telnet测端口是否开放原理

时间:2022-02-02 15:22:37
[root@centos4 log]# nmap -sS 192.168.43.154
Starting Nmap 6.40 ( http://nmap.org ) at 2018-03-01 13:23 CST
Nmap scan report for centos2 (192.168.43.154)
Host is up (0.0011s latency).
Not shown: 998 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
3306/tcp open  mysql

MAC Address: 00:0C:29:46:5C:93 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds
[root@centos4 log]#


[root@centos4 ~]# telnet 192.168.43.154 1234
Trying 192.168.43.154...
telnet: connect to address 192.168.43.154: Connection refused

[root@centos4 ~]# telnet 192.168.43.154 3306
Trying 192.168.43.154...
Connected to 192.168.43.154.
Escape character is '^]'.
BHost 'centos4' is not allowed to connect to this MariaDB serverConnection closed by foreign host.

[root@centos4 ~]# telnet 192.168.43.154 1234
Trying 192.168.43.154...
telnet: connect to address 192.168.43.154: Connection refused

[root@centos4 ~]#

原理:

Telnet是基于TCP的,默认端口是23。端口承载的服务可以由用户设定。sqlserver的Telnet服务是1433端口

telnet ip port测试目标主机端口是否开放

Telnet工作模式有四种:

1) 半双工:客户端在接收用户输入之前,必须从服务器进程获得GO AHEAD (G A)命令. 现在已很少使用.

2)一次一个字符:客户端把用户输入的每个字符都单独发送给服务器,服务器回显字符给客户端. 是目前大多数Telnet程序的默认方式. SUPPRESS GO AHEAD选项和ECHO选项必须同时有效.

3) 准行方式(kludge line mode): 用户每键入一行信息,客户端向服务器发送一次. 当上面两个选项其中之一无效时采用此模式.

4) 行方式:类似准行方式,纠正了准行方式的缺点. 较新的Telnet程序支持这种方式.


数据包过程概述:

第一步:172.16.1.2发出arp包;172.16.1.3回复arp包;

第二步:用三次握手建立tcp连接

        SYN=1,seq=x;SYN=1,ACK=1,seq=y,ack=x+1;ACK=1,seq=x+1,ack=y+1;

第三步:进行telnet连接的建立,进行远程控制;

第四步:四次握手(两个二次握手)释放tcp连接;

                          1.FIN=1,seq=u;2.ACK=1,seq=v,ack=u+1;2.FIN=1,ACK=1,seq=w,ack=u+1;1.ACK=1,seq=u+1,ack=w+1;

telnet首先要建立tcp连接,才能进一步通过认证建立 Telnet连接

Telnet认证有两种模式:AAA模式,密码模式。
1. 当配置用户界面的认证方式为AAA时,用户登录设备时需要首先输
入登录用户名和密码才能登录。
2. 当配置用户界面的认证方式为password时,用户登录设备时需要首

先输入登录密码才能登录。

只是一个服务建立连接,流程的应用

用ssh测试端口是否开放

尝试用ssh root@192.168.43.154 -p port来测试端口是否开放

[root@centos2 log]# nc -lp 1234
[root@centos2 ~]# netstat -anp | grep 1234
tcp        0      0 0.0.0.0:1234            0.0.0.0:*               LISTEN      2073/nc             
tcp6       0      0 :::1234                 :::*                    LISTEN      2073/nc             
[root@centos2 ~]# 
[root@centos4 log]# nmap -sS 192.168.43.154
Starting Nmap 6.40 ( http://nmap.org ) at 2018-03-01 14:03 CST
Nmap scan report for centos2 (192.168.43.154)
Host is up (0.0010s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
1234/tcp open  hotline
3306/tcp open  mysql
MAC Address: 00:0C:29:46:5C:93 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds
[root@centos4 log]# 
[root@centos4 ~]# ssh root@192.168.43.154 -p 123
ssh: connect to host 192.168.43.154 port 123: Connection refused
[root@centos4 ~]# ssh root@192.168.43.154 -p 12312
ssh: connect to host 192.168.43.154 port 12312: Connection refused
[root@centos4 ~]# ssh root@192.168.43.154 -p 3306
ssh_exchange_identification: Connection closed by remote host
[root@centos4 ~]# ssh root@192.168.43.154 -p 1234
^C
[root@centos4 ~]# ssh root@192.168.43.154 -p 22
root@192.168.43.154's password: 

centos2中开发22,1234,3306端口

测试端口123,12312,3306,1234,22的提示都不一样