Voip > blog
Voip Blog
Scan Your Network For SIP Devices
Monday, April 28, 2008
If you know anything about network security, you probably know what port scanners are. They are automated programs used to determine what nodes are on the network and what each node is running. Each program and computer operating systems operates a little differently than all the others. How each node responds can determine--pretty accurately--what operating system it is running and what services are available on it.
I'm sure the home user is looking at this and thinking--how can a network administrator not know what's on their network? A network administrator, short of restricting physical access to each network port, has no way of knowing what's plugged in. And if the network is wireless? Well you might as well forget knowing.
Port scanners are useful tools and identify a fair bit of information about the hosts. However, in some cases, it's not enough. IP telephones and analog telephone adapters don't relay enough information to determine what kind of device it is.
Enter svmap, part of the SIPviscious tool suite. svmap is designed explicitly to scan for SIP devices and PBX servers on a target network. This can be useful as a sort of inventory tool. Because it is specifically targeted for SIP over UDP, it's very fast.
svmap can perform the following functions:
- Identify SIP devices and PBX servers on default and non-default UDP ports
- Scans both single hosts and large ranges of networks
- Allows you to specify previous scan results as input, allowing you to focus on known SIP hosts.
- Employs different scanning methods (makes use of REGISTER instead of OPTIONS request)
- Can make all phones on a network ring at the same time (using INVITE as the method)
- Resumes previous scans
It's quite a useful tool for administrators of large voice over IP implementations.
