04-30-2014 06:47 PM - edited 03-07-2019 07:17 PM
I have a customer which has a custom serial device connected to an IBM 7318 terminal server which is controlled by a custom application running on a Windows server. We are replacing the IBM 7318 with a Cisco 2901 ISR.
When the application sets up the connection to the device we see the following TCP traffic (using Wireshark) on the Cisco 2901
Application (socket 3433) Cisco 2901 (socket 3013)
SYN >
< SYN ACK
ACK >
< PSH ACK with data "ff fb 01 ff fb 03 ff fd 18 ff fd 1f"
ACK >
PSH ACK with first application data >
What is the data ff fb 01 ff fb 03 ff fd 18 ff fd 1f as it generated by the Cisco 2901?
Note: this string is not seen on the serial port of the Cisco - the first RS232 bytes seen contain the application command ("69 00 b2 4d" going to the serial device?
Thanks,
Terry
05-01-2014 08:36 PM
Hi Terry:
This PSH, ACK is sent by TCP Stack.
As we're working on the service request, I'm looking into the code and get back to you by Monday EoD.
Kind Regards,
Ganesh
05-27-2014 05:23 PM
After some web based searching I found the answer:
The customer application is using the the Network Virtual Terminal (NVT) functionality of the Telnet Protocol (as per RFC 854) when opening the TCP/IP connection to the serial port of the IBM 7318 and Cisco 2901. The NVT feature of the Telnet Protocol is also used by all telnet programs for setting up and controlling a telnet session.
Telnet Protocol commands overview
All Telnet Protocol commands are sent in the same communication stream as regular data but they are represented using special byte values in the range from decimal 240 (hexadecimal F0) to decimal 254 (hexadecimal FE).
To differentiate between data bytes of these same values and the Telnet Protocol commands, every Telnet Protocol command is preceded by a special escape character which has been given the name Interpret As Command (IAC). IAC has a value of decimal 255 (hexadecimal FF) - when the “recipient” sees this character, it knows the next byte is a command and not data.
If an actual data byte value of FF needs to be sent, to notify the “recipient” that this byte is a data byte and NOT an IAC, it is sent in the TCP/IP PSH packet as two FF bytes.
As for the ff f% ## responses from the IBM 7318 and Cisco 2901, they are part of the Telnet Protocol handshaking when NVT is setup for that TCP/IP connection:
IBM 7318
ff fb 01 Confirm willingness to negotiate echo (see RFC 855)
ff fb 03 Confirm willingness to negotiate suppress go ahead (see RFC 858)
Cisco 2901
ff:fb:01:ff:fb:03:ff:fd:18:ff:fd:1f
ff fb 01 Confirm willingness to negotiate echo (see RFC 857)
ff fb 03 Confirm willingness to negotiate suppress go ahead (see RFC 858)
ff fd 18 Indicate willingness to negotiate terminal Type (see RFC 1091)
ff fd 1f Indicate willingness to negotiate window size (see RFC 1073)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide