Sunteți pe pagina 1din 15

INTRODUCTION

Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP). Telnet was developed in 1969 beginning with RFC 15,extended in RFC 854, and standardized as Internet Engineering Task Force (IETF) Internet Standard STD 8, one of the first Internet standards. Historically, Telnet provided access to a command-line interface (usually, of an operating system) on a remote host. Most network equipment and operating systems with a TCP/IP stack support a Telnet service for remote configuration (including systems based on Windows NT). Because of security issues with Telnet, its use for this purpose has waned in favor of SSH. The term telnet may also refer to the software that implements the client part of the protocol. Telnet client applications are available for virtually all computer platforms. Telnet is also used as a verb. To telnet means to establish a connection with the Telnet protocol, either with command line client or with a programmatic interface. For example, a common directive might be: "To change your password, telnet to the server, login and run the passwd command." Most often, a user will be telnetting to a Unix-like server system or a network device (such as a router) and obtain a login prompt to a command line text interface or a character-based full-screen manager.

The Network Virtual Terminal


Communication is established using TCP/IP and is based on a Network Virtual Terminal (NVT). On the client, the Telnet program is responsible for translating incoming NVT codes to codes understood by the client's display device as well as for translating client-generated keyboard codes into outgoing NVT codes. The NVT uses 7-bit codes for characters. The display device, referred to as a printer in the RFC, is only required to display the standard printing ASCII characters represented by 7-bit codes and to recognize and process certain control codes. The 7-bit characters are transmitted as 8-bit bytes with the most significant bit set to zero. An end-of-line is transmitted as a carriage return (CR) followed by a line feed (LF). If you want to transmit an actual carriage return, this is transmitted as a carriage return followed by a NUL (all bits zero) character. NVT ASCII is used by many other Internet protocols like SMTP and FTP. The following control codes are required to be understood by the NVT.
Name Code Decimal Value Function

NULL Line Feed Carriage Return

NUL LF CR

0 10 13

No operation Moves the printer to the next print line, keeping the same horizontal position. Moves the printer to the left margin of the current line.

The following further control codes are optional but should have the indicated defined effect on the display.

Name

Code

Decimal Value

Function

BELL

BEL

Produces an audible or visible signal (which does NOT move the print head.

Back Space

Moves the print head one character position towards the left margin. (On a printing device, this mechanism was commonly used to form composite characters by printing two basic characters on top of each other.) Horizontal HT 9 Moves the printer to the next horizontal tab stop. Tab It remains unspecified how either party determines or establishes where such tab stops are located. Vertical VT 11 Moves the printer to the next vertical tab stop. It Tab remains unspecified how either party determines or establishes where such tab stops are located. Form Feed FF 12 Moves the printer to the top of the next page, keeping the same horizontal position. (On visual displays, this commonly clears the screen and moves the cursor to the top left corner.) The NVT keyboard is specified as being capable of generating all 128 ASCII codes by using keys, key combinations, or key sequences.

BS

Commands
The Telnet protocol uses various commands to control the client-server connection. These commands are transmitted within the data stream. The commands are distinguished from the data by setting the most significant bit to 1. (Remember that data is transmitted as 7-bits with the eighth bit set to 0) Commands are always introduced by the Interpret as command (IAC) character. Here is the complete set of commands:
Name Decimal Code Meaning Comment

SE NOP DM

240 241 242

End of subnegotiation parameters No operation Data mark

BRK IP AO AYT EC EL GA SB WILL

243 244 245 246 247 248 249 250 251

Break Suspend Abort output Are you there Erase character Erase line Go ahead Subnegotiation will

Indicates the position of a Synch event within the data stream. This should always be accompanied by a TCP urgent notification. Indicates that the "break" or "attention" key was hi. Interrupt or abort the process to which the NVT is connected. Allows the current process to run to completion but does not send its output to the user. Send back to the NVT some visible evidence that the AYT was received. The receiver should delete the last preceding undeleted character from the data stream. Delete characters from the data stream back to but not including the previous CRLF. Under certain circumstances used to tell the other end that it can transmit. Subnegotiation of the indicated option follows. Indicates the desire to begin performing, or confirmation that you
4

WONT DO

252 253

wont do

DONT

254

dont

are now performing, the indicated option. Indicates the refusal to perform, or continue performing, the indicated option. Indicates the request that the other party perform, or confirmation that you are expecting the other party to perform, the indicated option. Indicates the demand that the other party stop performing, or confirmation that you are no longer expecting the other party to perform, the indicated option.
Interpret as a command

IAC

255

Interpret as comm

Telnet Options5 Options give the client and server a common view of the connection. They can be negotiated at any time during the connection by the use of commands. They are described in separate RFCs. The following are examples of common option
Decimal code Name RFC

3 5 1 6 24 31 32 33 34 36

suppress go ahead status echo timing mark terminal type window size terminal speed remote flow control Line mode environment variables

858 859 857 860 1091 1073 1079 1372 1184 1408

Either end of a Telnet conversation can locally or remotely enable or disable an option. The initiator sends a 3-byte command of the form: IAC Type of Operation Option The response is of the same form. Operation is one of:
5

Description

Decimal Code

Action

WILL WONT DO DONT

251 252 253 254

Sender wants to do something. Sender doesn't want to do something. Sender wants the other end to do something. Sender wants the other not to do something.

12.33 Sender Sent

Receiver Responds

Implication

WILL DO WILL DONT DO WILL DO WONT WONT DONT DONT WONT

The sender would like to use a certain facility if the receiver can handle it. Receiver says it cannot support the option. The sender says it can handle traffic from the sender if the sender wishes to use a certain option. Receiver says it cannot support the option. Option disabled. Option disabled.

Option is now in effect. Option is not in effect. Option is now in effect. Option is not in effect. DONT is only valid response. WONT is only valid response.

For example, if the sender wants the other end to suppress go-ahead, it would send the byte sequence: IAC WILL Suppress Go Ahead The final byte of the 3-byte sequence identifies the required action. Some option's values need to be communicated after support of the option has been agreed. This is done using sub-option negotiation. Values are negotiated using value query commands and responses in the following form

IAC SB option code 1 IAC SE


6

and IAC SB option code 0 IAC SE For example, if the client wants to identify the terminal type to the server, the following exchange might take place: CLIENT SERVER CLIENT SERVER IAC IAC IAC IAC WILL Terminal Type DO Terminal Type SB Terminal Type 1 IAC SE SB Terminal Type 0 V T 2 2 0 IAC SE

The first exchange establishes that terminal type (option number 24) is handled, the server then enquires of the client what value it wishes to associate with the terminal type. The sequence SB,24,1 implies sub-option negotiation for option type 24, value required (1). The IAC,SE sequence indicates the end of this request. The response IAC,SB,24,0,'V'... implies sub-option negotiation for option type 24, value supplied (0), the IAC,SE sequence indicates the end of the response (and the supplied value). The encoding of the value is specific to the option but a sequence of characters, as shown above, is common.

Descriptions of Telnet Options


Many of those listed are self-evident, but some call for more information. Suppress Go Ahead The original Telnet implementation defaulted to half duplex operation. This means that data traffic could only go in one direction at a time and specific action is required to indicate the end of traffic in one direction and that traffic may now start in the other direction. [This similar to the use of "roger" and "over" by amateur and CB radio operators.] The specific action is the inclusion of a GA character in the data stream. Modern links normally allow bi-directional operation and the "suppress go ahead" option is enabled. Echo The echo option is enabled, usually by the server, to indicate that the server echos every character it receives. A combination of "suppress go ahead" and "echo" is called character-at-a-time mode meaning that each character is separately transmitted and echoed. There is an understanding known as kludge-line mode, which means that if either "suppress go ahead" or "echo" is enabled but not both, then Telnet operates in line-at-a-time mode meaning that complete lines are assembled at each end and transmitted in one "go". Linemode This option replaces and supersedes the line mode kludge. Remote Flow Control This option controls where the special flow control effects of Ctrl+S or Ctrl+Q are implemented. Telnet Control Functions The Telnet protocol includes a number of control functions. These are initiated in response to conditions detected by the client (usually certain special keys or key combinations) or server. The detected condition causes a special character to be incorporated in the data stream.

Interrupt Process This is used by the client to cause the suspension or termination of the server process. Typically, the user types Ctrl+C on the keyboard. An IP (244) character is included in the data stream. Abort Output This is used to suppress the transmission of remote process output. An AO (238) character is included in the data stream. Are You There This is used to trigger a visible response from the other end of the connection to confirm the operation of the link and the remote process. An AYT (246) character is incorporated in the data stream. Erase character This is sent to the display to tell it to delete the immediately preceding character from the display. An EC (247) character is incorporated in the data stream. Erase line This option causes the deletion of the current line of input. An EL (248) character is incorporated in the data stream. Data Mark Some control functions such as AO and IP require immediate action and this may cause difficulties if data is held in buffers awaiting input requests from a (possibly misbehaving) remote process. To work around this problem, a DM (242) character is sent in a TCP Urgent segment, this tells the receiver to examine the data stream for "interesting" characters such as IP, AO, and AYT. This is known as the Telnet synchronization mechanism. A DM not in a TCP Urgent segment has no effect.

The Telnet Command


On Windows NT and most UNIX systems, a Telnet session can be initiated using the Telnet command. Most users simply type: telnet remote_host However, if the user just types telnet, then various options and subcommands are available. The following is an example of a Telnet session from sfuclnt to sfusrvr. C:\>telnet Microsoft (R) Windows NT (TM) Version 4.00 (Build 1381) Welcome to Microsoft Telnet Client Telnet Client Build 5.00.99034.1 Escape Character is 'CTRL+]' Microsoft Telnet> open sfusrvr **** The screen will clear and the following information is displayed: Microsoft (R) Windows NT (TM) Version 4.00 (Build 1381) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99034.1 login: sfu password: ******** **** The screen will clear again and the following information is displayed: *======================================================== ======= Welcome to Microsoft Telnet Server. *======================================================== ===== C:\>

10

Hacking
Telnet is the basic hacking tool, which every hacker must know how to use before he can even think about Hacking. It can be used to connect to remote computers and to run commands by simply typing them in it's window.Telnet does not use the resources of the client's computer but uses the resources of the server to which the client has connected. Basically it is a program that you will be using to connect to your victim's computer. It just requires that you and your victim are both conneced to the internet.

11

Security
When Telnet was initially developed in 1969, most users of networked computers were in the computer departments of academic institutions, or at large private and government research facilities. In this environment, security was not nearly as much of a concern as it became after the bandwidth explosion of the 1990s. The rise in the number of people with access to the Internet, and by extension, the number of people attempting to hack other people's servers made encrypted alternatives much more of a necessity. Experts in computer security, such as SANS Institute, recommend that the use of Telnet for remote logins should be discontinued under all normal circumstances, for the following reasons:

Telnet, by default, does not encrypt any data sent over the connection (including passwords), and so it is often practical to eavesdrop on the communications and use the password later for malicious purposes; anybody who has access to a router, switch, hub or gateway located on the network between the two hosts where Telnet is being used can intercept the packets passing by and obtain login and password information (and whatever else is typed) with any of several common utilities like TCPdump and Wireshark. Most implementations of Telnet have no authentication that would ensure communication is carried out between the two desired hosts and not intercepted in the middle. Commonly used Telnet daemons have several vulnerabilities discovered over the years.

These security-related shortcomings have seen the usage of the Telnet protocol drop rapidly, especially on the public Internet, in favor of the Secure Shell (SSH) protocol, first released in 1995. SSH provides much of the functionality of telnet, with the addition of strong encryption to prevent sensitive data such as passwords from being intercepted, and public key authentication, to ensure that the remote computer is actually who it claims to be. As has happened with other early Internet protocols, extensions to the Telnet protocol provide Transport Layer Security (TLS) security and Simple Authentication and Security Layer (SASL) authentication that address the above issues. However, most Telnet implementations do not support these extensions; and there has been relatively little interest in implementing these as SSH is adequate for most purposes.

12

Current status
Telnet is best understood in the context of a user with a simple terminal using the local Telnet program (known as the client program) to run a logon session on a remote computer where the user's communications needs are handled by a Telnet server program. As of mid-2010, the Telnet protocol itself has been mostly superseded for remote login. Telnet is popular in various application areas:

Enterprise networks to access host applications, e.g., on IBM Mainframes. Administration of network elements, e.g., in commissioning, integration and maintenance of core network elements in mobile communication networks, and many industrial control systems. MUD games played over the Internet, as well as talkers, MUSHes, MUCKs, MOOes, and the resurgent BBS community. Internet game clubs, like the Internet Chess Club, the Free Internet Chess Server and the Internet Go server. Embedded systems. Mobile data collection applications where telnet runs over secure networks

Also note that Telnet is a component of FTP protocol. FTP control data are transmitted in Telnet format, although some software implements it incorrectly

13

Conclusion
The Telnet protocol is often thought of as simply providing a facility for remote logins to computer via the Internet. This was its original purpose although it can be used for many other purposes. It is best understood in the context of a user with a simple terminal using the local telnet program (known as the client program) to run a login session on a remote computer where his communications needs are handled by a telnet server program. It should be emphasised that the telnet server can pass on the data it has received from the client to many other types of process including a remote login server. It is described in RFC854 and was first published in 1983.

14

REFERENCES
http://en.wikipedia.org/wiki/Telnet http://www.laynetworks.com/telnet.htm http://support.microsoft.com/kb/231866 Data Communications & Network BEHROUZ FOROUZAN

15

S-ar putea să vă placă și