Revision history [back]

As for the WIreshark-related part of your issue: The switch you place between the router and the modem has to be capable of traffic mirroring in order to allow you to capture the traffic between the router and the modem. Unfortunately for your purpose, chances are that the password will not be available there in plaintext and that some challenge-response authentication is used.

As for the real issue you need to solve: I can understand that if a box has an FXS port on it, its SIP stack binds to 5060 as factory default and thus that port cannot be forwarded without disabling the VoIP gateway functionality of the box.

What I cannot understand is why you need exactly port 5060 for your purpose:

• either you want to run a SIP CPE, so it registers to a remote registrar, and can use any port as it tells the registrar on which port it expects incoming calls; the registrars are ready for this as you can have several CPEs behind a single "public" IP address so they cannot all bind to 5060 (unless the NAT device would be deeply SIP-aware and forward messages up to URIs rather than port numbers)
• or you want to run your own registrar and proxy, and here too you can choose any other port provided that you tell the CPEs to register to it instead of the default 5060 (or 5061 for sips).

So I'd say don't waste time by trying to find the credentials and simply use some other port.

What would bother me much more than an exact port number would be eventual ALG functionality of the router, intended to modify the SIP messages forwarded so that the headers and SDP information contain the IP address of the WAN interface of the router - this functionality is often broken and makes things worse.