Starting Nmap 6.40 ( http://nmap.org ) at 2018-03-01 13:23 CST
Nmap scan report for centos2 (192.168.43.154)
Host is up (0.0011s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
3306/tcp open mysql
MAC Address: 00:0C:29:46:5C:93 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds
[root@centos4 log]#
[root@centos4 ~]# telnet 192.168.43.154 1234
Trying 192.168.43.154...
telnet: connect to address 192.168.43.154: Connection refused
[root@centos4 ~]# telnet 192.168.43.154 3306
Trying 192.168.43.154...
Connected to 192.168.43.154.
Escape character is '^]'.
BHost 'centos4' is not allowed to connect to this MariaDB serverConnection closed by foreign host.
[root@centos4 ~]# telnet 192.168.43.154 1234
Trying 192.168.43.154...
telnet: connect to address 192.168.43.154: Connection refused
[root@centos4 ~]#
原理:
Telnet是基于TCP的,默认端口是23。端口承载的服务可以由用户设定。sqlserver的Telnet服务是1433端口
telnet ip port测试目标主机端口是否开放
Telnet工作模式有四种:
1) 半双工:客户端在接收用户输入之前,必须从服务器进程获得GO AHEAD (G A)命令. 现在已很少使用.
2)一次一个字符:客户端把用户输入的每个字符都单独发送给服务器,服务器回显字符给客户端. 是目前大多数Telnet程序的默认方式. SUPPRESS GO AHEAD选项和ECHO选项必须同时有效.
3) 准行方式(kludge line mode): 用户每键入一行信息,客户端向服务器发送一次. 当上面两个选项其中之一无效时采用此模式.
4) 行方式:类似准行方式,纠正了准行方式的缺点. 较新的Telnet程序支持这种方式.
数据包过程概述:
第一步:172.16.1.2发出arp包;172.16.1.3回复arp包;
第二步:用三次握手建立tcp连接;
SYN=1,seq=x;SYN=1,ACK=1,seq=y,ack=x+1;ACK=1,seq=x+1,ack=y+1;
第三步:进行telnet连接的建立,进行远程控制;
第四步:四次握手(两个二次握手)释放tcp连接;
1.FIN=1,seq=u;2.ACK=1,seq=v,ack=u+1;2.FIN=1,ACK=1,seq=w,ack=u+1;1.ACK=1,seq=u+1,ack=w+1;
telnet首先要建立tcp连接,才能进一步通过认证建立 Telnet连接
Telnet认证有两种模式:AAA模式,密码模式。
1. 当配置用户界面的认证方式为AAA时,用户登录设备时需要首先输
入登录用户名和密码才能登录。
2. 当配置用户界面的认证方式为password时,用户登录设备时需要首
先输入登录密码才能登录。
只是一个服务建立连接,流程的应用
用ssh测试端口是否开放
尝试用ssh root@192.168.43.154 -p port来测试端口是否开放
[root@centos2 log]# nc -lp 1234
[root@centos2 ~]# netstat -anp | grep 1234 tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN 2073/nc tcp6 0 0 :::1234 :::* LISTEN 2073/nc [root@centos2 ~]#
[root@centos4 log]# nmap -sS 192.168.43.154 Starting Nmap 6.40 ( http://nmap.org ) at 2018-03-01 14:03 CST Nmap scan report for centos2 (192.168.43.154) Host is up (0.0010s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 1234/tcp open hotline 3306/tcp open mysql MAC Address: 00:0C:29:46:5C:93 (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds [root@centos4 log]#
[root@centos4 ~]# ssh root@192.168.43.154 -p 123 ssh: connect to host 192.168.43.154 port 123: Connection refused [root@centos4 ~]# ssh root@192.168.43.154 -p 12312 ssh: connect to host 192.168.43.154 port 12312: Connection refused [root@centos4 ~]# ssh root@192.168.43.154 -p 3306 ssh_exchange_identification: Connection closed by remote host [root@centos4 ~]# ssh root@192.168.43.154 -p 1234 ^C [root@centos4 ~]# ssh root@192.168.43.154 -p 22 root@192.168.43.154's password:
centos2中开发22,1234,3306端口
测试端口123,12312,3306,1234,22的提示都不一样