Re: SIP version detection script

[Matt Selsky <selsky () columbia edu>]

On Nov 24, 2009, at 6:13 PM, Patrik Karlsson wrote:

> Thanks for the explanation. It turned out that there's no need for that dynamic stuff to be in there in order to 
> trigger a response, at least not for the equipment I tested it against using the static probe already in nmap. I did 
> a quick test against UDP using the static probe and got answers back that seemed equivalent to those recieved over 
> TCP. For some reason they failed to match any of the existing lines though?

Patrik,

Do you have any examples of the output you did get?

I added a UDP probe was able to detect the SIP Express Router and SIP Router software running on sip.iptel.org:

# nmap -sT -sV -sU -p 5060 sip.iptel.org

Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-11-25 02:50 EST
Interesting ports on sip.iptel.org (213.192.59.75):
PORT     STATE SERVICE   VERSION
5060/tcp open  sip-proxy SIP Router 2.99.99-pre3 (i386/linux)
5060/udp open  sip-proxy SIP Router 2.99.99-pre3 (i386/linux)

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.82 seconds

# nmap -sT -sV -sU -p 5060 sip.iptel.org

Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-11-25 02:51 EST
Interesting ports on sip.iptel.org (213.192.59.75):
PORT     STATE SERVICE   VERSION
5060/tcp open  sip-proxy SIP Express Router 2.1.0-dev23-make (i386/linux)
5060/udp open  sip-proxy SIP Router 2.99.99-pre3 (i386/linux)

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.39 seconds

Let me know what you get against your server.


-- 
Matt

Attachment: sip.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/