IP Packets Revealed
Pages: 1, 2, 3
We've looked at the very beginning and very end of the TCP connection. Now let's take a look at some of the stuff that happened in between. Once the TCP connection had been established, the rest of the packets either contained data from the telnet application or were acknowledgements that the data had been received. For example, packet 21 shows the terminal type being used for this telnet connection:
-------------------------------------------------------------
Packet 21
TIME: 10:25:36.917010 (0.021554)
LINK: 00:00:B4:3C:56:40 -> 00:50:BA:DE:36:33 type=IP
IP: 10.0.0.2 -> 10.0.0.1 hlen=20 TOS=10 dgramlen=77 id=0019
MF/DF=0/1 frag=0 TTL=64 proto=TCP cksum=2680
TCP: port blackjack -> telnet seq=3205630297 ack=1746119656
hlen=20 (data=37) UAPRSF=011000 wnd=17520 cksum=5F8D urg=0
DATA: .. .115200,115200....'.......CONS25..
-------------------------------------------------------------The ethereal utility shows even more detail regarding the data that was passed between the telnet daemon and the telnet client. Let's see how this same packet is viewed by ethereal. I've snipped the output of the packet to just show the telnet data:
Telnet
Suboption Begin: Terminal Speed
Here's my Terminal Speed
Value: 115200,115200
Command: Suboption End
Suboption Begin: New Environment Option
Here's my New Environment Option
Value:
Command: Suboption End
Suboption Begin: Terminal Type
Here's my Terminal Type
Value: CONS25
Command: Suboption EndSeveral other packets were sent between the telnet daemon and the telnet application before the "login" prompt appeared. This data was used to negotiate the various telnet options, window size, terminal type, and terminal speed. Even though this data was never displayed on my screen, it is interesting to note that what was happening behind the scenes was still captured by the tcpdump utility. The tcpshow utility didn't bother to interpret this data, but the ethereal utility did. I've snipped the output of the pertinent packets to indicate who sent the packet and the data that was sent in each packet:
Frame 13 (84 on wire, 84 captured)
Source: biko (10.0.0.2)
Destination: genisis (10.0.0.1)
Telnet
Command: Do Encryption Option
Command: Will Encryption Option
Command: Do Suppress Go Ahead
Command: Will Terminal Type
Command: Will Negotiate About Window Size
Command: Will Terminal Speed
Command: Will Remote Flow Control
Command: Will Linemode
Command: Will New Environment Option
Command: Do Status
Frame 14 (57 on wire, 57 captured)
Source: genisis (10.0.0.1)
Destination: biko (10.0.0.2)
Telnet
Command: Do Authentication Option
Frame 15 (60 on wire, 60 captured)
Source: biko (10.0.0.2)
Destination: genisis (10.0.0.1)
Telnet
Command: Won't Authentication Option
Frame 16 (92 on wire, 92 captured)
Source: genisis (10.0.0.1)
Destination: biko (10.0.0.2)
Telnet
Command: Will Encryption Option
Command: Do Encryption Option
Suboption Begin: Encryption Option
Send your Encryption Option
Command: Suboption End
Command: Will Suppress Go Ahead
Command: Do Terminal Type
Command: Do Negotiate About Window Size
Command: Do Terminal Speed
Command: Do Remote Flow Control
Command: Do Linemode
Command: Do New Environment Option
Command: Will Status
Frame 17 (130 on wire, 130 captured)
Source: biko (10.0.0.2)
Destination: genisis (10.0.0.1)
Telnet
Suboption Begin: Encryption Option
Send your Encryption Option
Command: Suboption End
Suboption Begin: Negotiate About Window Size
Here's my Negotiate About Window Size
Value: P\000\031
Command: Suboption End
Suboption Begin: Linemode
Send your Linemode
Data: \022\000
Command: Suboption End
Command: Do Suppress Go Ahead
Frame 18 (60 on wire, 60 captured)
Source: genisis (10.0.0.1)
Destination: biko (10.0.0.2)
Telnet
Command: Do X Display Location
Command: Do Environment Option
Frame 19 (60 on wire, 60 captured)
Source: biko (10.0.0.2)
Destination: genisis (10.0.0.1)
Telnet
Command: Won't X Display Location
Command: Won't Environment Option
Frame 20 (72 on wire, 72 captured)
Source: genisis (10.0.0.1)
Destination: biko (10.0.0.2)
Telnet
Suboption Begin: Terminal Speed
Send your Terminal Speed
Command: Suboption End
Suboption Begin: New Environment Option
Send your New Environment Option
Command: Suboption End
Suboption Begin: Terminal Type
Send your Terminal Type
Command: Suboption End
Frame 22 (57 on wire, 57 captured)
Source: genisis (10.0.0.1)
Destination: biko (10.0.0.2)
Telnet
Command: Do Echo
Frame 23 (60 on wire, 60 captured)
Source: biko (10.0.0.2)
Destination: genisis (10.0.0.1)
Telnet
Command: Won't Echo
Frame 24 (72 on wire, 72 captured)
Source: genisis (10.0.0.1)
Destination: biko (10.0.0.2)
Telnet
Command: Will Echo
Suboption Begin: Remote Flow Control
Here's my Remote Flow Control
Value:
Command: Suboption End
Suboption Begin: Remote Flow Control
Send your Remote Flow Control
Command: Suboption End
Command: Don't Linemode
Frame 25 (60 on wire, 60 captured)
Source: biko (10.0.0.2)
Destination: genisis (10.0.0.1)
Telnet
Command: Do Echo
Command: Won't Linemode
Frame 26 (110 on wire, 110 captured)
Source: genisis (10.0.0.1)
Destination: biko (10.0.0.2)
Telnet
Suboption Begin: Linemode
Send your Linemode
Data: \022\200
Command: Suboption End
