First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

I need a Documentation to explain in detail the Telnet Fields particularly telnet.enc.type_data

I need a Documentation to explain in detail the Telnet Fields particularly telnet.enc.type_data

khadeeja's avatar
1
khadeeja
asked 2021-02-02 08:44:04 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

Looks like the telnet dissector could go a step farther and break out the IV.
Original added here: "updated the TELNET dissector to dissect encryption negotiation commands as specified by RFC 2946"

RFC 2952 - "Telnet Encryption: DES 64 bit Cipher Feedback"

1.  Command Names and Codes

   Encryption Type

      DES_CFB64        1

   Suboption Commands

      CFB64_IV         1
      CFB64_IV_OK      2
      CFB64_IV_BAD     3

2.  Command Meanings


   IAC SB ENCRYPT IS DES_CFB64 CFB64_IV <initial vector> IAC SE


The extra byte (01) before the IV in your data: Type-specific data: 011213141516171819 is the Suboption Command to indicate an IV follows.
I don't see any open issues related to this. Steps to open one here: ReportingBugs

#define TN_ENCTYPE_NULL                 0
#define TN_ENCTYPE_DES_CFB64            1  https://tools.ietf.org/html/rfc2952
#define TN_ENCTYPE_DES_OFB64            2  https://tools.ietf.org/html/rfc2953
#define TN_ENCTYPE_DES3_CFB64           3  https://tools.ietf.org/html/rfc2947
#define TN_ENCTYPE_DES3_OFB64           4  https://tools.ietf.org/html/rfc2948
#define TN_ENCTYPE_CAST5_40_CFB64       8  https://tools.ietf.org/html/rfc2950
#define TN_ENCTYPE_CAST5_40_OFB64       9  https://tools.ietf.org/html/rfc2949
#define TN_ENCTYPE_CAST128_CFB64        10  https://tools.ietf.org/html/rfc2950
#define TN_ENCTYPE_CAST128_OFB64        11  https://tools.ietf.org/html/rfc2949


The RFCs for currently supported encryption types use the same verbage:

The sender of this command generates a random 8 byte initial
vector, and sends it to the other side of the connection using the
"encryption type"_IV command.
Chuckc's avatar
3k
Chuckc
answered 2021-02-02 17:35:18 +0000, updated 2021-02-02 17:57:56 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thanks very much for this informations. It was helpful.

khadeeja's avatar khadeeja (2021-02-03 09:29:57 +0000) edit
more
  • delete
add a comment see more comments
0

As per RFC 2946 this depends on the selected type of encryption. These are further referenced in the IANA registry.

Jaap's avatar
13.7k
Jaap
answered 2021-02-02 10:44:52 +0000
edit flag offensive 0 remove flag delete link
more

Comments

These documents don't specify what the telnet.enc.type_data refer to. in my case, the telnet encryption type is DES_CFB64 so the telnet.enc.type_data could be the IV, but the problem is the IV must be 8 bytes and the telnet.enc.type_data is 9 byte (011213141516171819)

here is the entire packet:

#

Frame 4: 82 bytes on wire (656 bits), 82 bytes captured (656 bits) Ethernet II, Src: xxx, Dst: xxx Internet Protocol Version 4, Src: x.x.x.x, Dst: x.x.x.x Transmission Control Protocol, Src Port: 42818, Dst Port: 23, Seq: 1, Ack: 1, Len: 16 Telnet Suboption Encryption Option Command: Suboption (250) Subcommand: Encryption Option Enc Cmd: IS (0) Enc Type: DES_CFB64 (1) Type-specific data: 011213141516171819 Suboption End Command: Suboption End (240)

#

any help in what the telnet.enc.type_data ( Type-specific data) refer to?

khadeeja's avatar khadeeja (2021-02-02 11:48:32 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer