WEBVTT 0:00:03.860000 --> 0:00:07.460000 In this last video in this series, I want to get into some details about 0:00:07.460000 --> 0:00:10.220000 how the Telnet protocol works. 0:00:10.220000 --> 0:00:14.020000 Talk about why it was invented, what problem it was designed to solve, 0:00:14.020000 --> 0:00:16.560000 and how it works in the background. 0:00:16.560000 --> 0:00:20.240000 If you've never worked with computer networks before, you may never have 0:00:20.240000 --> 0:00:23.500000 needed to know anything about Telnet or use Telnet. 0:00:23.500000 --> 0:00:27.220000 But as a network admin or network engineer guaranteed, you're going to 0:00:27.220000 --> 0:00:29.640000 be using this protocol and you're going to have to know how it works. 0:00:29.640000 --> 0:00:32.760000 Let's dive into that. 0:00:32.760000 --> 0:00:37.720000 Okay, so prior to the invention of Telnet, we had once again, like I said 0:00:37.720000 --> 0:00:43.760000 back when we were talking about email, we had this idea of a dumb terminal 0:00:43.760000 --> 0:00:50.160000 that was connected directly into the computer periphery of a device. 0:00:50.160000 --> 0:00:53.220000 So for example, this dumb terminal would actually be connected directly 0:00:53.220000 --> 0:00:58.960000 into the back of the serial port or some other interface of the computer. 0:00:58.960000 --> 0:01:02.720000 So this dumb terminal was not using any kind of IP connection. 0:01:02.720000 --> 0:01:04.320000 There was no IP here. 0:01:04.320000 --> 0:01:09.700000 It was simply an interface for you to connect to the shell of a device. 0:01:09.700000 --> 0:01:13.140000 Now that might lead us to the question of what is a shell? 0:01:13.140000 --> 0:01:16.080000 You know, maybe you've never heard that term before. 0:01:16.080000 --> 0:01:18.900000 Now, I actually stole this directly from Wikipedia because I thought it 0:01:18.900000 --> 0:01:22.660000 was a fantastic definition of what this term shell is. 0:01:22.660000 --> 0:01:28.580000 In computing, a shell is a user interface for access to an operating systems 0:01:28.580000 --> 0:01:37.820000 services. So for example, when you are accessing the Cisco iOS command 0:01:37.820000 --> 0:01:43.520000 line, well, the Cisco iOS command line is the shell of Cisco iOS that 0:01:43.520000 --> 0:01:48.660000 the command line is giving you access to the operating systems services. 0:01:48.660000 --> 0:01:52.420000 That's what the iOS command line is doing. 0:01:52.420000 --> 0:01:57.300000 So when we are teleneting, so when we are getting, so back in the old 0:01:57.300000 --> 0:02:02.020000 days, when a dumb terminal was connected to a mainframe, you automatically 0:02:02.020000 --> 0:02:07.960000 had access to the shell because that dumb terminal had direct access via 0:02:07.960000 --> 0:02:12.520000 a serial interface or something and that serial interface led directly 0:02:12.520000 --> 0:02:13.900000 to the CPU of the device. 0:02:13.900000 --> 0:02:20.360000 In this case, the computer and that's how you had access to the shell. 0:02:20.360000 --> 0:02:24.060000 Now back when you had direct access, when you had a terminal connected 0:02:24.060000 --> 0:02:28.580000 directly to the computer, the shell, which is once again the computer, 0:02:28.580000 --> 0:02:33.660000 the operating system, control the aspects of that terminal. 0:02:33.660000 --> 0:02:38.800000 In other words, the computer itself, the shell, told the dumb terminal 0:02:38.800000 --> 0:02:45.660000 what characters should look like, what characters to use to represent 0:02:45.660000 --> 0:02:46.640000 special functions. 0:02:46.640000 --> 0:02:52.460000 In other words, what did you have to press to do a line break or a carriage 0:02:52.460000 --> 0:02:54.340000 return or an enter? 0:02:54.340000 --> 0:02:58.920000 So all of that stuff was inherently known by the shell. 0:02:58.920000 --> 0:03:03.940000 So with direct access, the moment a user typed in a line of characters 0:03:03.940000 --> 0:03:09.900000 followed by the carriage return followed by the enter key, the shell was 0:03:09.900000 --> 0:03:15.920000 immediately, that information was immediately passed into a buffer and 0:03:15.920000 --> 0:03:17.640000 the shell was alerted to it. 0:03:17.640000 --> 0:03:21.720000 So the CPU, the shell, contact of the CPU and said, okay, there's something 0:03:21.720000 --> 0:03:25.680000 in a buffer which has been sent here, we need to take a look at that. 0:03:25.680000 --> 0:03:31.200000 But now we start having this idea of, well, how can we provide a user 0:03:31.200000 --> 0:03:35.960000 the same ability to interact with the shell, to interact with a command 0:03:35.960000 --> 0:03:41.140000 line, if their terminal is not directly connected to the computer, but 0:03:41.140000 --> 0:03:45.220000 instead only reachable remotely over an IP connection. 0:03:45.220000 --> 0:03:49.540000 In other words, how could I give somebody that same dumb terminal experience 0:03:49.540000 --> 0:03:55.740000 if they are miles or hundreds of miles or thousands of miles away from 0:03:55.740000 --> 0:04:00.040000 that computer? And the only way to reach it is via IP. 0:04:00.040000 --> 0:04:03.980000 And that is what Telnet was designed to solve. 0:04:03.980000 --> 0:04:07.620000 Let's take a look at some basic facts of Telnet. 0:04:07.620000 --> 0:04:11.540000 It's defined in RFC 854. 0:04:11.540000 --> 0:04:15.760000 Like so many other things, it is TCP based. 0:04:15.760000 --> 0:04:20.120000 And we've now learned that it's used to access the command line or the 0:04:20.120000 --> 0:04:24.580000 shell of remote devices over an IP connection. 0:04:24.580000 --> 0:04:32.120000 Typically, it creates very small packets, uses well-known port, TCP port 0:04:32.120000 --> 0:04:36.440000 23. And yes, you definitely would have to memorize that for any Cisco 0:04:36.440000 --> 0:04:38.920000 certification exam. 0:04:38.920000 --> 0:04:43.220000 And the data in the IP packets is sent in clear text. 0:04:43.220000 --> 0:04:45.580000 I'll show you an example of that in just a minute. 0:04:45.580000 --> 0:04:47.120000 So how does Telnet actually work? 0:04:47.120000 --> 0:04:51.780000 So now just from this, we can gather that when I open up Telnet on my 0:04:51.780000 --> 0:04:57.960000 laptop. Number one we know my objective is I want to get access to the 0:04:57.960000 --> 0:05:00.840000 shell of a router or a switch. 0:05:00.840000 --> 0:05:04.780000 In other words, I want to get access to the Cisco iOS command line. 0:05:04.780000 --> 0:05:10.260000 We also know based on this that my laptop is going to have to invoke the 0:05:10.260000 --> 0:05:15.400000 TCP process. So a TCP three-way handshake is going to have to occur between 0:05:15.400000 --> 0:05:19.720000 my laptop and that router or switch or whatever it is that you're trying 0:05:19.720000 --> 0:05:20.960000 to tell that into. 0:05:20.960000 --> 0:05:27.200000 That router switch is going to have Telnet already running and be passively 0:05:27.200000 --> 0:05:29.740000 listening on port number 23. 0:05:29.740000 --> 0:05:34.960000 If it's not, then when my TCP send comes in, it'll just send a TCP reset 0:05:34.960000 --> 0:05:38.400000 back to me saying, I'm sorry, I'm not listening on port number 23, I'm 0:05:38.400000 --> 0:05:42.060000 not running that application. 0:05:42.060000 --> 0:05:46.340000 Then everything in my Telnet window that I type in will be placed into 0:05:46.340000 --> 0:05:51.420000 a TCP segment, which will be placed into an IP packet and then sent across 0:05:51.420000 --> 0:05:54.020000 to that remote destination. 0:05:54.020000 --> 0:05:56.600000 So let's go even deeper to that. 0:05:56.600000 --> 0:06:04.640000 When Telnet is invoked in a system, both sides, so the host, which is 0:06:04.640000 --> 0:06:10.700000 you, that's your laptop, your PC, and the process within a server. 0:06:10.700000 --> 0:06:15.020000 So for example, the Telnet process within a router, within a switch, maybe 0:06:15.020000 --> 0:06:18.500000 within a server that you're trying to tell that to, both sides of the 0:06:18.500000 --> 0:06:24.340000 connection create what's called a network virtual terminal or an NBT. 0:06:24.340000 --> 0:06:28.600000 And NBT is basically just an imaginary device that represents a generic 0:06:28.600000 --> 0:06:31.560000 dumb terminal with minimal features or options. 0:06:31.560000 --> 0:06:37.600000 In other words, when I start up Telnet in my laptop, in the brain of my 0:06:37.600000 --> 0:06:41.600000 laptop, it sort of says, okay, I'm going to pretend I'm a dumb terminal. 0:06:41.600000 --> 0:06:45.860000 And I'm going to provide the user with the same kind of experience that 0:06:45.860000 --> 0:06:50.120000 he or she would have as if I was a dumb terminal. 0:06:50.120000 --> 0:06:53.820000 And similarly on the server side, the router switch that you're trying 0:06:53.820000 --> 0:06:58.880000 to tell that into, it will also create inside of its own brain a dumb 0:06:58.880000 --> 0:07:02.960000 terminal. And they'll say, okay, I'm going to sort of imagine as if these 0:07:02.960000 --> 0:07:07.160000 IP packets are coming to me, are actually coming to me from a dumb terminal 0:07:07.160000 --> 0:07:13.780000 instead. And that's what we mean by a network virtual terminal or an NBT. 0:07:13.780000 --> 0:07:19.120000 Now when the Telnet session is actually happening going on, the Telnet 0:07:19.120000 --> 0:07:22.800000 protocol itself sends and receives two things, the actual data. 0:07:22.800000 --> 0:07:26.140000 So that's the stuff you type on your keyboard, the output that you get 0:07:26.140000 --> 0:07:28.460000 back from the router or the switch. 0:07:28.460000 --> 0:07:32.420000 And Telnet also sends and receives what's called negotiated options. 0:07:32.420000 --> 0:07:36.560000 And these are things like it says that dictate how that network virtual 0:07:36.560000 --> 0:07:41.980000 terminal will be displayed and how it will act. 0:07:41.980000 --> 0:07:46.900000 So let's talk about some of those negotiated options. 0:07:46.900000 --> 0:07:48.120000 And we'll see this in just a moment. 0:07:48.120000 --> 0:07:50.600000 I'm going to do a sniffer trace here of a Telnet session. 0:07:50.600000 --> 0:07:54.000000 And you're going to see within the Telnet session, in addition to the 0:07:54.000000 --> 0:07:58.660000 commands I type and the output that I get back, which is all going to 0:07:58.660000 --> 0:08:03.400000 be in clear text, we're going to see these commands like do and don't 0:08:03.400000 --> 0:08:05.040000 and will and won't. 0:08:05.040000 --> 0:08:10.680000 What these are are ways of formatting that network virtual terminal. 0:08:10.680000 --> 0:08:12.860000 Saying, okay, this is the option I'd like to have. 0:08:12.860000 --> 0:08:16.340000 I'd like to, you know, in addition to just a generic terminal, I want 0:08:16.340000 --> 0:08:19.500000 to add these additional sub options to it. 0:08:19.500000 --> 0:08:22.540000 On the other side of the session, do you support that? 0:08:22.540000 --> 0:08:23.940000 Do you support this sub option? 0:08:23.940000 --> 0:08:25.560000 And we'll see that. 0:08:25.560000 --> 0:08:30.020000 So some common negotiated options that we're going to see here as I go 0:08:30.020000 --> 0:08:36.940000 through are the suppress go ahead, the negotiate window size and echo. 0:08:36.940000 --> 0:08:38.580000 So let's just go ahead and take a look at that. 0:08:38.580000 --> 0:08:43.500000 So to make this simple, I've actually opened up a GNS three session with 0:08:43.500000 --> 0:08:44.720000 just two routers. 0:08:44.720000 --> 0:08:48.200000 I could certainly tell that from my laptop, but my laptop is doing just 0:08:48.200000 --> 0:08:52.040000 so much other garbage over the network right now that I didn't want to 0:08:52.040000 --> 0:08:54.860000 have to create a whole bunch of filters to do this. 0:08:54.860000 --> 0:08:58.940000 So it's just easier to do it between these two devices right here. 0:08:58.940000 --> 0:09:03.720000 So what I'm simply going to do is I'm going to log into router one. 0:09:03.720000 --> 0:09:09.880000 Here we go. And I'm going to initiate a telnet session. 0:09:09.880000 --> 0:09:20.480000 For example, I'm just going to say telnet one dot one dot one dot two. 0:09:20.480000 --> 0:09:23.840000 That's router two. 0:09:23.840000 --> 0:09:25.980000 And now the telnet session is open. 0:09:25.980000 --> 0:09:29.540000 I've got a password and everything's happening via telnet. 0:09:29.540000 --> 0:09:32.280000 So let's take a look at what that looks like over wire shark. 0:09:32.280000 --> 0:09:36.880000 So we can actually see it in the background. 0:09:36.880000 --> 0:09:39.860000 So here in GNS three, I'm just going to right click on the connection 0:09:39.860000 --> 0:09:46.240000 and click on start capture. 0:09:46.240000 --> 0:09:50.400000 All right, let's just implement some basic filters right here. 0:09:50.400000 --> 0:09:53.920000 So I can filter out some of this other garbage. 0:09:53.920000 --> 0:09:56.280000 I don't want to see that. 0:09:56.280000 --> 0:10:01.740000 And I don't want to see CDP. 0:10:01.740000 --> 0:10:14.200000 All right, so let's go ahead and initiate my telnet session. 0:10:14.200000 --> 0:10:16.940000 Telnet one dot one dot one dot two. 0:10:16.940000 --> 0:10:21.540000 OK, password is I and E. 0:10:21.540000 --> 0:10:23.800000 And I'm going to type enable. 0:10:23.800000 --> 0:10:27.200000 Passwords I and E. 0:10:27.200000 --> 0:10:31.040000 And I'm going to type show version. 0:10:31.040000 --> 0:10:38.920000 OK, and then hit the carriage return a few times and then kill the talent 0:10:38.920000 --> 0:10:42.280000 session by typing exit. 0:10:42.280000 --> 0:10:47.900000 OK, so let's see how all of that happened in the background. 0:10:47.900000 --> 0:10:51.760000 So we can see here router one is one dot one dot one dot one. 0:10:51.760000 --> 0:10:58.360000 So start out. By doing the TCP three way handshake, send a TCP sin. 0:10:58.360000 --> 0:11:01.660000 So here's the TCP header, no data. 0:11:01.660000 --> 0:11:03.700000 And the TCP header in the. 0:11:03.700000 --> 0:11:09.760000 In the flags field, we have the sin bit set. 0:11:09.760000 --> 0:11:14.140000 And then we got a sin back back from router two. 0:11:14.140000 --> 0:11:16.720000 So here's the act bit and the sin bit. 0:11:16.720000 --> 0:11:22.160000 And then the third portion of that three way handshake was just the act. 0:11:22.160000 --> 0:11:25.920000 And now telnet can start flowing across that. 0:11:25.920000 --> 0:11:29.660000 So let's take a look at the next one. 0:11:29.660000 --> 0:11:34.380000 So now telnet gets invoked. 0:11:34.380000 --> 0:11:38.720000 I'm going to reduce TCP and expand telnet. 0:11:38.720000 --> 0:11:45.100000 OK, so here this one right here is from router two going back to router 0:11:45.100000 --> 0:11:48.820000 one. So in this particular case, router two is the telnet server. 0:11:48.820000 --> 0:11:52.880000 It's the one that's responding to the telnet session. 0:11:52.880000 --> 0:11:56.200000 And it's saying, OK, here are some options I'd like to do. 0:11:56.200000 --> 0:11:59.080000 Will, meaning this is what I what I will support. 0:11:59.080000 --> 0:12:00.140000 This is what I will do. 0:12:00.140000 --> 0:12:05.080000 The command will means I will do and the sub command is echo. 0:12:05.080000 --> 0:12:07.140000 What does that mean? 0:12:07.140000 --> 0:12:14.380000 That means that so the server in this particular case, which is the router 0:12:14.380000 --> 0:12:19.240000 router two, by saying echo, he's saying, OK, here's what I'll do. 0:12:19.240000 --> 0:12:25.920000 Whenever you type something to me, I will echo it back to you. 0:12:25.920000 --> 0:12:27.860000 Now, you might think that's kind of redundant. 0:12:27.860000 --> 0:12:28.720000 Why would I do that? 0:12:28.720000 --> 0:12:32.600000 Well, if echo did not happen, let's say echo didn't happen. 0:12:32.600000 --> 0:12:35.600000 When I was here in my telnet session. 0:12:35.600000 --> 0:12:41.140000 OK, when I type I N E. 0:12:41.140000 --> 0:12:47.760000 I N E. Let's say enable. 0:12:47.760000 --> 0:12:51.380000 See how when I typed, I'll expand this a little bit. 0:12:51.380000 --> 0:12:55.060000 How when I typed enable, it actually said enable right here. 0:12:55.060000 --> 0:12:57.240000 This is because it was echoed back to me. 0:12:57.240000 --> 0:13:01.880000 When I typed the E and the N and the A and the B, each character went 0:13:01.880000 --> 0:13:07.180000 to the server, which was R two, and because it had done the echo option, 0:13:07.180000 --> 0:13:12.680000 it echo those commands back, which displayed in my telnet window. 0:13:12.680000 --> 0:13:17.860000 Because by default, the telnet window only shows you what's coming back 0:13:17.860000 --> 0:13:20.020000 to you, not what you're typing in. 0:13:20.020000 --> 0:13:25.680000 What you type in immediately goes out to the destination. 0:13:25.680000 --> 0:13:27.120000 It doesn't display in your window. 0:13:27.120000 --> 0:13:31.560000 If you want to see what you're typing, you need to negotiate the echo 0:13:31.560000 --> 0:13:36.740000 option. So that destination will echo back to you what you've typed. 0:13:36.740000 --> 0:13:39.920000 Otherwise, I wouldn't see what I'm typing. 0:13:39.920000 --> 0:13:44.080000 So we can see here that's one option that was negotiated. 0:13:44.080000 --> 0:13:46.740000 Will suppress go ahead? 0:13:46.740000 --> 0:13:51.040000 What is that? Well, go ahead is actually a character. 0:13:51.040000 --> 0:13:55.540000 It's a character on like the keyboard and it was used back in the days 0:13:55.540000 --> 0:13:57.980000 of half duplex communication. 0:13:57.980000 --> 0:14:01.820000 Back in the days when, for example, you had a dumb terminal connected 0:14:01.820000 --> 0:14:07.940000 to a mainframe and you had a keyboard on that dumb terminal. 0:14:07.940000 --> 0:14:14.300000 Well, in a half duplex environment, at any given time, either the mainframe 0:14:14.300000 --> 0:14:16.500000 could control the keyboard. 0:14:16.500000 --> 0:14:21.000000 In other words, could control what was printed on the monitor or the user, 0:14:21.000000 --> 0:14:25.400000 the dumb terminal could control the keyboard, but not both at the same 0:14:25.400000 --> 0:14:30.440000 time. So back in those days, the go ahead option would be sort of like, 0:14:30.440000 --> 0:14:33.800000 you know, the main frame would send the go ahead character saying, okay, 0:14:33.800000 --> 0:14:35.520000 I'm done with the keyboard. 0:14:35.520000 --> 0:14:36.720000 You can have it back. 0:14:36.720000 --> 0:14:38.600000 You can type something. 0:14:38.600000 --> 0:14:41.900000 Well, Telnet is inherently full duplex. 0:14:41.900000 --> 0:14:48.460000 Um, and so by saying suppress go ahead, that's basically router two's 0:14:48.460000 --> 0:14:50.840000 way of saying, look, you can type in anything anytime you want. 0:14:50.840000 --> 0:14:53.360000 You have full control over the keyboard. 0:14:53.360000 --> 0:14:59.020000 Um, not me. Terminal type. 0:14:59.020000 --> 0:15:01.600000 I'm going to skip that one. 0:15:01.600000 --> 0:15:06.540000 And here is where he's saying, I wanted to go shade the window size. 0:15:06.540000 --> 0:15:09.180000 In other words, the actual size of the Telnet window itself. 0:15:09.180000 --> 0:15:12.060000 How high is it? How wide is it? 0:15:12.060000 --> 0:15:16.400000 So that is the very first Telnet message from router two. 0:15:16.400000 --> 0:15:20.820000 What's the first Telnet message from router one? 0:15:20.820000 --> 0:15:22.700000 He initiated the Telnet. 0:15:22.700000 --> 0:15:27.180000 He also says, okay, let's go ahead and suppress go ahead. 0:15:27.180000 --> 0:15:30.320000 That's good. I want control of the, of the keyboard. 0:15:30.320000 --> 0:15:37.360000 He says, I'm going to negotiate window size and I want to do remote flow 0:15:37.360000 --> 0:15:41.660000 control. Keep going down a little bit here. 0:15:41.660000 --> 0:15:47.360000 So that's router one frame 14 frame 15. 0:15:47.360000 --> 0:15:50.840000 Okay. So here in Telnet, we actually have now data. 0:15:50.840000 --> 0:15:52.300000 No, it's not commands. 0:15:52.300000 --> 0:15:54.560000 It's either command or data. 0:15:54.560000 --> 0:15:55.540000 Now we're doing data. 0:15:55.540000 --> 0:16:00.660000 So this first line of data slash R slash N, that means line break. 0:16:00.660000 --> 0:16:03.520000 So I get, so I've got two lines of line break. 0:16:03.520000 --> 0:16:08.700000 And then the third line says user access verification followed by a line 0:16:08.700000 --> 0:16:11.380000 break. And that's exactly what I see. 0:16:11.380000 --> 0:16:14.840000 If I scroll, if I zoom in here. 0:16:14.840000 --> 0:16:21.720000 You can see once it said open, I had one line of line break, two lines 0:16:21.720000 --> 0:16:28.620000 of line break, user access verification followed by another line break. 0:16:28.620000 --> 0:16:30.360000 And so that's what we see right here. 0:16:30.360000 --> 0:16:31.760000 And then we have the word password. 0:16:31.760000 --> 0:16:46.140000 Now, notice this is all being done in plain text. 0:16:46.140000 --> 0:16:48.480000 And then router one right here. 0:16:48.480000 --> 0:16:51.660000 The other one says I will echo as well. 0:16:51.660000 --> 0:17:01.960000 Terminal type. Okay. 0:17:01.960000 --> 0:17:03.500000 So here in here's an option. 0:17:03.500000 --> 0:17:06.760000 Here's here's a command again, command of negotiate window size. 0:17:06.760000 --> 0:17:10.320000 You can actually see he's saying, okay, here I want the width and the 0:17:10.320000 --> 0:17:13.860000 height. So here's a classic example where we can see within telnet, not 0:17:13.860000 --> 0:17:19.540000 only is the data going across, but information to say what size is the 0:17:19.540000 --> 0:17:21.920000 window going to be. 0:17:21.920000 --> 0:17:24.820000 If we go a little bit further. 0:17:24.820000 --> 0:17:40.500000 Let's try find some data here because I issued the show version command. 0:17:40.500000 --> 0:17:47.920000 Okay. Here's where R2 was giving us a blank line and then its name R2. 0:17:47.920000 --> 0:17:51.460000 So that sort of brings it all together where I mainly want to emphasize 0:17:51.460000 --> 0:17:55.660000 that the telnet is carried over TCP. 0:17:55.660000 --> 0:18:03.940000 It uses TCP port 23 and we can see that right here in the TCP header. 0:18:03.940000 --> 0:18:08.460000 Port 23, depending on the direction, it might be the source or the destination, 0:18:08.460000 --> 0:18:10.940000 depending on what direction the packet is taking. 0:18:10.940000 --> 0:18:15.740000 And within the body of the telnet itself, it carries commands for talking 0:18:15.740000 --> 0:18:19.300000 about how to format the window, how to structure what's going to be echoed 0:18:19.300000 --> 0:18:23.540000 back and how this session is going to look as well as the actual data 0:18:23.540000 --> 0:18:31.740000 itself. So that concludes this video on how telnet works and that concludes 0:18:31.740000 --> 0:18:38.720000 this entire session on understanding common network applications. 0:18:38.720000 --> 0:18:43.560000 And I hope that this session was beneficial to you and you learned some 0:18:43.560000 --> 0:18:48.100000 things from it and good luck on your CCNA journey.