k=prompt\x0d
a=sendrecv\x0d
m=audio 30000 RTP/AVP 0 8 97 2 3\x0d
+i=media info\x0d
+c=IN IP4 192.168.1.2\x0d
+k=prompt\x0d
+a=rtpmap:0 pcmu/8000\x0d\x0a";);
+default < (content:"SIP/2.0 200 Ok\x0d
+Via: SIP/2.0/UDP 192.168.1.2:5060;branch=z9hG4bKnp104984053-44ce4a41192.168.1.2;rport\x0d
+From: \"arik\" <sip:816666@voip.brurjula.net>;tag=6433ef9\x0d
+To: <sip:97239287044@voip.brujula.net>\x0d
+Call-ID: 105090259-446faf7a@192.168.1.2\x0d
+CSeq: 1 INVITE\x0d
+User-Agent: Nero SIPPS IP Phone Version 2.0.51.16\x0d
+Expires: 120\x0d
+Accept: application/sdp\x0d
+Content-Type: application/sdp\x0d
+Content-Length: 272\x0d
+Contact: <sip:816666@192.168.1.2>\x0d
+Max-Forwards: 70\x0d
+Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, INFO\x0d
+\x0d
+v=0\x0d
+o=SIPPS 105015165 105015162 IN IP4 192.168.1.2\x0d
+s=SIP call\x0d
+i=Session Description Protocol\x0d
+u=https://www.sdp.proto\x0d
+e=j.doe@example.com (Jane Doe)\x0d
+p=+1 617 555-6011 (Jane Doe)\x0d
+c=IN IP4 192.168.1.2\x0d
+b=AS:64\x0d
+t=3034423619 3042462419\x0d
+r=604800 3600 0 90000\x0d
+z=2882844526 -1h 2898848070 0\x0d
+k=prompt\x0d
+a=sendrecv\x0d
+m=audio 30000 RTP/AVP 0 8 97 2 3\x0d
+i=media info\x0d
+c=IN IP4 192.168.1.2\x0d
+k=prompt\x0d
+a=rtpmap:0 pcmu/8000\x0d
+m=audio 20000 RTP/AVP 0 8 97 2 3\x0d
a=rtpmap:0 pcmu/8000\x0d\x0a";);
--- /dev/null
+alert sip any any -> any any (flow:to_server; sdp.origin; content:"SIPPS 105015165 105015162 IN IP4 192.168.1.2"; sdp.session_name; content:"SIP call"; \
+ sdp.session_info; content:"Session Description Protocol"; sid:1;)
+alert sip any any -> any any (flow:to_server; sdp.uri; content:"https://www.sdp.proto"; sdp.email; content:"j.doe@example.com (Jane Doe)"; \
+ sdp.phone_number; content:"+1 617 555-6011 (Jane Doe)"; sid:2;)
+alert sip any any -> any any (flow:to_server; sdp.connection_data; content:"IN IP4 192.168.1.2"; sdp.bandwidth; content:"AS:64"; sid:3;)
+alert sip any any -> any any (flow:to_server; sdp.time; content:"3034423619 3042462419"; sdp.repeat_time; content:"604800 3600 0 90000"; \
+ sdp.timezone; content:"2882844526 -1h 2898848070 0"; sid:4;)
+alert sip any any -> any any (flow:to_server; sdp.encryption_key; content:"prompt"; sdp.attribute; content:"sendrecv"; sid:5;)
+alert sip any any -> any any (flow:to_server; sdp.media.media; content:"audio 30000 RTP/AVP 0 8 97 2 3"; sdp.media.encryption_key; content:"prompt"; \
+ sdp.media.connection_data; content:"IN IP4 192.168.1.2"; sdp.media.media_info; content:"media info"; sid:6;)
+alert sip any any -> any any (flow:to_client; sdp.origin; content:"SIPPS 105015165 105015162 IN IP4 192.168.1.2"; sdp.session_name; content:"SIP call"; \
+ sdp.session_info; content:"Session Description Protocol"; sid:7;)
+alert sip any any -> any any (flow:to_client; sdp.uri; content:"https://www.sdp.proto"; sdp.email; content:"j.doe@example.com (Jane Doe)"; \
+ sdp.phone_number; content:"+1 617 555-6011 (Jane Doe)"; sid:8;)
+alert sip any any -> any any (flow:to_client; sdp.connection_data; content:"IN IP4 192.168.1.2"; sdp.bandwidth; content:"AS:64"; sid:9;)
+alert sip any any -> any any (flow:to_client; sdp.time; content:"3034423619 3042462419"; sdp.repeat_time; content:"604800 3600 0 90000"; \
+ sdp.timezone; content:"2882844526 -1h 2898848070 0"; sid:10;)
+alert sip any any -> any any (flow:to_client; sdp.encryption_key; content:"prompt"; sdp.attribute; content:"sendrecv"; sid:11;)
+alert sip any any -> any any (flow:to_client; sdp.media.media; content:"audio 30000 RTP/AVP 0 8 97 2 3"; sdp.media.encryption_key; content:"prompt"; \
+ sdp.media.connection_data; content:"IN IP4 192.168.1.2"; sdp.media.media_info; content:"media info"; sid:12;)
sip.sdp.encryption_key: prompt
sip.sdp.attributes[0]: sendrecv
sip.sdp.media_descriptions[0].media: audio 30000 RTP/AVP 0 8 97 2 3
+ sip.sdp.media_descriptions[0].media_info: media info
+ sip.sdp.media_descriptions[0].connection_data: IN IP4 192.168.1.2
+ sip.sdp.media_descriptions[0].encryption_key: prompt
sip.sdp.media_descriptions[0].attributes[0]: rtpmap:0 pcmu/8000
-
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 1
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 2
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 3
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 4
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 5
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 6
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 7
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 8
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 9
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 10
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 11
+ - filter:
+ count: 1
+ match:
+ event_type: alert
+ alert.signature_id: 12
projects / thirdparty / suricata-verify.git / commitdiff
