Kitz Forum
Chat => Tech Chat => Topic started by: burakkucat on October 18, 2017, 01:06:21 AM
-
. . . others require a little effort.
This follows on from Browni's post (http://forum.kitz.co.uk/index.php/topic,20451.msg357077.html#msg357077) to Ixel's ECI Line Card 0xb206 vs 0xd086 (http://forum.kitz.co.uk/index.php/topic,20451.msg357077.html#msg357077) thread.
A little while ago a "service fingerprint", resulting from an "nmap" scan, appeared before my eyes --
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port23-TCP:V=5.51%I=7%D=10/14%Time=59E21469%P=x86_64-redhat-linux-gnu%r
SF:(NULL,341,"\xff\xfb\x01\xff\xfb\x03\r\n\r\n\r\n\x20\x20\x20\x20\x20\x20
SF:\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@@@@@@\x20
SF:\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\
SF:x20\x20\x20\x20@@@\r\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20@
SF:@@@@\x20\x20\x20\x20\x20\x20@@@@@@@@@@\x20\x20\x20\x20\x20@@@\x20\x20\x
SF:20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20@@@@@\r\n\x20\x20\x20\x20\
SF:x20\x20\x20\x20\x20\x20\x20@@@\x20@@@\x20\x20\x20\x20\x20@@@\x20\x20\x2
SF:0\x20\x20@@@\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\
SF:x20\x20\x20@@@\x20@@@\r\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20@@@\x2
SF:0\x20\x20@@@\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20@
SF:@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20@@@\x20\x20\x20@@@\r\n
SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20@@@\x20\x20\
SF:x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20@@@\x20\x20\x20\x20\x20\x2
SF:0\x20@@@\x20\x20\x20@@@\x20\x20\x20\x20\x20@@@\r\n\x20\x20\x20\x20\x20\
SF:x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20@@@\x20\x20\x20\x2
SF:0\x20\x20\x20@@@\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20@@@\x
SF:20\x20\x20\x20\x20\x20\x20@@@\r\n\x20\x20\x20\x20\x20\x20\x20\x20@@@@@@
SF:@@@@@@@\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20@@@\x20\x2
SF:0\x20\x20\x20@@@\x20\x20\x20@@@@@@@@@@@@@\r\n\x20\x20\x20\x20\x20\x20\x
SF:20\x20@@@@@@@@@@@@@\x20\x20@@@\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x
SF:20\x20@@@\x20\x20\x20@@@\x20\x20\x20\x20@@@@@@@@@@@@@\r\n\x20\x20\x20\x
SF:20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20@@@\x20\x20
SF:\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20@@@\x20\x20\x20\x20\x
SF:20@@@\x20\x20\x20\x20\x20\x20\x20@@@\r\n\x20\x20\x20\x20\x20\x20\x20\x2
SF:0@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20@@@@@@@@@@\x20\x20\x20\x20\x
SF:20\x20\x20\x20\x20@@@@@\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\
SF:x20\x20@@@\r\n\x20\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x
SF:20\x20@@@\x20\x20@@@@@@@@\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20@@@\x20\x20\x20\x20\x20\x20\x20@@@\x20\x20\x20\x20\x20\x20\x20@@@\r\n
SF:\r\n\x20\x20\x20Copyright\x20\(C\)\x202002-2010\x20ADVA\x20Optical\x20N
SF:etworking\.\x20All\x20rights\x20reserved\.\r\n\r\n\r\n\r\nLogin:");
b*cat thought Hmm :hmm: . . . and then laughed. :D
Why? Because a little manipulation of that stream of bytes shows --
"\xff\xfb\x01\xff\xfb\x03
@@@ @@@@@@@@ @@@ @@@ @@@
@@@@@ @@@@@@@@@@ @@@ @@@ @@@@@
@@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@
@@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@
@@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@
@@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@
@@@@@@@@@@@@@ @@@ @@@ @@@ @@@ @@@@@@@@@@@@@
@@@@@@@@@@@@@ @@@ @@@ @@@ @@@ @@@@@@@@@@@@@
@@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@
@@@ @@@ @@@@@@@@@@ @@@@@ @@@ @@@
@@@ @@@ @@@@@@@@ @@@ @@@ @@@
Copyright (C) 2002-2010 ADVA Optical Networking. All rights reserved.
Login:"
The first thirteen bytes of the "fingerprint" declares "SF-Port23-TCP", so an examination of RFC854 (https://tools.ietf.org/html/rfc854) (and its update, RFC5198 (https://tools.ietf.org/html/rfc5198)) will explain the string "\xff\xfb\x01\xff\xfb\x03" (i.e. 0xff 0xfb 0x01 0xff 0xfb 0x03, when laid out nicely for the eye). The rest is just a visual effect before the invitation to "Login".
-
Amazing detective work :D
-
Damned cat ...... beat me to it by 5mins !!! ;) ;D ;D
-
All's well! I'm completely lost. No one can call that an alternative fact. :crazy:
-
Nice one. ;D
-
Just a shame that the RFCs won't then tell you what login id you need!
Was that found on the normal telnet port, or a different one?
-
Just a shame that the RFCs won't then tell you what login id you need!
Perhaps I should write my own RFC, asking for suggestions. ;D
Was that found on the normal telnet port, or a different one?
I refer my learned friend (and kitteh carrier) to the string "SF-Port23-TCP" which declares the standard telnet port number assignment.
-
Having not done much with nmap before, I wasn't sure if that part reported what it found, or where it found it. Another microsecond of thinking might have provided the answer .... :paperbag:
Perhaps I should 0xFF 0xFB 0x12
-
Perhaps I should 0xFF 0xFB 0x12
(IAC) WILL DC2 :-X
-
Ooh had to search for DC2...
-
Ooh had to search for DC2...
What else does 0x12 (18dec) (00010010bin) represent?
-
I thought you were replying with a new message, rather than reflecting. And while I've used ASCII lots, I've never had to get bogged down in the names of the control codes, they've never been even close to the front of my brain! I started looking for 2-byte telnet control codes instead :-[