BSD DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement


IP Packets Revealed
Pages: 1, 2, 3

We've looked at the very beginning and very end of the TCP connection. Now let's take a look at some of the stuff that happened in between. Once the TCP connection had been established, the rest of the packets either contained data from the telnet application or were acknowledgements that the data had been received. For example, packet 21 shows the terminal type being used for this telnet connection:



-------------------------------------------------------------
Packet 21
TIME: 10:25:36.917010 (0.021554)
LINK: 00:00:B4:3C:56:40 -> 00:50:BA:DE:36:33 type=IP
  IP: 10.0.0.2 -> 10.0.0.1 hlen=20 TOS=10 dgramlen=77 id=0019
      MF/DF=0/1 frag=0 TTL=64 proto=TCP cksum=2680
 TCP: port blackjack -> telnet seq=3205630297 ack=1746119656
      hlen=20 (data=37) UAPRSF=011000 wnd=17520 cksum=5F8D urg=0
DATA: .. .115200,115200....'.......CONS25..
-------------------------------------------------------------

The ethereal utility shows even more detail regarding the data that was passed between the telnet daemon and the telnet client. Let's see how this same packet is viewed by ethereal. I've snipped the output of the packet to just show the telnet data:

Telnet
    Suboption Begin: Terminal Speed
        Here's my Terminal Speed
        Value: 115200,115200
    Command: Suboption End
    Suboption Begin: New Environment Option
        Here's my New Environment Option
        Value: 
    Command: Suboption End
    Suboption Begin: Terminal Type
        Here's my Terminal Type
        Value: CONS25
    Command: Suboption End

Several other packets were sent between the telnet daemon and the telnet application before the "login" prompt appeared. This data was used to negotiate the various telnet options, window size, terminal type, and terminal speed. Even though this data was never displayed on my screen, it is interesting to note that what was happening behind the scenes was still captured by the tcpdump utility. The tcpshow utility didn't bother to interpret this data, but the ethereal utility did. I've snipped the output of the pertinent packets to indicate who sent the packet and the data that was sent in each packet:

Frame 13 (84 on wire, 84 captured)
    Source: biko (10.0.0.2)
    Destination: genisis (10.0.0.1)
Telnet
    Command: Do Encryption Option
    Command: Will Encryption Option
    Command: Do Suppress Go Ahead
    Command: Will Terminal Type
    Command: Will Negotiate About Window Size
    Command: Will Terminal Speed
    Command: Will Remote Flow Control
    Command: Will Linemode
    Command: Will New Environment Option
    Command: Do Status

Frame 14 (57 on wire, 57 captured)
    Source: genisis (10.0.0.1)
    Destination: biko (10.0.0.2)
Telnet
    Command: Do Authentication Option

Frame 15 (60 on wire, 60 captured)
    Source: biko (10.0.0.2)
    Destination: genisis (10.0.0.1)
Telnet
    Command: Won't Authentication Option

Frame 16 (92 on wire, 92 captured)
    Source: genisis (10.0.0.1)
    Destination: biko (10.0.0.2)
Telnet
    Command: Will Encryption Option
    Command: Do Encryption Option
    Suboption Begin: Encryption Option
        Send your Encryption Option
    Command: Suboption End
    Command: Will Suppress Go Ahead
    Command: Do Terminal Type
    Command: Do Negotiate About Window Size
    Command: Do Terminal Speed
    Command: Do Remote Flow Control
    Command: Do Linemode
    Command: Do New Environment Option
    Command: Will Status

Frame 17 (130 on wire, 130 captured)
    Source: biko (10.0.0.2)
    Destination: genisis (10.0.0.1)
Telnet
    Suboption Begin: Encryption Option
        Send your Encryption Option
    Command: Suboption End
    Suboption Begin: Negotiate About Window Size
        Here's my Negotiate About Window Size
        Value: P\000\031
    Command: Suboption End
    Suboption Begin: Linemode
        Send your Linemode
    Data: \022\000
    Command: Suboption End
    Command: Do Suppress Go Ahead

Frame 18 (60 on wire, 60 captured)
    Source: genisis (10.0.0.1)
    Destination: biko (10.0.0.2)
Telnet
    Command: Do X Display Location
    Command: Do Environment Option

Frame 19 (60 on wire, 60 captured)
    Source: biko (10.0.0.2)
    Destination: genisis (10.0.0.1)
Telnet
    Command: Won't X Display Location
    Command: Won't Environment Option

Frame 20 (72 on wire, 72 captured)
    Source: genisis (10.0.0.1)
    Destination: biko (10.0.0.2)
Telnet
    Suboption Begin: Terminal Speed
        Send your Terminal Speed
    Command: Suboption End
    Suboption Begin: New Environment Option
        Send your New Environment Option
    Command: Suboption End
    Suboption Begin: Terminal Type
        Send your Terminal Type
    Command: Suboption End

Frame 22 (57 on wire, 57 captured)
    Source: genisis (10.0.0.1)
    Destination: biko (10.0.0.2)
Telnet
    Command: Do Echo

Frame 23 (60 on wire, 60 captured)
    Source: biko (10.0.0.2)
    Destination: genisis (10.0.0.1)
Telnet
    Command: Won't Echo

Frame 24 (72 on wire, 72 captured)
    Source: genisis (10.0.0.1)
    Destination: biko (10.0.0.2)
Telnet
    Command: Will Echo
    Suboption Begin: Remote Flow Control
        Here's my Remote Flow Control
        Value: 
    Command: Suboption End
    Suboption Begin: Remote Flow Control
        Send your Remote Flow Control
    Command: Suboption End
    Command: Don't Linemode

Frame 25 (60 on wire, 60 captured)
    Source: biko (10.0.0.2)
    Destination: genisis (10.0.0.1)
Telnet
    Command: Do Echo
    Command: Won't Linemode

Frame 26 (110 on wire, 110 captured)
    Source: genisis (10.0.0.1)
    Destination: biko (10.0.0.2)
Telnet
    Suboption Begin: Linemode
        Send your Linemode
    Data: \022\200
    Command: Suboption End

Pages: 1, 2, 3

Next Pagearrow





Sponsored by: