[bugzilla-daemon@xxxxxxxxxxxxx]

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1566

           Summary: SIP parse error of the Via header
           Product: Wireshark
           Version: 0.99.5
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: orid@xxxxxxxxxxxx


Build Information:
Version 0.99.5 (SVN Rev 20677)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.7, with GLib 2.12.7, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0
(packet.dll version 4.0.0.755), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Some SIP packets are not analyzed correctly, and ended with the error
"[Malformed Packet: SIP]", although the packet is legal.
I suspect Wireshark does not parse correctly packets with the Via header when
the "received" and "rport" properties appear.

Example of such packet:
No.     Time            Source                Destination           Protocol
Info
    469 14:28:51.160473 62.90.236.36          10.1.6.171            SIP     
Status: 200 OK[Malformed Packet]

Frame 469 (631 bytes on wire, 631 bytes captured)
Ethernet II, Src: JuniperN_40:7c:e0 (00:14:f6:40:7c:e0), Dst: Ibm_cd:e8:43
(00:0d:60:cd:e8:43)
Internet Protocol, Src: 62.90.236.36 (62.90.236.36), Dst: 10.1.6.171
(10.1.6.171)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 617
    Identification: 0x7b4d (31565)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 113
    Protocol: UDP (0x11)
    Header checksum: 0x910c [correct]
    Source: 62.90.236.36 (62.90.236.36)
    Destination: 10.1.6.171 (10.1.6.171)
User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 32828 (32828)
Session Initiation Protocol
    Status-Line: SIP/2.0 200 OK
        Status-Code: 200
    Message Header
        From: "Gilad"<sip:Gilad@62.90.236.36>;tag=ba618766
            SIP Display info: "Gilad"
            SIP from address: sip:Gilad@62.90.236.36
            SIP tag: ba618766
        To:
"76119"<sip:76119@62.90.236.36>;tag=10754f70-24ec5a3e-13c4-45018-17b0cd-4bbaecbd-17b0cd
            SIP Display info: "76119"
            SIP to address: sip:76119@62.90.236.36
            SIP tag: 10754f70-24ec5a3e-13c4-45018-17b0cd-4bbaecbd-17b0cd
        Call-ID: NGJlNDI1OTJiYzY4MjQ4MWYwODg5NjEzNWUzYjZlOWY.
        CSeq: 1 INVITE
        Accept-Language: 7
        WWW-Authenticate: 1
[Malformed Packet: SIP]

0000  00 0d 60 cd e8 43 00 14 f6 40 7c e0 08 00 45 00   ..`..C...@|...E.
0010  02 69 7b 4d 00 00 71 11 91 0c 3e 5a ec 24 0a 01   .i{M..q...>Z.$..
0020  06 ab 13 c4 80 3c 02 55 05 65 53 49 50 2f 32 2e   .....<.U.eSIP/2.
0030  30 20 32 30 30 20 4f 4b 0d 0a 46 72 6f 6d 3a 20   0 200 OK..From: 
0040  22 47 69 6c 61 64 22 3c 73 69 70 3a 47 69 6c 61   "Gilad"<sip:Gila
0050  64 40 36 32 2e 39 30 2e 32 33 36 2e 33 36 3e 3b   d@62.90.236.36>;
0060  74 61 67 3d 62 61 36 31 38 37 36 36 0d 0a 54 6f   tag=ba618766..To
0070  3a 20 22 37 36 31 31 39 22 3c 73 69 70 3a 37 36   : "76119"<sip:76
0080  31 31 39 40 36 32 2e 39 30 2e 32 33 36 2e 33 36   119@62.90.236.36
0090  3e 3b 74 61 67 3d 31 30 37 35 34 66 37 30 2d 32   >;tag=10754f70-2
00a0  34 65 63 35 61 33 65 2d 31 33 63 34 2d 34 35 30   4ec5a3e-13c4-450
00b0  31 38 2d 31 37 62 30 63 64 2d 34 62 62 61 65 63   18-17b0cd-4bbaec
00c0  62 64 2d 31 37 62 30 63 64 0d 0a 43 61 6c 6c 2d   bd-17b0cd..Call-
00d0  49 44 3a 20 4e 47 4a 6c 4e 44 49 31 4f 54 4a 69   ID: NGJlNDI1OTJi
00e0  59 7a 59 34 4d 6a 51 34 4d 57 59 77 4f 44 67 35   YzY4MjQ4MWYwODg5
00f0  4e 6a 45 7a 4e 57 55 7a 59 6a 5a 6c 4f 57 59 2e   NjEzNWUzYjZlOWY.
0100  0d 0a 43 53 65 71 3a 20 31 20 49 4e 56 49 54 45   ..CSeq: 1 INVITE
0110  0d 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67   ..Accept-Languag
0120  65 3a 20 37 0d 0a 57 57 57 2d 41 75 74 68 65 6e   e: 7..WWW-Authen
0130  74 69 63 61 74 65 3a 20 31 0d 0a 56 69 61 3a 20   ticate: 1..Via: 
0140  53 49 50 2f 32 2e 30 2f 55 44 50 20 31 30 2e 31   SIP/2.0/UDP 10.1
0150  2e 36 2e 31 37 31 3a 33 32 38 32 38 3b 72 65 63   .6.171:32828;rec
0160  65 69 76 65 64 3d 32 30 33 2e 31 38 39 2e 31 39   eived=203.189.19
0170  31 2e 32 35 31 3b 72 70 6f 72 74 3d 31 37 37 35   1.251;rport=1775
0180  38 3b 62 72 61 6e 63 68 3d 7a 39 68 47 34 62 4b   8;branch=z9hG4bK
0190  2d 64 38 37 35 34 33 2d 34 64 33 32 32 64 34 33   -d87543-4d322d43
01a0  65 65 31 31 34 39 37 65 2d 31 2d 2d 64 38 37 35   ee11497e-1--d875
01b0  34 33 2d 0d 0a 43 6f 6e 74 61 63 74 3a 20 3c 73   43-..Contact: <s
01c0  69 70 3a 37 36 31 31 39 40 36 32 2e 39 30 2e 32   ip:76119@62.90.2
01d0  33 36 2e 33 36 3e 0d 0a 43 6f 6e 74 65 6e 74 2d   36.36>..Content-
01e0  54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f   Type: applicatio
01f0  6e 2f 73 64 70 0d 0a 43 6f 6e 74 65 6e 74 2d 4c   n/sdp..Content-L
0200  65 6e 67 74 68 3a 20 31 30 35 0d 0a 0d 0a 76 3d   ength: 105....v=
0210  30 0d 0a 6f 3d 2d 20 30 20 30 20 49 4e 20 49 50   0..o=- 0 0 IN IP
0220  34 20 36 32 2e 39 30 2e 32 33 36 2e 33 36 0d 0a   4 62.90.236.36..
0230  73 3d 2d 0d 0a 63 3d 49 4e 20 49 50 34 20 36 32   s=-..c=IN IP4 62
0240  2e 39 30 2e 32 33 36 2e 33 36 0d 0a 74 3d 30 20   .90.236.36..t=0 
0250  30 0d 0a 61 3d 73 65 6e 64 72 65 63 76 0d 0a 6d   0..a=sendrecv..m
0260  3d 61 75 64 69 6f 20 35 30 30 34 20 52 54 50 2f   =audio 5004 RTP/
0270  41 56 50 20 38 0d 0a                              AVP 8..


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.