Re: Telnet

From: WorkerBee (ciscobee@gmail.com)
Date: Mon Jun 12 2006 - 19:01:13 ART

• Next message: Curt Gregg \(cugregg\): "RE: Redistribution IEWB Lab5 Q4.8"
• Previous message: Roberto Fernandez: "NTP associacions, help on hidden semantic details"
• Maybe in reply to: Sami: "Telnet"
• Next in thread: Victor Cappuccio: "RE: Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The 3-way handshake is as follows:

   stage 1 : sync (Request from Telnet Client)
   stage 2 : sync+ack (Telnet Server Reply)
   stage 3 : ack (established session) (Telnet Server+Client)

As long there is a bit set in Ack flag of the TCP packet,
the ACL will allow the Telnet server to reply to client request from
stage 2 onwards if the established keyword is used.

The only different is, the second statement with established command
will only permit packet to go through with "Ack bit set" while the
first statement
does not have this strict requirement. The first statement allows
the Telnet server to use port 23 and send a sync packet out trying
to establish a session using a local well-known port which will be denied
making such a new connection if you have the established keyword.

On 6/13/06, Victor Cappuccio <cvictor@protokolgroup.com> wrote:
> Hi There Sami,
>
> by RFC: 793
>
> For a connection to be established or initialized, the two TCPs must
> synchronize on each other's initial sequence numbers. This is done in an
> exchange of connection establishing segments carrying a control bit called
> "SYN" (for synchronize) and the initial sequence numbers
>
> So debugging this in the router:
>
> IP: s=192.10.1.3 (local), d=192.10.1.254 (Ethernet0/0), len 44, sending
>
> TCP src=21994, dst=23, seq=1223489462, ack=0, win=4128 SYN :::(1
> PKT):::
>
> IP: s=192.10.1.254 (Ethernet0/0), d=192.10.1.3 (Ethernet0/0), len 44, rcvd 3
>
> TCP src=23, dst=21994, seq=4176947662, ack=1223489463, win=4128 ACK SYN
> :::(2 PKT):::
>
>
> IP: s=192.10.1.3 (local), d=192.10.1.254 (Ethernet0/0), len 40, sending
>
> TCP src=21994, dst=23, seq=1223489463, ack=4176947663, win=4128 ACK
> :::(3 PKT):::
>
> Also you can try this links
>
> http://en.wikipedia.org/wiki/Image:TCP_state_diagram.png
>
>
> http://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establ
> ishment
>
> http://www.onlamp.com/pub/a/bsd/2001/03/26/FreeBSD_Basics.html
>
>
> HTH
> Victor.
>
>
>
>
> -----Mensaje original-----
> De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de Sami
> Enviado el: Lunes, 12 de Junio de 2006 02:00 p.m.
> Para: Cisco certification
> Asunto: Telnet
>
> Group,
>
> This is basic question but still I have problem in understanding it ,what is
> the difference between
>
> permit tcp any eq telnet any
>
> or
>
> permit tcp any eq telnet any established
>
> I think both should allow telnet connection to come in ...am I correct ?
>
> Thanks
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Curt Gregg \(cugregg\): "RE: Redistribution IEWB Lab5 Q4.8"
• Previous message: Roberto Fernandez: "NTP associacions, help on hidden semantic details"
• Maybe in reply to: Sami: "Telnet"
• Next in thread: Victor Cappuccio: "RE: Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:32 ART