GilbertPark 2016. 3. 1. 00:05

{{ SECURITY Network packet Forensic }} 


Chapter 5. Telnet (Telecommunication Network Protocol) packet analysis


Before checking the telnet PCAP log, let's see what is {TCP KEEP ALIVE} packet means.
This packet is normally using to check for dead peers or prevent the disconnection due to network inactivity.

Normally a null packet with ACK flag will send to peer. But in our example, it has a duplicated packet data from previous sent packet with [PSH, ACK].



Following is an example of TCP connection. [using Follow TCP Stream menu]

Step 1 has negotiation of sub-options procedure for the telnet connection. After that there is a login prompt as like Step 2. Login has echo characters for the input, but password has no echo characters. Step 3. is an exit the telnet connection.




At the first time, there will be a 3 way handshaking procedure like before for TCP session establishment for port 23 of the destination.




And for disconnection, there are FIN,ACK procedure like below.




