Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 16:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Move SIP analyzer to flowunit instead of datagram

Browse source 
Moving to flowunit simplifies the BinPAC constructs by allowing
the use of &oneline instead of relying on regular expressions
which sometimes didn't work as intended.

Addresses BIT-1458
This commit is contained in:
Vlad Grigorescu 2015-09-03 16:29:58 -05:00
parent d3f513fc80
commit d85e5d776d
4 changed files with 13 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

5
testing/btest/Baseline/scripts.base.protocols.sip.wireshark/sip.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path sip
#open 2015-04-30-03-33-33
#open 2015-09-03-21-02-33
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method uri date request_from request_to response_from response_to reply_to call_id seq subject request_path response_path user_agent status_code status_msg warning request_body_len response_body_len content_type
#types time string addr port addr port count string string string string string string string string string string string vector[string] vector[string] string count string string string string string
1120469572.844249 CXWv6p3arKYeMETxOg 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - <sip:voi18063@sip.cybercity.dk> <sip:voi18063@sip.cybercity.dk> <sip:voi18063@sip.cybercity.dk> <sip:voi18063@sip.cybercity.dk>;tag=00-04092-1701af62-120c67172 - 578222729-4665d775@578222732-4665d772 68 REGISTER - SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 401 Unauthorized - 0 0 -
@ -37,8 +37,9 @@
1120470900.060556 CIPOse170MGiRM1Qf4 192.168.1.2 5060 212.242.33.35 5060 0 ACK sip:0097239287044@sip.cybercity.dk - "arik" <sip:35104723@sip.cybercity.dk> <sip:0097239287044@sip.cybercity.dk>;tag=00-04083-1701ba17-57d493ef5 - - - 24487391-449bf2a0@192.168.1.2 2 ACK - SIP/2.0/UDP 192.168.1.2 (empty) - - - - 0 - -
1120470966.443914 C7XEbhP654jzLoe3a 192.168.1.2 5060 212.242.33.35 5060 0 INVITE sip:35104724@sip.cybercity.dk - "arik" <sip:35104723@sip.cybercity.dk> <sip:35104724@sip.cybercity.dk> "arik" <sip:35104723@sip.cybercity.dk> <sip:35104724@sip.cybercity.dk>;tag=00-04079-1701ba6f-3e08e2f66 - 11894297-4432a9f8@192.168.1.2 1 INVITE - SIP/2.0/UDP 192.168.1.2:5060 SIP/2.0/UDP 192.168.1.2:5060;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 407 authentication required - 270 0 -
1120470966.606422 C7XEbhP654jzLoe3a 192.168.1.2 5060 212.242.33.35 5060 0 INVITE sip:35104724@sip.cybercity.dk Mon, 04 Jul 2005 09:56:06 GMT "arik" <sip:35104723@sip.cybercity.dk> <sip:35104724@sip.cybercity.dk> "arik" <sip:35104723@sip.cybercity.dk> <sip:35104724@sip.cybercity.dk> - 11894297-4432a9f8@192.168.1.2 2 INVITE - SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 100 Trying - 270 0 -
1120470966.606422 C7XEbhP654jzLoe3a 192.168.1.2 5060 212.242.33.35 5060 0 INVITE sip:35104724@sip.cybercity.dk Mon, 04 Jul 2005 09:56:06 GMT "arik" <sip:35104723@sip.cybercity.dk> <sip:35104724@sip.cybercity.dk> "arik" <sip:35104723@sip.cybercity.dk> <sip:35104724@sip.cybercity.dk>;tag=00-04075-1701baa2-2dfdf7c21 - 11894297-4432a9f8@192.168.1.2 2 INVITE - SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 183 In band info available - 270 199 application/sdp
1120470966.606422 C7XEbhP654jzLoe3a 192.168.1.2 5060 212.242.33.35 5060 0 INVITE sip:35104724@sip.cybercity.dk Mon, 04 Jul 2005 09:56:06 GMT "arik" <sip:35104723@sip.cybercity.dk> <sip:35104724@sip.cybercity.dk> "arik" <sip:35104723@sip.cybercity.dk> <sip:35104724@sip.cybercity.dk>;tag=00-04075-1701baa2-2dfdf7c21 - 11894297-4432a9f8@192.168.1.2 2 INVITE - SIP/2.0/UDP 192.168.1.2:5060,SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 480 Error - 270 0 application/sdp
1120470984.353086 C7XEbhP654jzLoe3a 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - <sip:35104723@sip.cybercity.dk> <sip:35104723@sip.cybercity.dk> <sip:35104723@sip.cybercity.dk> <sip:35104723@sip.cybercity.dk>;tag=00-04074-1701bac9-1daa0b4c5 - 29858147-465b0752@29858051-465b07b2 5 REGISTER - SIP/2.0/UDP 192.168.1.2,SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 401 Unauthorized - 0 0 -
1120471018.723316 C7XEbhP654jzLoe3a 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - <sip:35104723@sip.cybercity.dk> <sip:35104723@sip.cybercity.dk> <sip:35104723@sip.cybercity.dk> <sip:35104723@sip.cybercity.dk> - 29858147-465b0752@29858051-465b07b2 6 REGISTER - SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 100 Trying - 0 0 -
1120471018.723316 C7XEbhP654jzLoe3a 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - <sip:35104723@sip.cybercity.dk> <sip:35104723@sip.cybercity.dk> <sip:35104723@sip.cybercity.dk> <sip:35104723@sip.cybercity.dk>;tag=00-04087-1701bae7-76fb74995 - 29858147-465b0752@29858051-465b07b2 6 REGISTER - SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 200 OK - 0 0 -
#close 2015-04-30-03-33-33
#close 2015-09-03-21-02-33