ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: [Wireshark-users] 300 multiple choices dissection

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Manolis Katsidoniotis <manoska@xxxxxxxxx>
Date: Tue, 10 Sep 2013 21:44:09 -0500

Hello folks

I have the following message traced from wireshark in which the contact header is dissected as in the attachment.

SIP/2.0 300 Multiple Choices
Contact: <sip:1190000107@xxxxxxxxxxx?P-Asserted-Identity=sip:+11900000107%40sr.icst.com>;q=1,<sip:555555555@xxxxxxxxxxx?P-Asserted-Identity=sip:+155555555%40sr.icst.com>;q=2
Call-ID: 00000062-00000F4C-0016D9BD-7@2001:1234:5678:2807::77
CSeq: 1 INVITE
From: <sip:+11100000066@xxxxxxxx>;tag=3916.1497565.14
To: <sip:911@xxxxxxxx>;tag=1828.607964187.596
Via: SIP/2.0/UDP icsthp1fee11.icst.com:6088;branch=z9hG4bK27dc2296bb70;received=10.52.228.69
Via: SIP/2.0/TCP icsthp1fee11.icst.com:6088;branch=z9hG4bKd0e74ba700a5;received=10.52.228.69
Via: SIP/2.0/TCP 10.52.228.69:5090;branch=z9hG4bK0c9ce7d6538136bd5d98293223a2929e;lskpmc=SCF
Via: SIP/2.0/TCP [2001:1234:5678:2807::77];branch=z9hG4bK1497565.3916.28
Content-Length: 0

It looks like the dissector uses “;” as the key divider
whereas in this specific case (for the contact field)
I am under the impression that
the main delimiter should be the comma “,” (and then ";")
as per the example in rfc3261 §20.10 (http://tools.ietf.org/html/rfc3261#section-20.10)

In other words
I believe a more (elegant?) dissection might be like the below
(using the order of preference and perhaps taking the potential "expires" into account as well?)

- Contact: <sip:1190000107@xxxxxxxxxxx?P-Asserted-Identity=sip:+11900000107%40sr.icst.com>;q=1,<sip:555555555@xxxxxxxxxxx?P-Asserted-Identity=sip:+155555555%40sr.icst.com>;q=2

  - Contact: <sip:555555555@xxxxxxxxxxx?P-Asserted-Identity=sip:+155555555%40sr.icst.com>;q=2

    - Contact URI: sip:555555555@xxxxxxxxxxx?P-Asserted-Identity=sip:+155555555%40sr.icst.com

      - Contact URI User part: 555555555

      - Contact URI Host part: sr.icst.com

      - Contact URI Order of preference: 2

  - Contact <sip:1190000107@xxxxxxxxxxx?P-Asserted-Identity=sip:+11900000107%40sr.icst.com>;q=1

    - Contact URI: sip:1190000107@xxxxxxxxxxx?P-Asserted-Identity=sip:+11900000107%40sr.icst.com

      - Contact URI User part: 1190000107

      - Contact URI Host part: sr.icst.com

      - Contact URI Order of preference: 1


any comments?

Thanks
Manolis

Attachment: 300MC_dissected.png
Description: PNG image

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube