SDP Keywords ============ The SDP keywords are implemented as sticky buffers and can be used to match on fields in SDP messages. ======================================== ================== Keyword Direction ======================================== ================== sdp.origin Both sdp.session_name Both sdp.session_info Both sdp.uri Both sdp.email Both sdp.connection_data Both sdp.bandwidth Both sdp.time Both sdp.repeat_time Both sdp.timezone Both sdp.encryption_key Both sdp.attribute Both sdp.media.media Both sdp.media.session_info Both sdp.media.connection_data Both sdp.media.encryption_key Both ======================================== ================== sdp.origin ---------- This keyword matches on the originator found in an SDP request or response. Syntax ~~~~~~ :: sdp.origin; content:; Where is an originator that follows the SDP Origin (o=) scheme. Examples ~~~~~~~~ :: sdp.origin; content:"SIPPS 105015165 105015162 IN IP4 192.168.1.2"; sdp.session_name ---------------- This keyword matches on the session name found in an SDP request or response. Syntax ~~~~~~ :: sdp.session_name; content:; Where is a name that follows the SDP Session name (s=) scheme. Examples ~~~~~~~~ :: sdp.session_name; content:"SIP call"; sdp.session_info ---------------- This keyword matches on the session information found in an SDP request or response. Syntax ~~~~~~ :: sdp.session_info; content:; Where is a description that follows the SDP Session information (i=) scheme. Examples ~~~~~~~~ :: sdp.session_info; content:"Session Description Protocol"; sdp.uri ------- This keyword matches on the URI found in an SDP request or response. Syntax ~~~~~~ :: sdp.uri; content:; Where is a URI (u=) that the follows the SDP scheme. Examples ~~~~~~~~ :: sdp.uri; content:"https://www.sdp.proto" sdp.email --------- This keyword matches on the email found in an SDP request or response. Syntax ~~~~~~ :: sdp.email; content: Where is an email address (e=) that follows the SDP scheme. Examples ~~~~~~~~ :: sdp.email; content:"j.doe@example.com (Jane Doe)"; sdp.phone_number ---------------- This keyword matches on the phone number found in an SDP request or response. Syntax ~~~~~~ :: sdp.phone_number; content: Where is a phone number (p=) that follows the SDP scheme. Examples ~~~~~~~~ :: sdp.phone_number; content:"+1 617 555-6011 (Jane Doe)"; sdp.connection_data ------------------- This keyword matches on the connection found in an SDP request or response. Syntax ~~~~~~ :: sdp.connection_data; content:; Where is a connection (c=) that follows the SDP scheme. Examples ~~~~~~~~ :: sdp.connection_data; content:"IN IP4 192.168.1.2" sdp.bandwidth ------------- This keyword matches on the bandwidths found in an SDP request or response. Syntax ~~~~~~ :: sdp.bandwidth; content: Where is a bandwidth (b=) that follows the SDP scheme. Example ~~~~~~~ :: sdp.bandwidth; content:"AS:64" sdp.time -------- This keyword matches on the time found in an SDP request or response. Syntax ~~~~~~ :: sdp.time; content: