Ask Your Question
0

I need a Documentation to explain in detail the Telnet Fields particularly telnet.enc.type_data

asked 2021-02-02 08:44:04 +0000

khadeeja gravatar image

I need a Documentation to explain in detail the Telnet Fields particularly telnet.enc.type_data

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2021-02-02 10:44:52 +0000

Jaap gravatar image

As per RFC 2946 this depends on the selected type of encryption. These are further referenced in the IANA registry.

edit flag offensive delete link more

Comments

These documents don't specify what the telnet.enc.type_data refer to. in my case, the telnet encryption type is DES_CFB64 so the telnet.enc.type_data could be the IV, but the problem is the IV must be 8 bytes and the telnet.enc.type_data is 9 byte (011213141516171819)

here is the entire packet:

#

Frame 4: 82 bytes on wire (656 bits), 82 bytes captured (656 bits) Ethernet II, Src: xxx, Dst: xxx Internet Protocol Version 4, Src: x.x.x.x, Dst: x.x.x.x Transmission Control Protocol, Src Port: 42818, Dst Port: 23, Seq: 1, Ack: 1, Len: 16 Telnet Suboption Encryption Option Command: Suboption (250) Subcommand: Encryption Option Enc Cmd: IS (0) Enc Type: DES_CFB64 (1) Type-specific data: 011213141516171819 Suboption End Command: Suboption End (240)

#

any help in what the telnet.enc.type_data ( Type-specific data) refer to?

khadeeja gravatar imagekhadeeja ( 2021-02-02 11:48:32 +0000 )edit
0

answered 2021-02-02 17:35:18 +0000

Chuckc gravatar image

updated 2021-02-02 17:57:56 +0000

Looks like the telnet dissector could go a step farther and break out the IV.
Original added here: "updated the TELNET dissector to dissect encryption negotiation commands as specified by RFC 2946"

RFC 2952 - "Telnet Encryption: DES 64 bit Cipher Feedback"

1.  Command Names and Codes

   Encryption Type

      DES_CFB64        1

   Suboption Commands

      CFB64_IV         1
      CFB64_IV_OK      2
      CFB64_IV_BAD     3

2.  Command Meanings


   IAC SB ENCRYPT IS DES_CFB64 CFB64_IV <initial vector> IAC SE


The extra byte (01) before the IV in your data: Type-specific data: 011213141516171819 is the Suboption Command to indicate an IV follows.
I don't see any open issues related to this. Steps to open one here: ReportingBugs

#define TN_ENCTYPE_NULL                 0
#define TN_ENCTYPE_DES_CFB64            1  https://tools.ietf.org/html/rfc2952
#define TN_ENCTYPE_DES_OFB64            2  https://tools.ietf.org/html/rfc2953
#define TN_ENCTYPE_DES3_CFB64           3  https://tools.ietf.org/html/rfc2947
#define TN_ENCTYPE_DES3_OFB64           4  https://tools.ietf.org/html/rfc2948
#define TN_ENCTYPE_CAST5_40_CFB64       8  https://tools.ietf.org/html/rfc2950
#define TN_ENCTYPE_CAST5_40_OFB64       9  https://tools.ietf.org/html/rfc2949
#define TN_ENCTYPE_CAST128_CFB64        10  https://tools.ietf.org/html/rfc2950
#define TN_ENCTYPE_CAST128_OFB64        11  https://tools.ietf.org/html/rfc2949


The RFCs for currently supported encryption types use the same verbage:

The sender of this command generates a random 8 byte initial
vector, and sends it to the other side of the connection using the
"encryption type"_IV command.
edit flag offensive delete link more

Comments

Thanks very much for this informations. It was helpful.

khadeeja gravatar imagekhadeeja ( 2021-02-03 09:29:57 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2021-02-02 08:44:04 +0000

Seen: 572 times

Last updated: Feb 02 '21