Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4596
Views
0
Helpful
2
Replies

What does response "ff fb 01 ff fb 03 ff fd 18 ff fd 1f" from a 2901 ISR mean when setting up a connection to device on one of its serial ports?

terry.Haebich
Level 1
Level 1

‎04-30-2014 06:47 PM - edited ‎03-07-2019 07:17 PM

I have a customer which has a custom serial device connected to an IBM 7318 terminal server which is controlled by a custom application running on a Windows server. We are replacing the IBM 7318 with a Cisco 2901 ISR.

 

When the application sets up the connection to the device we see the following TCP traffic (using Wireshark) on the Cisco 2901

Application (socket 3433)                                          Cisco 2901 (socket 3013)

 SYN                                                      >

                                                               <                      SYN ACK

ACK                                                      >

                                                               <                       PSH ACK  with data "ff fb 01 ff fb 03 ff fd 18 ff fd 1f"

ACK                                                       >

PSH ACK with first application data   >

 

What is the data ff fb 01 ff fb 03 ff fd 18 ff fd 1f as it generated by the Cisco 2901?

Note: this string is not seen on the serial port of the Cisco - the first RS232 bytes seen contain the application command ("69 00 b2 4d" going to the serial device?

 

Thanks,

              Terry

 

Labels:
Preview file
90 KB
0 Helpful
2 Replies 2

vveerubh
Cisco Employee
Cisco Employee

‎05-01-2014 08:36 PM

Hi Terry:

 

This PSH, ACK is sent by TCP Stack.

 

As we're working on the service request, I'm looking into the code and get back to you by Monday EoD.

 

Kind Regards,

 

Ganesh

0 Helpful

terry.Haebich
Level 1
Level 1

‎05-27-2014 05:23 PM

After some web based searching I found the answer:

The customer application is using the  the Network Virtual Terminal (NVT) functionality of the Telnet Protocol (as per  RFC 854) when opening the TCP/IP connection to the serial port of the IBM 7318 and Cisco 2901. The NVT feature of the Telnet Protocol is also used by all telnet programs for setting up and controlling a telnet session.

Telnet Protocol commands overview

All Telnet Protocol commands are sent in the same communication stream as regular data but they are represented using special byte values in the range from decimal 240 (hexadecimal F0) to decimal 254 (hexadecimal FE).

To differentiate between data bytes of these same values and the Telnet Protocol commands, every Telnet Protocol command is preceded by a special escape character which has been given the name Interpret As Command (IAC). IAC has a value of decimal 255 (hexadecimal FF) - when the “recipient” sees this character, it knows the next byte is a command and not data.

If an actual data byte value of FF needs to be sent, to notify the “recipient” that this  byte is a data byte and NOT an IAC, it is sent in the TCP/IP PSH packet as two FF bytes.

As for the ff f% ## responses from the IBM 7318 and Cisco 2901, they are part of the Telnet Protocol handshaking when NVT is setup for that TCP/IP connection:

IBM 7318

ff fb 01      Confirm willingness to negotiate echo (see RFC 855)

ff fb 03      Confirm willingness to negotiate suppress go ahead (see RFC 858)

 

Cisco 2901

ff:fb:01:ff:fb:03:ff:fd:18:ff:fd:1f

ff fb 01      Confirm willingness to negotiate echo (see RFC 857)

ff fb 03      Confirm willingness to negotiate suppress go ahead (see RFC 858)

ff fd 18      Indicate willingness to negotiate terminal Type (see RFC 1091)

ff fd 1f      Indicate willingness to negotiate window size (see RFC 1073)

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card