https://community.cisco.com/t5/network-security/reverse-telnet-sessions-are-using-not-telnet-protocol/m-p/1969036#M935112 <P>Hello guys.</P><P></P><P>I want to sniff reverse telnet sessions, and see in the logs, if someone tried to break the device.</P><P></P><P>That's really interesting what I found today. There is a few captures from wireshark.</P><P></P><P>When we are using port 23 for telnet connection, everything is as we want to, we can see the commands in clear-text format:</P><P></P><P><IMG src="https://community.cisco.com/legacyfs/online/legacy/6/8/5/90586-telnet1.jpg" alt="telnet1.jpg" class="jive-image-thumbnail jive-image" width="450" /></P><P>When we try to connect to another device via reverse telnet, ( port 2011 in my example) we can see that we are using just TCP protocol, and we can't see any clear-text data:</P><P></P><P><IMG src="https://community.cisco.com/legacyfs/online/legacy/7/8/5/90587-telnet2.jpg" alt="telnet2.jpg" class="jive-image-thumbnail jive-image" width="450" /></P><P></P><P>So Experts,</P><P></P><P>Is there a way to configure and use these ports as basic telnet session? <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN> I need to see some clear-text there<SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P><P></P><P>Maybe if I can't sniff these reverse-telnet sessions, there is a method to log somehow, reverse-telnet lines (tty lines) ?</P> Fri, 21 Feb 2020 12:39:52 GMT EvaldasOu 2020-02-21T12:39:52Z https://community.cisco.com/t5/network-security/reverse-telnet-sessions-are-using-not-telnet-protocol/m-p/1969036#M935112 <P>Hello guys.</P><P></P><P>I want to sniff reverse telnet sessions, and see in the logs, if someone tried to break the device.</P><P></P><P>That's really interesting what I found today. There is a few captures from wireshark.</P><P></P><P>When we are using port 23 for telnet connection, everything is as we want to, we can see the commands in clear-text format:</P><P></P><P><IMG src="https://community.cisco.com/legacyfs/online/legacy/6/8/5/90586-telnet1.jpg" alt="telnet1.jpg" class="jive-image-thumbnail jive-image" width="450" /></P><P>When we try to connect to another device via reverse telnet, ( port 2011 in my example) we can see that we are using just TCP protocol, and we can't see any clear-text data:</P><P></P><P><IMG src="https://community.cisco.com/legacyfs/online/legacy/7/8/5/90587-telnet2.jpg" alt="telnet2.jpg" class="jive-image-thumbnail jive-image" width="450" /></P><P></P><P>So Experts,</P><P></P><P>Is there a way to configure and use these ports as basic telnet session? <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN> I need to see some clear-text there<SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P><P></P><P>Maybe if I can't sniff these reverse-telnet sessions, there is a method to log somehow, reverse-telnet lines (tty lines) ?</P> Fri, 21 Feb 2020 12:39:52 GMT https://community.cisco.com/t5/network-security/reverse-telnet-sessions-are-using-not-telnet-protocol/m-p/1969036#M935112 EvaldasOu 2020-02-21T12:39:52Z https://community.cisco.com/t5/network-security/reverse-telnet-sessions-are-using-not-telnet-protocol/m-p/1969037#M935113 <HTML><HEAD></HEAD><BODY><P>Nothing to add? <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Sat, 23 Jun 2012 13:07:02 GMT https://community.cisco.com/t5/network-security/reverse-telnet-sessions-are-using-not-telnet-protocol/m-p/1969037#M935113 EvaldasOu 2012-06-23T13:07:02Z