For an application I had to develop a simple telnet module. (Which I could do quickly with the help of minimalistic telnet)
I did create a telnet server and a client and I used PuTTY to test the behavior of the server.
PuTYY was configured for 'Telnet negotiation mode: active'.
In the server I did see the expected telnet negotiation sequence (and it was giving correct replies).
The last action in the PuTTY negotiation was a strange one.
0xff 0xfe 0x32 or IAC DONT 0x32
The third byte, 0x32, is the option and that is where the problem is (for me).
I did look up all Telnet options at IANA and according to them the options range 50-137 is unassigned (0x32 is 62).
What is behind PuTTY option 0x32?
I have looked on the internet but can't find anything.
I have looked up the PuTTY documentation, same thing.
Putting up a request to the PuTTY development is severely discouraged due to capacity problems (not enough hands to type a sensible reply).
It is perfectly sensible not to use this unknown option but it still is nagging me.
What is option 0x3e supposed to do?
Problem solved.
There was an error in my server code causing PuTTY to generate a reply for a non existing option.
I hereby thank Simon Tatham for the suggestion he gave leading me to find the real problem.
Related
I tried posting this on ask.openstack but it has been stuck in the moderator for 5 days now. I thought I'd try here.
I was trying to debug a Nova issue and wanted to decode the SSL / TLS packets being exchanged using Wireshark. Part of the changes I was making was setting Nova up to use SSL / TLS and I wanted to be sure that part of it I had set correctly. I eventually figure out my issues from the various log files but I'm somewhat assuming that being able to watch the network traffic may help in some very difficult cases.
The exchange uses TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 at one point. According to this security stackexchannge question, there is a "pre-master secret" or various other terms. I've wrestled with this before in a previous life doing IPSec. Usually you can set debug in the application and it will spew out the secret into the log file. I tried "debug = true" under Default in nova.conf and got lots of debug but no secret. There was two items that looked interesting that were reported as **** in the log: keystone_authtoken.memcache_secret_key and neutron.metadata_proxy_shared_secret. I wasn't sure if those were the secrets I was looking for or not. In this case, I'm looking at the nova-api traffic going to port 8774.
Also, since all of openstack is Python and uses the same "request" and "certifi" packages, it may be possible to generalize this to all of the openstack components.
nova --version report 9.1.1
I'm trying to get asterisk 11.20.0 running with WebRTC (sip.js 0.72 which I believe is a fork of jssip), but I'm seeing the following (and the called party rings, but when the phone is answered the call gets hung up).
This is my setup:
What I see:
In the CLI:
[2015-11-24 01:01:53] NOTICE[43619][C-00000002]: res_rtp_asterisk.c:4441 ast_rtp_read: Unknown RTP codec 95 received from '(null)'
In Firefox:
InvalidSessionDescriptionError: Invalid description, no ice-ufrag attribute
Attachments:
SIP Dialogue (Asterisk CLI)
Webphone Log
Config Files (httpd.conf, sip.conf, rtp.conf)
Asterisk Compiled with Libuuid & Friends
What I've tried so far:
Changed webRTC implementations (tried chrome and firefox both with SIPML and SIP.JS)
Set the STUN server to null on the client side (stunServers: ['stun:null'])
Configured properly (I hope) my sip.conf and rtp.conf and httpd.conf
Made sure I have libuuid, uuid and their -devel companions and after i've recompiled asterisk.
What I've read:
http://forums.asterisk.org/viewtopic.php?p=201702
https://wiki.asterisk.org/wiki/display/AST/Asterisk+WebRTC+Support
https://wiki.asterisk.org/wiki/display/AST/WebRTC+tutorial+using+SIPML5
http://jssip.net/documentation/misc/interoperability/asterisk/
http://sipjs.com/guides/server-configuration/asterisk/
https://kunjans.wordpress.com/2015/01/09/web-sip-client-sipml5-with-asterisk-13-on-centos-6-6/
http://forums.digium.com/viewtopic.php?f=1&t=89798
Please, if you can, give me a hand. I'm about to smash my box with a sledge hammer.
Faced same issue and followed instruction in http://forums.digium.com/viewtopic.php?f=1&t=90167 realise that:
This issue is caused because you asterisk don't have ICE support, you can solve that by installing the uuid/libuuid and uuid-devel/libuuid-devel packages on your system. Then recompile asterisk(be sure to rerun the configure script before the make command).
I did recompile my Astersik 11.16.0 with patch for ECDH support and fallback to prime256v1 https://issues.asterisk.org/jira/browse/ASTERISK-25265 and looks like lost uuid support at that time. Reverting back to non-patched version (with uuid support, use to be compiled before) resolved my issue with "no ice-ufrag attribute" error in Firefox console and calls are going well now from WebRTC client SIPML5 based to asterisk, but not in opposit direction
I am trying to monitor https traffic with Fiddler, using current newest version:2.4.4.5
I've successfully set up https, certificates and I can see the full https encrypted traffic for example browsing my bank's web site.
...however...
When I trying to monitor an other server I got this error message in the response window:
"Failed to secure existing connection for 77.87.178.160. A call to SSPI failed, see inner exception. InnerException: System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm"
For full Fiddler window see:
The client is not a in this case browser, but a custom client program, which communicates with its own server.
My question: Is this exception misleading and in reality some other error prevents the secure channel to set up?
...or...
We have still chance to monitor this https communication?
Thx in advance
What is the client program?
This error typically indicates that that client application is only offering certain HTTPS ciphers, and those ciphers are not supported by Fiddler.
However, in this case, the specific problem here is almost certainly this: http://blogs.msdn.com/b/ieinternals/archive/2009/12/08/aes-is-not-a-valid-cipher-for-sslv3.aspx
The client is trying to use AES with SSLv3, but that isn't one of the valid ciphers for SSL3. As a consequence, the connection fails.
You might be able to workaround this by clicking Rules > Customize Rules. Scroll down to the Main() function and add the following line within the function:
CONFIG.oAcceptedServerHTTPSProtocols =
System.Security.Authentication.SslProtocols.Ssl3;
Please let me know if this works.
NOTE Current versions of Fiddler offer a UI link for this: Look at the lis of enabled protocols on the HTTPS tab.
Unbelievably this issue is still present some 6 years later.
Just installed the latest version of Fiddle (v5.0.20194.41348), and sure enough on Win7 using Chrome or IE it keeps failing with the dreaded error:
"fiddler.network.https> HTTPS handshake to google.com (for #1) failed. System.ComponentModel.Win32Exception The client and server cannot communicate, because they do not possess a common algorithm"
After some hours of testing, I found a middle ground solution which seems to work with virtually all websites. The aim was to get the highest possible security with no errors in the log. Without needing to add any code, simply changing this line under Tools > Options > HTTPS > Protocols is what worked for me (just copy and paste it):
<client>;ssl3;tls1.1;tls1.2
Basically removed the ssl2 and tls1.0 protocols which leaves us with some pretty decent security and no errors so far. Having spent hours of frustration with this error, hope someone out there might find this useful, and a big thanks to EricLaw who discovered the root of the problem.
Yes I too have seen this error when working outside of fiddler and it was connected with AuthenticateAsServer but only went wrong when using IE10 and not Chrome as the browser.
Odd thing is that it did not break all the time for IE10 using SslProtocols.Tls for the protocol so I will add a bit of code to switch the protocol if one fails
The protocol that can be used also seems to change on if you are using a proxy server like Fiddler or using an invisible server by hijacking the DNS via the hosts file to divert traffic to the server
Have a look at the following post:
How to telnet google using command prompt?
I've tried the same thing, but keep getting a Bad Request! (400!) I'm working on a Windows 8 PRO machine. I just want to try a few things using Telnet, but as long as I keep getting this 400-error I can't really achieve much!
All I'm doing is the following:
o www.google.com 80 (PRESSING ENTER TWICE!!!)
GET / HTTP/1.1 (ENTER)
Host: www.google.com (PRESSING ENTER TWICE!!!)
Any help appreciated!
This problem can be solved by typing in the Telnet Commands exactly, so capitalize where needed and vice versa! Check this source for more detailed information on how to setup Telnet as a Instant HTTP Client. The source also explains that once you use a BACKSPACE to retype a command that the server receiving the command may interpret it as
<bs>
and if so, declares it as an illegal request! (This is what happened to me!)
Conclusion
It seems that you can communicate the Backspace-character properly if you have the host and client communicating properly! There's an article here that explains more about it on a technical level. To get this to work for the Windows Telnet Client, I do not know how and I'm not sure whether its possible! To get around this I would like to suggest using a program like PuTTY which is a free (MIT-licensed) Win32 Telnet and SSH client. There's an option available in the PuTTY client that allows you to change how the Backspace is generated in PuTTY, that is, which one is acceptable to you're host (if at all!)!
Please read the documentation section 4.4.1 for configuring this option "properly" (if all hosts are using this protocol; otherwise you probably need to read this article and somehow configure PuTTY to be accepted by you're host or vice versa!)!
Also, in the previous example I used Google which may need other parameters to get that working, but this may not have been the best choice to get a 200-status code immediately! Try bing.com instead (working for me at the moment!)!
o www.bing.com 80 (press ENTER twice!!!)
GET / HTTP/1.1 (press ENTER)
Host: www.bing.com (press ENTER twice!!!)
I'm having issues with using the following format using WinSCP
open sftp://user:password#site.com
vs. this, which works with the console and GUI:
open sftp.site.com.
I would like to automate logging in through the command line but when I try with sftp://user:password#site.com I get a timeout.
Any ideas?
It works fine for me both ways. Is the problem that you are using site.com instead of sftp.site.com in your first example?
Just because you specify the protocol sftp, doesn't mean it will attempt to connect to sftp.site.com when you provide site.com as the host. You still need the full hostname, the sftp:// just tells it what protocol you want to speak once connected.