Custom App for unknown SIP traffic

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Custom App for unknown SIP traffic

L0 Member

Hi.

 

I need to create a Custom App for SIP traffic that is not identified by the firewall. I see that you can match on the sip headers but not sure how to write the pattern. 

 

Have done capture of the traffic and this is what I got...

What can be used here and how do I write the pattern?

 

INVITE sip:2574@10.100.118.40 SIP/2.0

Min-SE: 300

Date: Wed, 02 Feb 2022 11:11:28 GMT

CSeq: 1 INVITE

Via: SIP/2.0/UDP 10.100.254.103:5060;branch=z9hG4bK1b1aeaa5-f022-1910-8d14-00d8614b2eed;rport

Session-Expires: 3600;refresher=uas

User-Agent: NVTVoIP/8.3.0.1765

From: "Seng 2128" <sip:nvm@10.100.254.103>;tag=1b1aeaa5-f022-1910-8d11-00d8614b2eed

Call-ID: 1b1aeaa5-f022-1910-8d12-00d8614b2eed@FANTOFTMBB

Supported: timer, x-siemens-sipqv2

Organization: New Voice

To: <sip:2574@10.100.118.40>

P-Asserted-Identity: "Seng 2128" <sip:nvm@10.100.254.103>

Contact: <sip:nvm@10.100.254.103>

Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,SUBSCRIBE,NOTIFY,REFER,MESSAGE,INFO,PING

Content-Type: application/sdp

Content-Length: 308

Max-Forwards: 70

 

v=0

o=- 1643800288 1 IN IP4 10.100.254.103

s=Opal SIP Session

c=IN IP4 10.100.254.103

t=0 0

m=audio 5144 RTP/AVP 8 0 101 100

a=sendrecv

a=rtpmap:8 PCMA/8000/1

a=rtpmap:0 PCMU/8000/1

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-16,32,36

a=rtpmap:100 NSE/8000

a=fmtp:100 192-193

a=maxptime:240

SIP/2.0 100 Trying

To: <sip:2574@10.100.118.40>

From: "Seng 2128" <sip:nvm@10.100.254.103>;tag=1b1aeaa5-f022-1910-8d11-00d8614b2eed

Call-ID: 1b1aeaa5-f022-1910-8d12-00d8614b2eed@FANTOFTMBB

CSeq: 1 INVITE

Via: SIP/2.0/UDP 10.100.254.103:5060;received=10.100.254.103;branch=z9hG4bK1b1aeaa5-f022-1910-8d14-00d8614b2eed;rport=5060

Content-Length: 0

 

SIP/2.0 180 Ringing

Allow: INVITE, ACK, CANCEL, BYE, PRACK, NOTIFY, REFER, SUBSCRIBE, OPTIONS, UPDATE

Contact: sip:10.100.118.40

User-Agent: OmniPCX Enterprise R11.2.2 l2.300.31.b

P-Asserted-Identity: "Gruppe 7-1 Oster" <sip:2574@nordhord;user=phone>

To: <sip:2574@10.100.118.40>;tag=b2de9e36b543975d4ff88de7dec5e216

From: "Seng 2128" <sip:nvm@10.100.254.103>;tag=1b1aeaa5-f022-1910-8d11-00d8614b2eed

Call-ID: 1b1aeaa5-f022-1910-8d12-00d8614b2eed@FANTOFTMBB

CSeq: 1 INVITE

Via: SIP/2.0/UDP 10.100.254.103:5060;received=10.100.254.103;branch=z9hG4bK1b1aeaa5-f022-1910-8d14-00d8614b2eed;rport=5060

Content-Length: 0

0 REPLIES 0
  • 1831 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!