-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crashes after a few minutes #42
Comments
Hi @thefinn93 , What command line arguments are you using? I found some crashes while parsing some non-SIP packets. |
no arguments |
As a temporal fix you can filter traffic by port (usually 5060), just to check that is not a problem with SIP packets. sngrep port 5060 I think I can reproduce the problem. What version are you using? Binary or compiled? Thanks a lot for the feedback!! |
Binary from the debian (wheezy) packages. I'll see if it crashes when I use those arguments, so far it hasn't |
Okey, Thanks for the testing :) I'll try to get a crashing pcap file to properly test the fixes. |
Just confirming that that filter definitely fixes it. I left it running all night, has yet to crash. |
I still haven't make it crash, but most of the times it happened, was related with packets that are not SIP but still captured because no bpf filter was applied. Beware! sngrep stores all packet payload in memory! It can eat all of it if letf alone! Thanks a lot for the feedback! |
Some packets with payload with Call-Id headers were being considered SIP packets, and that may no be true. For example, homer packets or moving a sip pcap file to a NFS will create packets with Call-Id in its payload. Improve the regexp for matching METHOD and REQUEST CODE to ensure the payload is an actual SIP message.
Hi,
I've been playing with sngrep a bit on a test PBX, and I find that it crashes after being run for a few minutes. It's not a consistent amount of time, so I assume it's crashing when some data goes in or out and the parser fails. I'd love to be able to give more info, but i'm not really sure how to collect it. I have a pcap of it happening, but need to go through and scrub any passwords/private info out of it before posting. Anything else I should do?
The text was updated successfully, but these errors were encountered: