Hi! Every once in a while I came across certain messages that apparently could not be parsed properly. To track down these I've written a small helper program. Put this into the tests/ subdirectory and follow the compilation instructions! Until now I only found STUN messages that used port 5060 so I might need to increase debugging inside the SER code. Here's the README: This program feeds SIP messages into the SER SIP parser to analyze its behaviour. Valid data sources are live traffic obtained via pcap, previously recorded traffic contained in pcap capture files or a plain containing a single SIP message. Usage: Depending on the command line parameters parser_test switches between the aforementioned modes. - monitoring live traffic: # parser_test -i <interface> -s <pcap dest> - analyzing pcap file: $ parser_test -r <pcap source> -s <pcap dest> - file mode $ parser_test -f <buffer> -s <pcap dest> needs to be set in pcap based modes. This newly generated pcap file contains all messages that could not be parsed properly by parse_msg(). Don't forget to set LD_LIBRARY_PATH to include ../lib/cds when running parser_test, i.e. $ LD_LIBRARY_PATH=../lib/cds ./parser_test -f testfile Compilation: $ gcc -c parser_test.c -o parser_test.o -Wall -g $ gcc -o parser_test parser_test.o -lcds -L../lib/cds -lpcap ../dprint.o \ ../mem/mem.o ../mem/shm_mem.o ../mem/q_malloc.o ../error.o \ ../data_lump*o ../parser/contact/parse_contact.o \ ../parser/contact/contact.o ../parser/digest/*.o ../parser/*.o -g Caveats: - Fragements are not de-fragmented. This could be done using libnids - verbose debug messages The sources as well as the README are available from: http://dump.wormulon.net/parser_test/ -- Hendrik Scholz - &lt;hscholz(a)raisdorf.net&gt; - http://www.wormulon.net/