Nmap
nmap 結果以查找 SIP 的開放埠
tleilax
我懷疑路由器或路由器上的防火牆或其他安全措施doge
導致 SIP 呼叫出現問題。如何確定連接被允許且未被阻止?我只想從
192.168.1.3
to撥打 SIP 電話192.168.1.4
;甚至沒有一個電話。戒指?嘟?平?某種“hello world”連接。192.168.1.1 netgear router 192.168.1.2 asterisk (vicidial) 192.168.1.3 ubuntu client 192.168.1.4 mac OSX client (not shown)
我是否有會影響軟電話建立連接的防火牆問題?
thufir@doge:~$ thufir@doge:~$ nmap 192.168.1.1 Starting Nmap 6.46 ( http://nmap.org ) at 2015-02-18 06:10 PST Nmap scan report for 192.168.1.1 Host is up (0.0086s latency). Not shown: 994 closed ports PORT STATE SERVICE 23/tcp open telnet 53/tcp open domain 80/tcp open http 3333/tcp open dec-notes 5555/tcp open freeciv 49152/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds thufir@doge:~$ thufir@doge:~$ nmap 192.168.1.2 Starting Nmap 6.46 ( http://nmap.org ) at 2015-02-18 06:10 PST Nmap scan report for 192.168.1.2 Host is up (0.00027s latency). Not shown: 997 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 4.95 seconds thufir@doge:~$ thufir@doge:~$ thufir@doge:~$ ssh thufir@192.168.1.2 Password: Last login: Mon Feb 16 00:43:01 2015 from 192.168.1.2 Thank you for installing ViciBox Server v.6.0! This software is available for free download at http://www.vicibox.com. If you paid for this software you have been ripped off. Please report any fraud or abuses of this software to abuse@vicidial.com. Please report any bugs on the forum at http://www.vicidial.org To configure the LAN settings type: yast lan To change the server IP in the database type: /usr/share/astguiclient/ADMIN_update_server_ip.pl Official paid-for ViciDial support is available at http://www.vicidial.com Free community-based ViciDial Support is available at http://www.vicidial.org/VICIDIALforum - ViciBox Redux v.6.0.3-141118 Could not chdir to home directory /home/thufir: No such file or directory thufir@tleilax:/> thufir@tleilax:/> nmap 192.168.1.3 Starting Nmap 6.40 ( http://nmap.org ) at 2015-02-18 09:14 EST Nmap scan report for 192.168.1.3 Host is up (0.00075s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 2000/tcp open cisco-sccp Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds thufir@tleilax:/> thufir@tleilax:/>
也可以看看:
這確實是一個網路故障排除問題,而不是 InfoSec。nmap 是一個很好的埠掃描工具,但由於您確實可以訪問每個端點,我會使用 netcat 來解決這個問題。
根據Wikipedia,SIP 監聽 5060 / 5061(UDP 或 TCP)。要驗證哪個埠正在偵聽,您可以使用 SIP 伺服器上的這些工具之一:
- lsof -P -n -iTCP -sTCP:LISTEN,ESTABLISHED
- netstat -ant
- tcpview (tcpvcon)
一旦確定了正在偵聽的內容,您就可以使用 Netcat 來驗證防火牆是否阻止了連接/埠。
- 停止 SIP 伺服器,因此埠未偵聽並且可以免費使用
- 執行:netcat -l$$ -u $$506$$ 0-1 $$
- 從客戶端:netcat SIP_Server_IP_FQDN $$ -u $$506$$ 0-1 $$
- 在一個端點上鍵入一些隨機文本,如果它出現在另一個端點上,則不會阻止流量。
-u 用於 UDP,預設為 TCP