你可以使用Telnet来验证不同主机上的端口运行的是什么类型的服务。

huangapple go评论74阅读模式
英文:

Can I Use Telnet to Verify What Kind of Service a Port on a Different Host Is Running?

问题

使用Ubuntu 22.04在我的笔记本上,我有不同机器的套接字地址192.168.38.201:8080。当我通过终端使用telnet登录时,似乎有效,屏幕上会出现以下信息:

$ telnet 192.168.38.201 8080
Trying 192.168.38.201...
Connected to 192.168.38.201.
Escape character is '^]'.
^]
telnet> display

但我可以从中得出什么样的结论呢?我可以得出结论我可以访问特定端口的防火墙,并且某个服务(可能是http、SSH、redis等)正在该端口上运行吗?一旦连接成功,我是否可以查询更多信息,比如正在运行的是什么类型的服务,它支持什么协议等等?

如果telnet失败,我可以得出结论要么没有服务在运行,要么我没有防火墙访问权限?

英文:

Using Ubuntu 22.04 on my laptop, and I have the socket address 192.168.38.201:8080 of a different machine. When I log in via telnet on my terminal, it does seem to work, as in a screen appears saying this

$ telnet 192.168.38.201 8080
Trying 192.168.38.201...
Connected to 192.168.38.201.
Escape character is '^]'.
^]
telnet> display

But what kind of conclusion can I draw from this? That I have firewall access to that specific port, and some service (which may be http, SSH, redis etc.) is running on that port? Once I connect, can I query anything more, like what kind of service is running, what protocol it supports etc.?

If the telnet-ing fails, can I conclude either no service is running or I do not have firewall access?

答案1

得分: 1

以下是您要翻译的内容:

所有telnet做的就是打开到该端口的连接,并尝试建立一个“交互会话”,以这样的方式,您键入的一切都将发送到远程主机,远程主机回复的一切都将被回显回来。

它主要用作与基于文本的远程服务进行双向通信的便利工具 - 而不是安全工具。


您基本上想要使用诸如nmap(应该在任何主要的GNU / Linux发行版中作为软件包提供)之类的工具来进行任何类型的“询问”操作。

它有很多选项,但您可以在线找到一些不错的使用指南 - 例如https://phoenixnap.com/kb/nmap-commands或https://www.stationx.net/nmap-cheat-sheet/


回答您的“如果telnet失败” - 这涉及到“它是如何失败的?”的问题。

因为可能有多种不明显的方式可以使其“失败”:

  • telnet使用TCP协议 - 因此,它对UDP / ICMP或其他协议一无所知。
  • 您的防火墙可能只允许单向通信。虽然这通常会导致telnet“失败” - 但您的防火墙可能配置得如此糟糕,以至于它将允许建立TCP连接所需的所有控制数据包,但仍然不允许发送任何数据。
  • 您连接的服务可能不支持任何输入和/或输出

为了给您更多背景信息:TCP只是基于IP或“互联网”通常所认知的众多协议之一。

TCP是一种有状态的、基于连接的协议。

UDP是无状态和无连接的。一些核心服务使用UDP,例如DNS。

诸如nmap之类的安全工具已经被设计成尽力弄清楚究竟发生了什么。但有很多因素可能导致telnet“失败”。

从历史上看,在广泛采用加密外壳(如ssh)之前,telnet用于在远程计算机上获取交互式命令提示符。但通常情况下,当两者无法就公共字符集达成一致时,它已经彻底失败了。

它从来没有意图处理任何二进制数据。

因此,基本上,如果telnet成功,那么可以建立双向的基于文本的通信渠道。如果它没有成功,就不能可靠地做出其他假设。


由于您在问题中使用了私有IP地址,请注意,您应该真正使用类似于nmap的工具来针对您的公共IP地址运行 - 并且来自您网络之外的计算机。

例如,您可以使用亚马逊AWS等云提供商的免费套餐来部署基本的Debian或Alpine映像,然后从“外部”运行nmap来针对您的公共IP执行扫描。

英文:

All that telnet does is that it opens a connection to that port and tries to establish an "interactive session" - in the way that everything that you type will be sent the remote host and that everything the remote host replies will be echo'ed back to you.

It is primarily intended as a convenience tool for bi-directional communication with a text-based remote service - and NOT a security tool.


You pretty much want to use a tool such as nmap (that should be availabe as a package in any major GNU / Linux distribution) for any kind of "inquisitative" questions.

It has quite a lot of options, but you can find several decent guides on how to use it online - for instance https://phoenixnap.com/kb/nmap-commands or https://www.stationx.net/nmap-cheat-sheet/


To answer your "If the telnet-ing fails" - this leads to the issue of "how did it fail?".

Because there might be several different ways how it might "fail" that may not be obvious:

  • telnet uses the TCP protocol - so it tells you nothing about UDP / ICMP or other protocols.
  • Your firewall may only allow traffic in one direction. And while this would normally cause telnet to "fail" - your firewall could possibly misconfigured so badly that it would allow all of those control packets that are required for a TCP connection to be established - but still not allow any data being sent.
  • The service that you connected to may not support any input and/or output

To give you a little bit more background: TCP is just one of the many protocols that are implemented on top of IP - or "the internet" as it's generally perceived.

TCP is a stateful, connection-based protocol.

UDP is stateless and connection-less. Several core services use UDP, such as for instance DNS.

Security oriented tools such as nmap have been designed to do their best to figure out what exactly is going on. But there are many things that could cause telnet to "fail".

Historically, telnet was used prior to the wide-spread adoption of encrypted shells such as ssh; you'd use telnet to get an interactive command prompt at a remote computer. But oftentimes, it already failed miserably when the two couldn't agree on a common character set.

It was never meant to handle any binary data either.

So basically, if telnet succeeds, then a bi-directional text-based communication channel could be established. If it doesn't succeed, nothing else can reliably be assumed.


Since you're using a private IP address in your question - please be aware that you should really run a tool such as nmap against your public IP address - and from a machine outside your network.

You could, for instance use the Free Tier of a Cloud Provider such as Amazon AWS to deploy a very basic image of something like Debian or Alpine to run the nmap against your public IP from the "outside".

huangapple
  • 本文由 发表于 2023年5月10日 16:17:55
  • 转载请务必保留本文链接:https://go.coder-hub.com/76216281.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定