 36 0d 0a 54 6f tag=ba618766..To
0070 3a 20 22 37 36 31 31 39 22 3c 73 69 70 3a 37 36 : "76119"<sip:76
0080 31 31 39 40 36 32 2e 39 30 2e 32 33 36 2e 33 36 [email protected]
0090 3e 3b 74 61 67 3d 31 30 37 35 34 66 37 30 2d 32 >;tag=10754f70-2
00a0 34 65 63 35 61 33 65 2d 31 33 63 34 2d 34 35 30 4ec5a3e-13c4-450
00b0 31 38 2d 31 37 62 30 63 64 2d 34 62 62 61 65 63 18-17b0cd-4bbaec
00c0 62 64 2d 31 37 62 30 63 64 0d 0a 43 61 6c 6c 2d bd-17b0cd..Call-
00d0 49 44 3a 20 4e 47 4a 6c 4e 44 49 31 4f 54 4a 69 ID: NGJlNDI1OTJi
00e0 59 7a 59 34 4d 6a 51 34 4d 57 59 77 4f 44 67 35 YzY4MjQ4MWYwODg5
00f0 4e 6a 45 7a 4e 57 55 7a 59 6a 5a 6c 4f 57 59 2e NjEzNWUzYjZlOWY.
0100 0d 0a 43 53 65 71 3a 20 31 20 49 4e 56 49 54 45 ..CSeq: 1 INVITE
0110 0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 ..Accept-Languag
0120 65 3a 20 37 0d 0a 57 57 57 2d 41 75 74 68 65 6e e: 7..WWW-Authen
0130 74 69 63 61 74 65 3a 20 31 0d 0a 56 69 61 3a 20 ticate: 1..Via:
0140 53 49 50 2f 32 2e 30 2f 55 44 50 20 31 30 2e 31 SIP/2.0/UDP 10.1
0150 2e 36 2e 31 37 31 3a 33 32 38 32 38 3b 72 65 63 .6.171:32828;rec
0160 65 69 76 65 64 3d 32 30 33 2e 31 38 39 2e 31 39 eived=203.189.19
0170 31 2e 32 35 31 3b 72 70 6f 72 74 3d 31 37 37 35 1.251;rport=1775
0180 38 3b 62 72 61 6e 63 68 3d 7a 39 68 47 34 62 4b 8;branch=z9hG4bK
0190 2d 64 38 37 35 34 33 2d 34 64 33 32 32 64 34 33 -d87543-4d322d43
01a0 65 65 31 31 34 39 37 65 2d 31 2d 2d 64 38 37 35 ee11497e-1--d875
01b0 34 33 2d 0d 0a 43 6f 6e 74 61 63 74 3a 20 3c 73 43-..Contact: <s
01c0 69 70 3a 37 36 31 31 39 40 36 32 2e 39 30 2e 32 ip:[email protected]
01d0 33 36 2e 33 36 3e 0d 0a 43 6f 6e 74 65 6e 74 2d 36.36>..Content-
01e0 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f Type: applicatio
01f0 6e 2f 73 64 70 0d 0a 43 6f 6e 74 65 6e 74 2d 4c n/sdp..Content-L
0200 65 6e 67 74 68 3a 20 31 30 35 0d 0a 0d 0a 76 3d ength: 105....v=
0210 30 0d 0a 6f 3d 2d 20 30 20 30 20 49 4e 20 49 50 0..o=- 0 0 IN IP
0220 34 20 36 32 2e 39 30 2e 32 33 36 2e 33 36 0d 0a 4 62.90.236.36..
0230 73 3d 2d 0d 0a 63 3d 49 4e 20 49 50 34 20 36 32 s=-..c=IN IP4 62
0240 2e 39 30 2e 32 33 36 2e 33 36 0d 0a 74 3d 30 20 .90.236.36..t=0
0250 30 0d 0a 61 3d 73 65 6e 64 72 65 63 76 0d 0a 6d 0..a=sendrecv..m
0260 3d 61 75 64 69 6f 20 35 30 30 34 20 52 54 50 2f =audio 5004 RTP/
0270 41 56 50 20 38 0d 0a AVP 8..
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
