🚋

ネットワークの観察 - 第4回 telnetを解析する

に公開
Docker
Network
telnet
tech

はじめに

telnetの接続はどのようになっているのでしょうか?今回はwiresharkを使用して確認してみます。

マシンスペック

MacBook Air M2 arm64
Docker上で実施

準備

wiresharkのインストール

brew install --cask wireshark

ファイル構成

telnet_lab/
├── docker-compose.yml
├── server/
   └── Dockerfile
└── client/
    └── Dockerfile

サーバ側のDockerfile(server/Dockerfile)

FROM ubuntu:24.04
ENV DEBIAN_FRONTEND=noninteractive

# telnetd(=inetutils-telnetd) と xinetd, デバッグ用ツールをまとめてインストール
RUN apt-get update && apt-get install -y \
    xinetd inetutils-telnetd tcpdump iproute2 procps vim net-tools \
 && useradd -m test && echo 'test:test' | chpasswd

# xinetd の設定
RUN cat >/etc/xinetd.conf <<'EOF'
defaults
{
    log_type        = FILE /dev/stdout
    log_on_failure  = HOST
    log_on_success  = PID HOST DURATION EXIT
}

includedir /etc/xinetd.d
EOF

# telnet サービス定義
RUN cat >/etc/xinetd.d/telnet <<'EOF'
service telnet
{
    disable         = no
    socket_type     = stream
    protocol        = tcp
    wait            = no
    user            = root
    server          = /usr/sbin/telnetd
    server_args     = -D
    log_on_success  = PID HOST DURATION EXIT
    log_on_failure  = HOST
    port            = 23
    bind            = 0.0.0.0
}
EOF

CMD ["/usr/sbin/xinetd", "-dontfork", "-stayalive"]

クライアント側のDockerfile(client/Dockerfile)

FROM alpine:3.20
RUN apk add --no-cache busybox-extras bash
CMD ["sleep", "infinity"]

docker-compose.yml

version: "3.9"
services:
  telnet-server:
    build: ./server
    container_name: telnet-server
    hostname: telnet-server
    ports:
      - "23:23"
    networks:
      telnet-net:
        ipv4_address: 172.28.0.2

  telnet-client:
    build: ./client
    container_name: telnet-client
    hostname: telnet-client
    stdin_open: true
    tty: true
    networks:
      telnet-net:
        ipv4_address: 172.28.0.3

networks:
  telnet-net:
    driver: bridge
    ipam:
      config:
        - subnet: 172.28.0.0/24

Dockerビルド・起動

docker compose build
docker compose up -d

実験

telnetサーバでキャプチャ開始

docker exec -d telnet-server tcpdump -i any -w /tmp/telnet_capture.pcap port 23

クライアントコンテナ内に入り、telnet接続実施

docker exec -it telnet-client bash
# ログイン情報:
# - Login: test
# - Password: test

ログイン後、以下のコマンドを実行

echo "Telnet is insecure"
whoami
exit

キャプチャ終了とpcap取得(ローカルにコピー)

telnet-serverのtcpdump停止

docker exec telnet-server pkill tcpdump
docker cp telnet-server:/tmp/telnet_capture.pcap ./telnet_capture.pcap

結果

データ

1	0.000000	172.28.0.3	172.28.0.2	TCP	80	59842 → 23 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM TSval=2850824677 TSecr=0 WS=128
2	0.000007	172.28.0.2	172.28.0.3	TCP	80	23 → 59842 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM TSval=1328073302 TSecr=2850824677 WS=128
3	0.000014	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=2850824677 TSecr=1328073302
4	0.001855	172.28.0.2	172.28.0.3	TELNET	93	Will Authentication Option, Will Encryption Option, Do Terminal Type, Do Terminal Speed, Do X Display Location, …
5	0.001867	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=1 Ack=22 Win=64256 Len=0 TSval=2850824679 TSecr=1328073304
6	0.001886	172.28.0.3	172.28.0.2	TELNET	93	Don't Authentication Option, Don't Encryption Option, Will Terminal Type, Won't Terminal Speed, Won't X Display Location, …
7	0.001891	172.28.0.2	172.28.0.3	TCP	72	23 → 59842 [ACK] Seq=22 Ack=22 Win=65280 Len=0 TSval=1328073304 TSecr=2850824679
8	0.001931	172.28.0.2	172.28.0.3	TELNET	78	Suboption Terminal Type
9	0.001954	172.28.0.3	172.28.0.2	TELNET	83	Suboption Terminal Type
10	0.002344	172.28.0.2	172.28.0.3	TELNET	90	Will Suppress Go Ahead, Do Echo, Do Linemode, Do Negotiate About Window Size, Will Status, …
11	0.002379	172.28.0.3	172.28.0.2	TELNET	99	Do Suppress Go Ahead, Won't Echo, Won't Linemode, Will Negotiate About Window Size, Suboption Negotiate About Window Size, …
12	0.002456	172.28.0.2	172.28.0.3	TELNET	81	Will Echo, Do Timing Mark, Do Binary Transmission
13	0.002496	172.28.0.3	172.28.0.2	TELNET	81	Do Echo, Won't Timing Mark, Won't Binary Transmission
14	0.002498	172.28.0.2	172.28.0.3	TELNET	123	51 bytes data
15	0.043843	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=69 Ack=106 Win=64256 Len=0 TSval=2850824721 TSecr=1328073305
16	0.043852	172.28.0.2	172.28.0.3	TELNET	93	21 bytes data
17	0.043860	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=69 Ack=127 Win=64256 Len=0 TSval=2850824721 TSecr=1328073346
18	6.195930	172.28.0.3	172.28.0.2	TELNET	73	1 byte data
19	6.196740	172.28.0.2	172.28.0.3	TELNET	73	1 byte data
20	6.196799	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=70 Ack=128 Win=64256 Len=0 TSval=2850830874 TSecr=1328079499
21	6.253381	172.28.0.3	172.28.0.2	TELNET	73	1 byte data
22	6.253951	172.28.0.2	172.28.0.3	TELNET	73	1 byte data
23	6.254020	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=71 Ack=129 Win=64256 Len=0 TSval=2850830931 TSecr=1328079556
24	6.437909	172.28.0.3	172.28.0.2	TELNET	73	1 byte data
25	6.438677	172.28.0.2	172.28.0.3	TELNET	73	1 byte data
26	6.438757	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=72 Ack=130 Win=64256 Len=0 TSval=2850831116 TSecr=1328079741
27	6.532660	172.28.0.3	172.28.0.2	TELNET	73	1 byte data
28	6.533392	172.28.0.2	172.28.0.3	TELNET	73	1 byte data
29	6.533446	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=73 Ack=131 Win=64256 Len=0 TSval=2850831211 TSecr=1328079836
30	6.799379	172.28.0.3	172.28.0.2	TELNET	74	2 bytes data
31	6.800019	172.28.0.2	172.28.0.3	TELNET	74	2 bytes data
32	6.800067	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=75 Ack=133 Win=64256 Len=0 TSval=2850831477 TSecr=1328080102
33	6.800943	172.28.0.2	172.28.0.3	TELNET	82	10 bytes data
34	6.800985	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=75 Ack=143 Win=64256 Len=0 TSval=2850831478 TSecr=1328080103
35	7.648872	172.28.0.3	172.28.0.2	TELNET	73	1 byte data
36	7.690824	172.28.0.2	172.28.0.3	TCP	72	23 → 59842 [ACK] Seq=143 Ack=76 Win=65280 Len=0 TSval=1328080993 TSecr=2850832326
37	7.699621	172.28.0.3	172.28.0.2	TELNET	73	1 byte data
38	7.699645	172.28.0.2	172.28.0.3	TCP	72	23 → 59842 [ACK] Seq=143 Ack=77 Win=65280 Len=0 TSval=1328081002 TSecr=2850832377
39	7.879271	172.28.0.3	172.28.0.2	TELNET	73	1 byte data
40	7.879304	172.28.0.2	172.28.0.3	TCP	72	23 → 59842 [ACK] Seq=143 Ack=78 Win=65280 Len=0 TSval=1328081182 TSecr=2850832556
41	7.937058	172.28.0.3	172.28.0.2	TELNET	73	1 byte data
42	7.937103	172.28.0.2	172.28.0.3	TCP	72	23 → 59842 [ACK] Seq=143 Ack=79 Win=65280 Len=0 TSval=1328081239 TSecr=2850832614
43	8.189951	172.28.0.3	172.28.0.2	TELNET	74	2 bytes data
44	8.189985	172.28.0.2	172.28.0.3	TCP	72	23 → 59842 [ACK] Seq=143 Ack=81 Win=65280 Len=0 TSval=1328081492 TSecr=2850832867
45	8.190555	172.28.0.2	172.28.0.3	TELNET	74	2 bytes data
46	8.190592	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=81 Ack=145 Win=64256 Len=0 TSval=2850832868 TSecr=1328081493
47	8.243434	172.28.0.2	172.28.0.3	TELNET	476	404 bytes data
48	8.243475	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=81 Ack=549 Win=64128 Len=0 TSval=2850832921 TSecr=1328081546
49	8.244553	172.28.0.2	172.28.0.3	TELNET	347	275 bytes data
50	8.244571	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=81 Ack=824 Win=64128 Len=0 TSval=2850832922 TSecr=1328081547
51	8.247270	172.28.0.2	172.28.0.3	TELNET	74	2 bytes data
52	8.247285	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=81 Ack=826 Win=64128 Len=0 TSval=2850832925 TSecr=1328081550
53	26.388520	172.28.0.3	172.28.0.2	TELNET	97	25 bytes data
54	26.390102	172.28.0.2	172.28.0.3	TELNET	97	25 bytes data
55	26.390149	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=106 Ack=851 Win=64128 Len=0 TSval=2850851068 TSecr=1328099693
56	26.600380	172.28.0.3	172.28.0.2	TELNET	74	2 bytes data
57	26.600889	172.28.0.2	172.28.0.3	TELNET	74	2 bytes data
58	26.600940	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=108 Ack=853 Win=64128 Len=0 TSval=2850851279 TSecr=1328099904
59	26.601173	172.28.0.2	172.28.0.3	TELNET	94	22 bytes data
60	26.601197	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=108 Ack=875 Win=64128 Len=0 TSval=2850851279 TSecr=1328099904
61	30.287610	172.28.0.3	172.28.0.2	TELNET	78	6 bytes data
62	30.288254	172.28.0.2	172.28.0.3	TELNET	78	6 bytes data
63	30.288309	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=114 Ack=881 Win=64128 Len=0 TSval=2850854966 TSecr=1328103591
64	30.423441	172.28.0.3	172.28.0.2	TELNET	74	2 bytes data
65	30.423934	172.28.0.2	172.28.0.3	TELNET	74	2 bytes data
66	30.423987	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=116 Ack=883 Win=64128 Len=0 TSval=2850855102 TSecr=1328103727
67	30.426871	172.28.0.2	172.28.0.3	TELNET	78	6 bytes data
68	30.426924	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=116 Ack=889 Win=64128 Len=0 TSval=2850855105 TSecr=1328103730
69	30.426977	172.28.0.2	172.28.0.3	TELNET	74	2 bytes data
70	30.426993	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=116 Ack=891 Win=64128 Len=0 TSval=2850855105 TSecr=1328103730
71	33.540352	172.28.0.3	172.28.0.2	TELNET	76	4 bytes data
72	33.541146	172.28.0.2	172.28.0.3	TELNET	76	4 bytes data
73	33.541209	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=120 Ack=895 Win=64128 Len=0 TSval=2850858219 TSecr=1328106844
74	33.669809	172.28.0.3	172.28.0.2	TELNET	74	2 bytes data
75	33.670270	172.28.0.2	172.28.0.3	TELNET	74	2 bytes data
76	33.670318	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [ACK] Seq=122 Ack=897 Win=64128 Len=0 TSval=2850858348 TSecr=1328106973
77	33.672475	172.28.0.2	172.28.0.3	TCP	72	23 → 59842 [FIN, ACK] Seq=897 Ack=122 Win=65280 Len=0 TSval=1328106975 TSecr=2850858348
78	33.672689	172.28.0.3	172.28.0.2	TCP	72	59842 → 23 [FIN, ACK] Seq=122 Ack=898 Win=64128 Len=0 TSval=2850858351 TSecr=1328106975
79	33.672698	172.28.0.2	172.28.0.3	TCP	72	23 → 59842 [ACK] Seq=898 Ack=123 Win=65280 Len=0 TSval=1328106976 TSecr=2850858351

まとめ

区間 フェーズ 何が起きているか
1–3 TCP 3-way handshake SYN/SYN-ACK/ACK で接続確立
4–13 Telnet オプション交渉 WILL/DO/WON'T/DON'T、TTYPE/NAWS などのネゴシエーション
14–20 初期プロンプト/ログイン前制御 暗黙のbannerやloginプロンプト配信、ACK応答
21–52 入力・エコー・画面描画のやり取り 1〜数byte単位の入力/エコー、404B/275B 等は画面全体表示(motd 等)
53–76 追加入力と応答 小さな入力と応答が継続
77–79 TCP FIN/ACK で切断 サーバ→FIN、クライアント→FIN、ACKで終了

Discussion