Jan
23
2009
2

Asterisk Troubleshooting and Using nmap to determine port status of SIP and IAX2

nmap is a commonly used tool distributed with Linux (and available for many OSes) for mapping networks and port scanning.  Since almost every networked application runs on TCP/IP it is crucial to have the ability to troubleshoot every layer of the stack(OSI model).  A misconfigured firewall can easily cause hours of frustration.

We will use Asterisk as an example but the following tutorial could easily be applied to any network application.  If you run Asterisk PBX systems across many networks you have probably encountered firewalls.  Errant firewalls can cause huge headaches.  In some cases you may question if access to SIP & IAX2 ports on the firewall are being blocked.

Conventional wisdom:

[matt@mattcom1 ~]$ telnet localhost 22
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
SSH-2.0-OpenSSH_5.1

Using Telnet to verify that a port is listening for incoming connections is great for a host of common TCP applications like smtp(25), http(80) or FTP(21).  But for large scale port mapping and network scanning you may need a beefier tool.  In comes nmap.

Lets start with some nmap basics then run through the IAX2/SIP scenario. Below is nmap with the ‘-O’ switch and my local subnet at home.  The ‘-O’ switch will set nmap to determine remote host Operating System.  192.168.1.0 means network (range) and ‘/24’ tells us that it is a 24 bit subnet mask or ‘255.255.255.0’.

[root@mattcom1 ~]# nmap -O 192.168.1.0/24


Starting Nmap 4.68 ( http://nmap.org ) at 2009-01-23 16:31 PST
Interesting ports on 192.168.1.1:
Not shown: 1714 closed ports
PORT   STATE SERVICE
80/tcp open  http
MAC Address: 00:0F:66:CA:B7:B7 (Cisco-Linksys)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=4.68%D=1/23%OT=80%CT=1%CU=39191%PV=Y%DS=1%G=Y%M=000F66%TM=497A617
OS:A%P=i386-redhat-linux-gnu)SEQ(SP=0%GCD=64%ISR=50%TI=I%II=I%SS=S%TS=U)SEQ
OS:(SP=A%GCD=A%ISR=50%TI=I%II=I%SS=S%TS=U)OPS(O1=M5B4%O2=M5B4%O3=M5B4%O4=M5
OS:B4%O5=M5B4%O6=M5B4)WIN(W1=16D0%W2=16D0%W3=16D0%W4=16D0%W5=16D0%W6=16D0)E
OS:CN(R=Y%DF=N%T=96%W=3%O=%CC=N%Q=U)T1(R=Y%DF=N%T=96%S=O%A=S+%F=AS%RD=0%Q=)
OS:T2(R=Y%DF=N%T=96%W=80%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=N%T=96%W=100%S=Z
OS:%A=S+%F=AR%O=%RD=0%Q=)T4(R=Y%DF=N%T=96%W=400%S=A%A=S%F=AR%O=%RD=0%Q=)T5(
OS:R=Y%DF=N%T=96%W=7A69%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=96%W=8000%S=
OS:A%A=S%F=AR%O=%RD=0%Q=)T7(R=Y%DF=N%T=96%W=FFFF%S=Z%A=S+%F=AR%O=%RD=0%Q=)U
OS:1(R=Y%DF=N%T=96%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=
OS:G)IE(R=Y%DFI=N%T=96%TOSI=Z%CD=S%SI=S%DLI=S)


Network Distance: 1 hop


Interesting ports on 192.168.1.2:
Not shown: 1714 closed ports
PORT   STATE SERVICE
80/tcp open  http
MAC Address: 00:90:4C:91:00:01 (Epigram)
Device type: general purpose
Running: Linux 2.4.X
OS details: Linux 2.4.18 – 2.4.32 (likely embedded)
Uptime: 0.115 days (since Fri Jan 23 13:45:46 2009)
Network Distance: 1 hop


All 1715 scanned ports on 192.168.1.105 are filtered
MAC Address: 00:1E:8C:B4:17:D8 (Asustek Computer)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop


Interesting ports on 192.168.1.108:
Not shown: 1711 closed ports
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-term-serv
MAC Address: 00:1C:C4:2E:7F:33 (Hewlett Packard)
Device type: general purpose
Running: Microsoft Windows Vista
OS details: Microsoft Windows Vista
Uptime: 0.055 days (since Fri Jan 23 15:12:49 2009)
Network Distance: 1 hop


Interesting ports on 192.168.1.254:
Not shown: 1709 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
111/tcp  open  rpcbind
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
2000/tcp open  callbook
6000/tcp open  X11
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 – 2.6.24
Uptime: 0.207 days (since Fri Jan 23 11:34:02 2009)
Network Distance: 0 hops


OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 256 IP addresses (5 hosts up) scanned in 32.049 seconds


Okay so if you look at my local Asterisk server(192.168.1.254) you will notice that many ports are open but none of them are SIP(5060)or IAX2(4569).  Why is that?  Below the ‘-sT’ switch means SYN scan of TCP ports.

[root@mattcom1 ~]# nmap -sT 192.168.1.254


Starting Nmap 4.68 ( http://nmap.org ) at 2009-01-23 17:37 PST
Interesting ports on 192.168.1.254:
Not shown: 1709 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
111/tcp  open  rpcbind
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
2000/tcp open  callbook
6000/tcp open  X11

Even though Asterisk is up with a Polycom Soundpoint IP attached no SIP port appears open.  The mystery is solved if we take a close look at how a SIP calls are initiated.  SIP calls are initiated on UDP port 5060.  After the initial handshake the client opens up a series of RTP streams for audio, video, or whatever media is being relayed through SIP.  If we change the flags on the nmap tool we can see if the port is open.

[root@mattcom1 ~]# nmap -sU -p 5060 192.168.1.254


Starting Nmap 4.68 ( http://nmap.org ) at 2009-01-23 18:51 PST
Interesting ports on 192.168.1.254:
PORT     STATE         SERVICE
5060/udp open|filtered sip

We SYN scanned port UDP 5060 and the ‘STATE’ is ‘open|filtered’.  When asterisk is shut down… or the port is blocked, as we can see below…

[root@mattcom1 ~]# nmap -sU -p 5060 192.168.1.254


Starting Nmap 4.68 ( http://nmap.org ) at 2009-01-23 19:12 PST
Interesting ports on 192.168.1.254:
PORT     STATE  SERVICE
5060/udp closed sip


Nmap done: 1 IP address (1 host up) scanned in 0.114 seconds

The same is true for IAX2 as SIP.  When Asterisk is off the ‘STATE’ shows ‘closed’. One last note, the ‘open|filtered’ state could legitimately be filtered, but by checking when Asterisk(or whatever UDP service) is on and off you can tell for sure.  I got some great information at nmap.org, I encourage anyone interested to check it out.

Jan
21
2009
2

Windows 7 Beta running on Fedora 10 KVM

I was interested to know if the Windows 7 Beta was bootable in Fedora 10 w/ KVM/libvirt setup.  I was surprised that it was a fairly quick and flawless install.  In fact I was happy to finally see a Microsoft product worth getting excited for.

Installing Windows 7

The install was painless with no driver errors, crashes and just one reboot.  Woot.  Installs faster on Linux hypervisor than an ordinary machine!  Or at least it seemed like it.

Ugly default desktop with KDE 4.0 like widgets

So far my overall assesment is that the interface seems to be getting steadily worse since Windows XP, but performence wise it seems waaaaaay faster than Vista.  Also let me point out you can change the Desktop Theme to something that looks XP’ish.

It installed quickly and easily, detected all my drivers and seems to be faster on a limited resources VM then on my Intel 2.6 GHZ Vista system.  We’ll see as I use it further…

My fear is that I’m getting some stripped down Beta that is really fast but gets slower as we get closer to release.  If any of you have experiences you wish to share about Windows 7 and VM’s send me a post!

-Matt

Written by mattb in: Linux,Xen | Tags: , , , , , , , ,
Jan
21
2009
0

Lono – Cutest Cat in the World Discovered!

my cat

my cat

*study may in fact not be a real study

Jan
12
2009
3

Setting Fedora 10 to boot to command prompt i.e. run level 3

Fedora 10 uses a new grapical boot loader named plymouth.  Supposedly it is much faster than the old rhgb(redhat graphical bootloader).  Espcially if you have a Radeon grahpics card.  Plymouth employ’s the use of kernel-mode driver setting’s passed from grub.conf file. This feature may let you enjoy a fast high resolution grapical boot.  If you have the right grapics card.  Specifically a Radeon R500 or higher…  …sweet.  Now the 35% of users that bought a Radeon over Nvidia can enjoy a quicker boot.  Thank you RedHat.  Thank you.

Annoyingly if you don’t have a decent Radeon card the system boots in an ugly 640×480 resolution, but that’s no worse than rhgb in the last release.  Booting to an X login screen may be nice for the casual user, but I prefer watching my services start at boot.  So naturaly the first thing I do after a new installation is edit my ‘/etc/inittab’ to boot to a command prompt (runlevel 3).  The numeral highlighted in red is the run level Linux will boot to by default.  Also known as the ‘default run level’.  🙂

example:

# inittab is only used by upstart for the default runlevel.
#
# ADDING OTHER CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# System initialization is started by /etc/event.d/rcS
#
# Individual runlevels are started by /etc/event.d/rc[0-6]
#
# Ctrl-Alt-Delete is handled by /etc/event.d/control-alt-delete
#
# Terminal gettys (tty[1-6]) are handled by /etc/event.d/tty[1-6] and
# /etc/event.d/serial
#
# For information on how to write upstart event handlers, or how
# upstart works, see init(8), initctl(8), and events(5).
#
# Default runlevel. The runlevels used are:
#   0 – halt (Do NOT set initdefault to this)
#   1 – Single user mode
#   2 – Multiuser, without NFS (The same as 3, if you do not have networking)
#   3 – Full multiuser mode
#   4 – unused
#   5 – X11
#   6 – reboot (Do NOT set initdefault to this)
#
id:3:initdefault:

So usually this would be good.  Sadly no.  Plymouth will boot in graphical mode anyway until all your services are loaded then kill the X session to a command prompt.  But there is a silver lining in all this… if you have a great Radeon card you can watch in high resolution the stunning blue background and progress bar until it dumps you to a prompt!

So after much googling I found Fedora’s Doc’s(sorta), well it was more like a basic run down of Plymouth.  The Doc said that if you delete the ‘rhgb’ as a kernel option in the grub.conf plymouth will boot without hiding the run level status.  Below is an example of the ‘/boot/grub/grub.conf’ without the rhgb kernel option.

grub.conf example:

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroupmattcom1/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=1
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora (2.6.27.9-159.fc10.i686)
root (hd0,0)
kernel /vmlinuz-2.6.27.9-159.fc10.i686 ro root=/dev/VolGroupmattcom1/LogVol00 rhgb quiet
initrd /initrd-2.6.27.9-159.fc10.i686.img

Delete ‘rhgb’ save and reboot.  Good luck with Fedora 10.  It is not as polished as some other previous releases but I’m working through it.

-Matt

Written by mattb in: Linux | Tags: , , , ,
Jan
09
2009
0

Fedora, Asterisk, Polycom and making dhcp option 66

My main job at work is to build, configure, maintain, etc… Asterisk phone systems.  Every phone system needs phones and the most popular VoIP phones for Asterisk are the Polycom Soundpoint IP SIP phones.  One of the great features of the SoundPoint IP series is the ability to easily manage a large number of phones by storing their configuration files on a central FTP server.  In this article:

1) I briefly explain the Polycom Soundpoint IP series FTP boot process(not a tutorial).

2) provide a basic example of a dhcpd.conf that supplies FTP credentials for the Polycom phones via DHCP.

The Polycom phone boots up and attempts to retrieve it’s configuration file and check for firmware updates.  The ftp username and password are entered during the first boot of the phone.  For a small number of phones this is fine, but Polycom Soundpoint IP phones have the built-in ‘option 66’ for easily deploying an unlimited number of phones.

Option 66 is a term used by some DHCP vendors to describe DHCP code 66.  This option code(when set) supplies a TFTP boot server address to the DHCP client to boot from.  In our case we’re talking about VoIP phones, but option 66 is probably most commonly used by citrix thin clients.

There isn’t much out there on how to configure option 66 with standard Linux DHCP server.  After googling for a while, I decided to install gdhcpd.  It’s a simple DHCP configuration tool that is easy to use.  I generated a simple configuration using the tool then added options I read about in the man file.  Trust me… read man files.  A wealth of info without the need to forum hop.

[matt@mattcom1 Desktop]$ man dhcpd.conf

[matt@mattcom1 Desktop]$ man dhcp-options

dhcpd.conf:

ddns-update-style none;
ddns-updates off;
option T150 code 150 = string;
deny client-updates;
one-lease-per-client false;
allow bootp;

#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#   see ‘man 5 dhcpd.conf’
#

subnet 192.168.7.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.7.9 192.168.7.12;
default-lease-time 6000;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option time-offset -28800;
option tftp-server-name “ftp://polycom:password@192.168.7.2”;
option ntp-servers pool.ntp.org;
option domain-name-servers 4.2.2.2;
}

——————————————————————————————————–

Change the subnet,range, and netmask to your taste!  Then restart the dhcp daemon.

[matt@mattcom1 Desktop]$ service dhcpd restart