I'm running Kamailio SIP server on one server. It works fine with SIP clients etc.
Now I'm trying to run Siproxd SIP Proxy on another server.
I've installed Siproxd and calling netstat -tulpn | grep 5060 shows:
tcp 0 0 0.0.0.0:5060 0.0.0.0:* LISTEN 22216/siproxd
udp 0 0 0.0.0.0:5060 0.0.0.0:* 22216/siproxd
So it is running.
But when I try to connect clients to my original Kamailio SIP server with the server IP from the one running Siproxd as proxy, it fails.
Can anyone help my out debug the problem?
And shouldn't this solution, when it works, make my clients looks as if they come from the IP of the server running Siproxd?
Get familiar with Wireshark.
It looks daunting at first, but especially for text based protocols like SIP or HTTP you'll only ever need to start a capture by clicking on the pseudo-interface "any", do a connection attempt, pick a packet that goes to 5060, right click on that and choose "follow TCP stream".
Tell us how exactly it fails and we'll go from there.
Related
I'm attempting to write a script to connect to a DLNA audio renderer.
There are a few articles on the web giving information on how to do this using UDP and curl, however in my particular scenario I'm having some difficulties.
The first step is to send a UDP multicast announcement over the network to discover DLNA devices on the network.
The message sent to discover devices is:
M-SEARCH * HTTP/1.1
HOST: 239.255.255.250:1900
MX: 5
Man: "ssdp:discover"
ST: urn:schemas-upnp-org:device:MediaRenderer:1
All lines in this message sent over UDP should have crlf line endings and the last line should have an extra crlf according to this article
That all seems fine. And if the message above is in a file devicediscovery.txt supposedly it's possible to use netcat to send out this message:
cat devicediscovery.txt | nc -u -4 239.255.255.250 1900
239.255.255.250:1900 is the multicast address and port over which DLNA devices communicate.
This all seems fine too, however, as is pointed out in the linked article netcat ignores the response from the dlna media renderer because there is a mismatch in IP addresses the message is sent out over the dlna multicast address, though the response comes from the router. The article suggests using tcpdump to capture the response, however I'm on Windows and using Bash on Windows WSL so tcpdump is not available and such a technique would possibly be complicated when developing a script to automate the dlna connection.
Would it be possible to use two seperate instances of netcat? One instance sending the message over the dlna multicast address and the other listening for the response from the router?
I have tried to get this working, however I'm unsure which port netcat should be listening on to hear the incomming response. Is there a standard port that netcat should listen on?
I've tried commands such as: nc -luv 192.168.0.1, however I get an error Servname not supported for ai_socktype. I've tried to remedy this by playing around with /etc/services but had no luck.
What command can I use and how must I configure the system to listen for the response from the search for dlna devices? I'd like to parse the response in a script so that the dlna connection can be automated.
Although you mention issues with DLNA it looks that you are really asking for how to best troubleshoot this.
Network cards don't allow access to incoming traffic unless set in promiscuous mode. Netcat won't be able to do what you need because of this. But, you can use Wireshark to read the traffic on the interface. TCPdump and Wireshark have close ties and almost interchangeable.
https://www.wireshark.org/
I would recommend to use it to troubleshoot further. Ppost the capture (not just a picture) and show where it failed.
I tried to run a simple 1-page site with Flask in Python on port 5000 of my computer 192.168.0.113, which is running Windows 10. On the same computer, I can view the site by using localhost:5000 in a web browser.
I tried to use another computer 192.168.0.134 on the same LAN to view the site. However, 192.168.0.113 never replied with a SYN/ACK packet to the SYN packet from 192.168.0.134, even if the firewall of 192.168.0.113 is completely turned off. This image is the captured flow of the packets:
If I did it reversely (i.e. 192.168.0.134 as the server to host the site, and 192.168.0.113 tried to connect as the client), then 192.168.0.113 is able to connect.
I noted from some previous posts (especially this one) that the problem can be solved by disabling TCP window scaling and TCP timestamps. I checked in netsh of 192.168.0.113 and noted that TCP window scaling had already been disabled and TCP timestamps was normal. I tried to disable both of them, and also tried to disable just one of them. However, all combinations failed and 192.168.0.113 still wonn't sent SYN/ACK packets in response to SYN packets from 192.168.0.134.
How can I get this fixed?
More broadly you are only showing traffic going in one direction in the Wireshark capture.
You probably are not listening on an external IP addresses. The Flask application takes an IP address argument to listen on, if it is localhost or 127.0.0.1 it will not respond to external connection. Set this to 0.0.0.0 to listen on all IP addresses. Verify this by running the command netstat -a -b to see which IP address you application is listening on.
The Flask Quick start page goes through this (see Externally Visible Server)
flask run --host=0.0.0.0
Specifically, I have a Windows server (Windows 7), but the netstat -an command only shows whether ports are TCP or UDP. I thought these were the only kinds of ports, but node.js seems to distinguish between HTTP ports and TCP ports (example at bottom of linked page). I'm currently using node.js in a program that will run on my server, and it opens HTTP ports by default. These appear as TCP ports under netstat -an.
Is there a command line trick for distinguishing whether an open port on this server is HTTP or TCP? I make requests to my Information Technology office about ports that I need on this server, and they need to know whether these ports will be TCP, UDP, etc.
If necessary to use a remote client, I have a Mac that can do the job.
HTTP is an application protocol. Its definition presumes an underlying and reliable transport layer protocol. The transmission Control Protocol is commonly used. However HTTP can use unreliable protocols too (example SSDP).
Now to answer to your question:
netstat -lt : List TCP Listening Ports
netstat -lu : List UDP Listening Ports
If you want to know wether a TCP Port is running HTTP or not, you can check the standard port on HTTP (grep :80). The standard HTTP port is 80. The standard HTTPS port is 443.
All HTTP traffic is transmitted over TCP Ports. I think what may be causing some confusion is that the first node.js example uses the http module and the second example uses the net module.
The http module is built on top of the net module (which handles the TCP layer underlying HTTP).
Refer to: nodejs - net or http module
EDIT:
Only one process can bind to a port. If you're having difficulties connecting, shut down any other applications that may be using the same port, such as your Java Hello World server. Run netstat -an to make sure you don't see the port listed that you're trying to listen on in you node.js TCP server (port 1337) in the example. If nothing is listening on the port, fire up your node.js TCP server and run netstat -an again to make sure it's actually listening on the intended port.
Another suggestion - temporarily turn off the software firewall then use the telnet client on the local server to attempt to connect to the port using the command telnet 127.0.0.1 1337 (replace 1337 with your port) from the command prompt. This will eliminate any network devices such as firewalls between the client (telnet in this case) and the server. If the screen goes blank, you've connected. If you get the message Could not open connection to the host, on port then it's still not listening on the TCP Port. If you can connect locally from Telnet but you cannot connect remotely then there is something blocking your connection.
I am trying to find somw Windows based tools that can help me validate TCP and UDP connection on remote machines.
My Problem (just one use case):
At work, I manage many clustered servers that I run load tests against. In order to get a rich test, I use Jmeter-Plugins which provides a Server agent that opens a TCP socket on port 4444 on a target remote machine: http://code.google.com/p/jmeter-plugins/wiki/PerfMonAgent
There are many times when I setup a new load test farm, that either the network, or the server configuration, or the ServerAgent itself can have issues and thus not allowing a Load test client to access that TCP connection.
The issue I have is that I dont know what part of the system is broken.
What I think I need:
I would like to know how I can open a TCP (not HTTP with cUrl), connection to a remote server to validate that the network allows the connection, as well as the Server firewall allows the given TCP connection to be accessed remotely.
What I have looked:
These are some of the tools I have looked at so far:
Nmap http://nmap.org
Ncat http://sourceforge.net/projects/nmap-ncat/
TCP/IP Builder http://www.drk.com.ar
Zenmap 6.01 and nmap might do the job I want, but some machines where not accessible to Zenmap when I know 100% that the server was accessible via HTTP, so that was strange.
I have looked at many tools and either they:
Dont allow remote connections
Dont seem to want to connect to a TCP socket
Or I dont understand the tools to accomplish the validation I stated above.
I would greatly appreciate all comment and suggestions to help with this re-occurring problem I face.
Mick,
Firebind.com can do what you'd like to do. Firebind is an Internet based server that can listen on any of the 65535 UDP or TCP ports. It uses a java based client to send traffic to and from the server from your machine.
Carl
www.firebind.com
I am working on a project that involves a usb device, through which we will receive ip packets from a remote pc. We assign the remote pc its IP Address. I have been experimenting with sending raw ip packets via several methods:
1 - raw sockets: ping works fine, problems sending tcp
2 - tun/tap W32: I managed to get this working enough to send pings out and get pings back to the phy ethernet device, but could not read them using ReadFile(...) on the driver guid.
3 - winpcap: ping works, out going tcp shows up on wireshark(so I assume it is leaving the pc), but i never get an ack to my syn. Im also worried that if I did get an ack the windows TCP stack would send a rst.
Our goal is to be a transparent pass through from the client pc to the network.
Client <-wrapped ip packet-> [device] <-wrapped ip packet-> WinPC <- IP -> IpNetwork
Its possible that im going about this wrong, seems like this should be easier.
I realize that windows is prob not the ideal OS for this, however I have no control over the OS.
thanks in advance
Fixed my issue with TCP Syn packets not getting acked, turns out I forgot to include the pseudo-header when calculating the TCP header checksum. Now it looks like the tcp handshake completes, so im calling this problem solved. If anyone feels like recomending a better way to accomplish this, feel free to reply. For now looks like we will use the winpcap method.
Update:
For this to work without windows constantly RST'ing tcp connections, you have to enable internet connection sharing(ICS) on the adapter you are sending packets out of. Other than that this ended up working for us.