Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1287
Views
0
Helpful
1
Replies

Reverse telnet sessions are using not TELNET protocol?

EvaldasOu
Level 4
Level 4

‎06-05-2012 06:32 AM - edited ‎02-21-2020 04:39 AM

Hello guys.

I want to sniff reverse telnet sessions, and see in the logs, if someone tried to break the device.

That's really interesting what I found today. There is a few captures from wireshark.

When we are using port 23 for telnet connection, everything is as we want to, we can see the commands in clear-text format:

telnet1.jpg

When we try to connect to another device via reverse telnet, ( port 2011 in my example) we can see that we are using just TCP protocol, and we can't see any clear-text data:

telnet2.jpg

So Experts,

Is there a way to configure and use these ports as basic telnet session? I need to see some clear-text there

Maybe if I can't sniff these reverse-telnet sessions, there is a method to log somehow, reverse-telnet lines (tty lines) ?

0 Helpful
1 Reply 1

EvaldasOu
Level 4
Level 4

‎06-23-2012 06:07 AM

Nothing to add?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card