I need a Documentation to explain in detail the Telnet Fields particularly telnet.enc.type_data

telnet

asked 2021-02-02 08:44:04 +0000

khadeeja
1 ●1

edit retag flag offensive close merge delete

add a comment

2 Answers

Sort by » oldest newest most voted

answered 2021-02-02 17:35:18 +0000

Chuckc
3023 ●6 ●608 ●20

updated 2021-02-02 17:57:56 +0000

Looks like the telnet dissector could go a step farther and break out the IV.
Original added here: "updated the TELNET dissector to dissect encryption negotiation commands as specified by RFC 2946"

RFC 2952 - "Telnet Encryption: DES 64 bit Cipher Feedback"

1.  Command Names and Codes

   Encryption Type

      DES_CFB64        1

   Suboption Commands

      CFB64_IV         1
      CFB64_IV_OK      2
      CFB64_IV_BAD     3

2.  Command Meanings


   IAC SB ENCRYPT IS DES_CFB64 CFB64_IV <initial vector> IAC SE

The extra byte (01) before the IV in your data: Type-specific data: 011213141516171819 is the Suboption Command to indicate an IV follows.
I don't see any open issues related to this. Steps to open one here: ReportingBugs

#define TN_ENCTYPE_NULL                 0
#define TN_ENCTYPE_DES_CFB64            1  https://tools.ietf.org/html/rfc2952
#define TN_ENCTYPE_DES_OFB64            2  https://tools.ietf.org/html/rfc2953
#define TN_ENCTYPE_DES3_CFB64           3  https://tools.ietf.org/html/rfc2947
#define TN_ENCTYPE_DES3_OFB64           4  https://tools.ietf.org/html/rfc2948
#define TN_ENCTYPE_CAST5_40_CFB64       8  https://tools.ietf.org/html/rfc2950
#define TN_ENCTYPE_CAST5_40_OFB64       9  https://tools.ietf.org/html/rfc2949
#define TN_ENCTYPE_CAST128_CFB64        10  https://tools.ietf.org/html/rfc2950
#define TN_ENCTYPE_CAST128_OFB64        11  https://tools.ietf.org/html/rfc2949

The RFCs for currently supported encryption types use the same verbage:

The sender of this command generates a random 8 byte initial
vector, and sends it to the other side of the connection using the
"encryption type"_IV command.

edit flag offensive delete link

Comments

Thanks very much for this informations. It was helpful.

khadeeja ( 2021-02-03 09:29:57 +0000 )edit

add a comment

answered 2021-02-02 10:44:52 +0000

Jaap

13742 ●710 ●115

As per RFC 2946 this depends on the selected type of encryption. These are further referenced in the IANA registry.

edit flag offensive delete link

Comments

These documents don't specify what the telnet.enc.type_data refer to. in my case, the telnet encryption type is DES_CFB64 so the telnet.enc.type_data could be the IV, but the problem is the IV must be 8 bytes and the telnet.enc.type_data is 9 byte (011213141516171819)

here is the entire packet:

#

Frame 4: 82 bytes on wire (656 bits), 82 bytes captured (656 bits) Ethernet II, Src: xxx, Dst: xxx Internet Protocol Version 4, Src: x.x.x.x, Dst: x.x.x.x Transmission Control Protocol, Src Port: 42818, Dst Port: 23, Seq: 1, Ack: 1, Len: 16 Telnet Suboption Encryption Option Command: Suboption (250) Subcommand: Encryption Option Enc Cmd: IS (0) Enc Type: DES_CFB64 (1) Type-specific data: 011213141516171819 Suboption End Command: Suboption End (240)

#

any help in what the telnet.enc.type_data ( Type-specific data) refer to?

khadeeja ( 2021-02-02 11:48:32 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

I need a Documentation to explain in detail the Telnet Fields particularly telnet.enc.type_data

2 Answers

Comments

Comments

#

#

Your Answer

Question Tools

Stats

Related questions