Professional Documents
Culture Documents
L1. Telnet Lab
L1. Telnet Lab
L1. Telnet Lab
Telnet Lab
Networks & Communications II
1. Laboratory 2: Telnet
To access the main client there is no login request and you can access several different
tools that Telehack provide you, but you cannot access some user-oriented features, such
as chat or mail.
Regarding the security we can assure that this method is not secure at all since no security
measures have been taken. However, the features to which you are allowed by simply
entering the client are not private or classify (because as we explained before those that
-1-
L1. Telnet Lab
Networks & Communications II
are user-oriented are not permitted to be used without login in), so there is actually no
need for security.
Type newuser and follow the instruction. Do you think that it is secure? Why or why not?
As we can see some “security” means have been taken (like asking is the user is over 13,
asking the user to read the privacy policy, cyphering the password and needing it to be
over 5 letters and the e-mail password reset possibility), but all these measures are quite
easy to trick, highly lowering the security level.
However, the most alarming problem we find is when analyzing the Wireshark packets
on the password input (we will talk about the letters input and processing on the next
point), as each character of the password is sent as plain text, making it really unsecure
as any packet sniffer would be able to get our password immediately.
Does a message is sent every time you type a keystroke? Give evidences to your answer. Does the user
interface react slowly to your keystrokes? Why?
Yes, whenever a key is pressed a message is sent with the keystroke, which is then
processed and a responding packet makes the output characters update, showing which
letter you pressed. This is the reason the writing is quite slow, as two different messages
need to be sent and processed in order to see any interface interaction. The same occurs
with the long sentences’ messages, they are sent as a block, which explains why they are
-2-
L1. Telnet Lab
Networks & Communications II
formed so rapidly in comparison to the input. Here we can see the two messages being
exchanged:
In this case the response is not exactly the same as the sent char because this is part of the
password (so it can be used as an example of the previous point also), but it works the
same way.
Try to explain in a few lines the behaviour (from the user point of view) of this Telnet server (to do that,
surf on its pages)
After surfing for a while testing different commands it is easy to see the strange and full
of different gizmos to entertain himself.
Some of the utilities of the server work as the most classic Internet services we are used
to see, like mail, date, etc. However, there are others -most of them, actually- that have
no other intention further than entertainment and as some kind of show-off of what is
possible to be done in a simple DOS console.
Exit the program (type exit). What have you done to leave the server? Can you explain what kinds of
messages have been exchanged in this case?
When typing exit the connection is closed. No more messages can be sent to the server,
leaving us a “dead” console.
Apart from the usual character input messages we also send a TCP message in which we
end the connection:
-3-
L1. Telnet Lab
Networks & Communications II
b) This is the TCP handshake that means the beginning of the connection.
c) User sends the SYN package, with a Seq value of 0, in this case. Once the server
receives it a response message (SYN, ACK) is sent with an Ack value of 1 (Seq+1) and
Seq of whatever (0 in this case). Finally, the user responds to that message with a last
ACK message in which the Ack value is again the prior Seq value plus 1, so 1 in our case.
4-5) The messages are those that we already expected. The classic input ones and the final
sentence that proves that we are logged in.
-4-
L1. Telnet Lab
Networks & Communications II
6) When using the “?” command we receive a message with all the possible commands
that we can use as users.
7) The pig language is a constructed language in which all letters before the first vowel
are placed at the end and followed by “ay”. If the word begins with a vowel we add “way”
at the end.
-5-
L1. Telnet Lab
Networks & Communications II
8) The command “starwars” begins an ascii re-creation of the original Star Wars film. A
new message is sent from the server for each photogram.
10) The “rain” command simulates falling raindrops once they reach the floor. Again, a
new message is received for each photogram. However, in this case the data is not directly
the ascii code but instead coordinates to the position of the raindrops -looks like.
-6-
L1. Telnet Lab
Networks & Communications II
11) When the window is resized a message is sent to the server specifying the actual
dimensions of the window.
-7-
L1. Telnet Lab
Networks & Communications II
1.2.3. Optional.
What is the information in option “Window”/”Translation”/”Character set translation on received data”
about? Try to give an explanation to this option and to relate this with the topic NVT.
As we know there are some commands sent by Telnet that are reserved by itself. In some
cases, some of the messages may contain some of these reserved commands and
characters and Telnet could fail or have some unexpected behavior.
To avoid this, it is important for PuTTY to understand what characters are being entered
as output and avoid using reserved characters. That is why the character set is important,
so that PuTTY is able to receive whatever message and translate it to our own character
set to avoid failures.
Research about the behaviour of the PuTTYtel option “Connection”/”Telnet”/”Telnet negotiation mode”
(running the program in “passive” mode, instead of “Active”.
What are the changes in this case?
Passive mode makes PuTTY wait until the server starts the negotiation instead of starting
the negotiation itself -which is what happens in active mode.
However, this can be problem because if the server is also on passive mode the
communication will never start.
-8-