nmap results to find open ports for SIP

Question

I suspect that a firewall, or other security, on either the router, or on tleilax or doge is causing a problem with SIP calls. How do I establish that the connection is allowed and not being blocked?

I just want to make a SIP call from 192.168.1.3 to 192.168.1.4; or not even a call. Ring? Beep? Ping? Some sort of "hello world" connection.

192.168.1.1      netgear router
192.168.1.2      asterisk (vicidial)
192.168.1.3      ubuntu client
192.168.1.4      mac OSX client (not shown)

Do I have a firewall problem which would impact a soft phone from establishing a connection?

thufir@doge:~$
thufir@doge:~$ nmap 192.168.1.1

Starting Nmap 6.46 ( http://nmap.org ) at 2015-02-18 06:10 PST
Nmap scan report for 192.168.1.1
Host is up (0.0086s latency).
Not shown: 994 closed ports
PORT      STATE SERVICE
23/tcp    open  telnet
53/tcp    open  domain
80/tcp    open  http
3333/tcp  open  dec-notes
5555/tcp  open  freeciv
49152/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
thufir@doge:~$
thufir@doge:~$ nmap 192.168.1.2

Starting Nmap 6.46 ( http://nmap.org ) at 2015-02-18 06:10 PST
Nmap scan report for 192.168.1.2
Host is up (0.00027s latency).
Not shown: 997 filtered ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 4.95 seconds
thufir@doge:~$
thufir@doge:~$
thufir@doge:~$ ssh thufir@192.168.1.2
Password:
Last login: Mon Feb 16 00:43:01 2015 from 192.168.1.2
Thank you for installing ViciBox Server v.6.0!
This software is available for free download at
http://www.vicibox.com. If you paid for this
software you have been ripped off. Please report
any fraud or abuses of this software to
abuse@vicidial.com. Please report any bugs on
the forum at http://www.vicidial.org

To configure the LAN settings type:
yast lan

To change the server IP in the database type:
/usr/share/astguiclient/ADMIN_update_server_ip.pl

Official paid-for ViciDial support is available at
http://www.vicidial.com

Free community-based ViciDial Support is available
at http://www.vicidial.org/VICIDIALforum

- ViciBox Redux v.6.0.3-141118
Could not chdir to home directory /home/thufir: No such file or directory
thufir@tleilax:/>
thufir@tleilax:/> nmap 192.168.1.3

Starting Nmap 6.40 ( http://nmap.org ) at 2015-02-18 09:14 EST
Nmap scan report for 192.168.1.3
Host is up (0.00075s latency).
Not shown: 998 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
2000/tcp open  cisco-sccp

Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds
thufir@tleilax:/>
thufir@tleilax:/>

see also:

http://thread.gmane.org/gmane.comp.voip.sflphone/1948

Answer 1

This is indeed more a network troubleshooting question than InfoSec. nmap is a great tool for scanning ports but since you do have access to each endpoints, I would use netcat to troubleshoot this.

According Wikipedia, SIP listen on 5060 / 5061 (UDP or TCP). To verify what port is listening you can use one of those tools on the SIP server:

• lsof -P -n -iTCP -sTCP:LISTEN,ESTABLISHED
• netstat -ant
• tcpview (tcpvcon)

Once you figure what is listening, You can use Netcat to verify if a firewall blocks the connection/port.

1. Stop SIP Server, so the port(s) are not listening and free to use
2. Run: netcat -l [-u] 506[0-1]
3. From the client: netcat SIP_Server_IP_FQDN [-u] 506[0-1]
4. Type some random text on the an endpoint, if it appears on the other endpoint then the traffic is not blocked.

-u is for UDP, default is TCP

Answer 2

To reply to your comment with an image: What you type on a client appears on the other client: