SIP Analyzer

Description

topic/vladg/sip has a SIP analyzer.

Environment

None

Activity

Show:
Aashish Sharma
April 3, 2015, 6:18 PM

I've been running vlad's branch (2443d319112fd345878766618951c56c2fd65fbd) for a long while and for all practical purposes, its been running stable and blocking sip scanners and logging sip sessions.

There are a couple unknown_SIP_method (SUBSCRIBE and NOTIFY) in weird logs. I will send vlad pcaps for these specific ones. At present, I don't know if these are affecting anything per se.

Robin Sommer
April 10, 2015, 6:11 PM

Seth going to review the code.

Vlad Grigorescu
April 10, 2015, 7:13 PM

Aashish - can you send me those PCAPs whenever you get a chance?

I believe that traffic is actually SSDP and not SIP, but maybe I can tighten up the DPD sig a bit.

Vlad Grigorescu
April 20, 2015, 3:19 AM

I merged master, updated the tests (no changes to bro-testing and bro-testing-private), and updated NEWS.

Assignee

Robin Sommer

Reporter

Vlad Grigorescu

Labels

None

External issue ID

None

Components

Fix versions

Affects versions

Priority

Normal
Configure