• identifing tcp codes

    From Hul Tytus@110:110/2002 to All on Fri Jun 20 06:35:31 2014
    comp.os.linux.networking
    identifing tcp codes

    I've been looking through several versions of tcp source trying to identify
    the 2 byte codes in the data sections of some tcp packets. These are typically 0xff 0xfd, 0xff 0xfe, 0xff 0xfb, etc and appear to identify the data segment in some cases and perform some apparantly indepent purpose in others.
    The packets shown below, which show these codes, start with a 4 byte ppp
    header, then a 5 word (32 bit) ip header. In the second line is the tcp header with the data included. If a byte in the data segment is in the range 0x20 - 0x7? (z), the ascii charactor is shown.
    The last packet shows a minix system sending what I'm guessing to be an
    announcement of it's "minix" terminal. 0xff 0xf0 is a code for terminal announcements?.
    Anyone know the common name for these codes, or, even better, where they are
    identified?

    Hul


    ____________________________________________________________________
    RECIEVE *** ack push data included
    FF 03 00 21 45 48 00 3A 00 00 40 00 33 06 36 45 A6 54 01 02 48 FB 20 E0 00 17 80 00 2E 4D 96 3C 01 07 36 D4 50 18 83 2C 37 89 00 00 FF FB 26 FF FD 18 FF FD 20 FF FD # FF FD ' FF FD $ 8A 81
    SEND *** ack
    FF 03 00 21 45 00 00 28 00 05 00 00 40 06 69 9A 48 FB 20 E0 A6 54 01 02 80 00 00 17 01 07 36 D4 2E 4D 96 4E 50 10 1F EB 02 2A 00 00 2E B5
    SEND *** ack push data included
    FF 03 00 21 45 00 00 2B 00 06 00 00 40 06 69 96 48 FB 20 E0 A6 54 01 02 80 00 00 17 01 07 36 D4 2E 4D 96 4E 50 18 1F EB DC 1F 00 00 FF FE 26 D5 AE
    RECIEVE *** ack
    FF 03 00 21 45 48 00 28 00 00 40 00 33 06 36 57 A6 54 01 02 48 FB 20 E0 00 17 80 00 2E 4D 96 4E 01 07 36 D4 50 10 83 2C 9E E8 00 00 75 B6
    RECIEVE *** ack to ack or not to ack...
    FF 03 00 21 45 48 00 28 00 00 40 00 33 06 36 57 A6 54 01 02 48 FB 20 E0 00 17 80 00 2E 4D 96 4E 01 07 36 D7 50 10 83 2C 9E E5 00 00 0D 9F
    SEND *** ack push data included
    FF 03 00 21 45 00 00 37 00 07 00 00 40 06 69 89 48 FB 20 E0 A6 54 01 02 80 00 00 17 01 07 36 D7 2E 4D 96 4E 50 18 1F EB A8 D2 00 00 FF FB 18 FF FC 20 FF FC # FF FC ' FF FC $ 1B h
    RECIEVE *** ack push data included
    FF 03 00 21 45 48 00 2E 00 00 40 00 33 06 36 51 A6 54 01 02 48 FB 20 E0 00 17 80 00 2E 4D 96 4E 01 07 36 E6 50 18 83 2C 86 DB 00 00 FF FA 18 01 FF F0 14 h
    SEND *** ack
    FF 03 00 21 45 00 00 28 00 08 00 00 40 06 69 97 48 FB 20 E0 A6 54 01 02 80 00 00 17 01 07 36 E6 2E 4D 96 54 50 10 1F E5 02 18 00 00 22 BC
    SEND *** ack push data included
    FF 03 00 21 45 00 00 2C 00 09 00 00 40 06 69 92 48 FB 20 E0 A6 54 01 02 80 00 00 17 01 07 36 E6 2E 4D 96 54 50 18 1F E5 EA 10 00 00 FF FA 18 00 A0 ;
    RECIEVE *** ack
    FF 03 00 21 45 48 00 28 00 00 40 00 33 06 36 57 A6 54 01 02 48 FB 20 E0 00 17 80 00 2E 4D 96 54 01 07 36 EA 50 10 83 2C 9E CC 00 00 B5 79
    SEND *** ack push data included
    FF 03 00 21 45 00 00 30 00 0A 00 00 40 06 69 8D 48 FB 20 E0 A6 54 01 02 80 00 00 17 01 07 36 EA 2E 4D 96 54 50 18 1F E5 AE 3F 00 00 m i n i x
    00 FF F0 E9 ;

    --- MBSE BBS v1.0.1 (GNU/Linux-i386)
    * Origin: PANIX Public Access Internet and UNIX, NYC (110:110/2002@linuxnet)
  • From Tauno Voipio@110:110/2002 to All on Fri Jun 20 08:48:44 2014
    On 20.6.14 09:35, Hul Tytus wrote:
    comp.os.linux.networking
    identifing tcp codes

    I've been looking through several versions of tcp source trying to identify
    the 2 byte codes in the data sections of some tcp packets. These are typically 0xff 0xfd, 0xff 0xfe, 0xff 0xfb, etc and appear to identify the data segment in some cases and perform some apparantly indepent purpose in others.
    The packets shown below, which show these codes, start with a 4 byte ppp
    header, then a 5 word (32 bit) ip header. In the second line is the tcp header with the data included. If a byte in the data segment is in the range 0x20 - 0x7? (z), the ascii charactor is shown.
    The last packet shows a minix system sending what I'm guessing to be an
    announcement of it's "minix" terminal. 0xff 0xf0 is a code for terminal announcements?.
    Anyone know the common name for these codes, or, even better, where they
    are identified?

    Hul


    ____________________________________________________________________
    RECIEVE *** ack push data included
    FF 03 00 21 45 48 00 3A 00 00 40 00 33 06 36 45 A6 54 01 02 48 FB 20 E0 00 17 80 00 2E 4D 96 3C 01 07 36 D4 50 18 83 2C 37 89 00 00 FF FB 26 FF FD 18 FF FD 20 FF FD # FF FD ' FF FD $ 8A 81
    SEND *** ack
    FF 03 00 21 45 00 00 28 00 05 00 00 40 06 69 9A 48 FB 20 E0 A6 54 01 02 80 00 00 17 01 07 36 D4 2E 4D 96 4E 50 10 1F EB 02 2A 00 00 2E B5
    SEND *** ack push data included
    FF 03 00 21 45 00 00 2B 00 06 00 00 40 06 69 96 48 FB 20 E0 A6 54 01 02 80 00 00 17 01 07 36 D4 2E 4D 96 4E 50 18 1F EB DC 1F 00 00 FF FE 26 D5 AE
    RECIEVE *** ack
    FF 03 00 21 45 48 00 28 00 00 40 00 33 06 36 57 A6 54 01 02 48 FB 20 E0 00 17 80 00 2E 4D 96 4E 01 07 36 D4 50 10 83 2C 9E E8 00 00 75 B6
    RECIEVE *** ack to ack or not to ack...
    FF 03 00 21 45 48 00 28 00 00 40 00 33 06 36 57 A6 54 01 02 48 FB 20 E0 00 17 80 00 2E 4D 96 4E 01 07 36 D7 50 10 83 2C 9E E5 00 00 0D 9F
    SEND *** ack push data included
    FF 03 00 21 45 00 00 37 00 07 00 00 40 06 69 89 48 FB 20 E0 A6 54 01 02 80 00 00 17 01 07 36 D7 2E 4D 96 4E 50 18 1F EB A8 D2 00 00 FF FB 18 FF FC 20 FF FC # FF FC ' FF FC $ 1B h
    RECIEVE *** ack push data included
    FF 03 00 21 45 48 00 2E 00 00 40 00 33 06 36 51 A6 54 01 02 48 FB 20 E0 00 17 80 00 2E 4D 96 4E 01 07 36 E6 50 18 83 2C 86 DB 00 00 FF FA 18 01 FF F0 14 h
    SEND *** ack
    FF 03 00 21 45 00 00 28 00 08 00 00 40 06 69 97 48 FB 20 E0 A6 54 01 02 80 00 00 17 01 07 36 E6 2E 4D 96 54 50 10 1F E5 02 18 00 00 22 BC
    SEND *** ack push data included
    FF 03 00 21 45 00 00 2C 00 09 00 00 40 06 69 92 48 FB 20 E0 A6 54 01 02 80 00 00 17 01 07 36 E6 2E 4D 96 54 50 18 1F E5 EA 10 00 00 FF FA 18 00 A0 ;
    RECIEVE *** ack
    FF 03 00 21 45 48 00 28 00 00 40 00 33 06 36 57 A6 54 01 02 48 FB 20 E0 00 17 80 00 2E 4D 96 54 01 07 36 EA 50 10 83 2C 9E CC 00 00 B5 79
    SEND *** ack push data included
    FF 03 00 21 45 00 00 30 00 0A 00 00 40 06 69 8D 48 FB 20 E0 A6 54 01 02 80 00 00 17 01 07 36 EA 2E 4D 96 54 50 18 1F E5 AE 3F 00 00 m i n i x 00 FF F0 E9 ;


    Are you using a Telnet client or server?

    The sequences seem to be Telnet control sequences, see
    RFC 854 <http://tools.ietf.org/html/rfc854>.

    --

    Tauno Voipio



    --- MBSE BBS v1.0.1 (GNU/Linux-i386)
    * Origin: A noiseless patient Spider (110:110/2002@linuxnet)
  • From Hul Tytus@110:110/2002 to All on Fri Jun 20 15:46:19 2014
    Tauno - it is indeed telnet. I was anticipating more chit/chat between the
    tcp sections and your pointing to telnet put me on the right track -
    thanks.

    Hul

    Tauno Voipio <tauno.voipio@notused.fi.invalid> wrote:
    On 20.6.14 09:35, Hul Tytus wrote:
    comp.os.linux.networking
    identifing tcp codes

    I've been looking through several versions of tcp source trying to
    identify the 2 byte codes in the data sections of some tcp packets. These are typically 0xff 0xfd, 0xff 0xfe, 0xff 0xfb, etc and appear to identify the data segment in some cases and perform some apparantly indepent purpose in others.
    The packets shown below, which show these codes, start with a 4 byte
    ppp header, then a 5 word (32 bit) ip header. In the second line is the tcp header with the data included. If a byte in the data segment is in the range 0x20 - 0x7? (z), the ascii charactor is shown.
    The last packet shows a minix system sending what I'm guessing to be
    an announcement of it's "minix" terminal. 0xff 0xf0 is a code for terminal announcements?.
    Anyone know the common name for these codes, or, even better, where
    they are identified?

    Hul


    ____________________________________________________________________
    RECIEVE *** ack push data included
    FF 03 00 21 45 48 00 3A 00 00 40 00 33 06 36 45 A6 54 01 02 48 FB 20
    E0
    00 17 80 00 2E 4D 96 3C 01 07 36 D4 50 18 83 2C 37 89 00 00 FF FB 26
    FF
    FD 18 FF FD 20 FF FD # FF FD ' FF FD $ 8A 81
    SEND *** ack
    FF 03 00 21 45 00 00 28 00 05 00 00 40 06 69 9A 48 FB 20 E0 A6 54 01
    02
    80 00 00 17 01 07 36 D4 2E 4D 96 4E 50 10 1F EB 02 2A 00 00 2E B5
    SEND *** ack push data included
    FF 03 00 21 45 00 00 2B 00 06 00 00 40 06 69 96 48 FB 20 E0 A6 54 01
    02
    80 00 00 17 01 07 36 D4 2E 4D 96 4E 50 18 1F EB DC 1F 00 00 FF FE 26
    D5
    AE
    RECIEVE *** ack
    FF 03 00 21 45 48 00 28 00 00 40 00 33 06 36 57 A6 54 01 02 48 FB 20
    E0
    00 17 80 00 2E 4D 96 4E 01 07 36 D4 50 10 83 2C 9E E8 00 00 75 B6
    RECIEVE *** ack to ack or not to ack...
    FF 03 00 21 45 48 00 28 00 00 40 00 33 06 36 57 A6 54 01 02 48 FB 20
    E0
    00 17 80 00 2E 4D 96 4E 01 07 36 D7 50 10 83 2C 9E E5 00 00 0D 9F
    SEND *** ack push data included
    FF 03 00 21 45 00 00 37 00 07 00 00 40 06 69 89 48 FB 20 E0 A6 54 01
    02
    80 00 00 17 01 07 36 D7 2E 4D 96 4E 50 18 1F EB A8 D2 00 00 FF FB 18
    FF
    FC 20 FF FC # FF FC ' FF FC $ 1B h
    RECIEVE *** ack push data included
    FF 03 00 21 45 48 00 2E 00 00 40 00 33 06 36 51 A6 54 01 02 48 FB 20
    E0
    00 17 80 00 2E 4D 96 4E 01 07 36 E6 50 18 83 2C 86 DB 00 00 FF FA 18
    01
    FF F0 14 h
    SEND *** ack
    FF 03 00 21 45 00 00 28 00 08 00 00 40 06 69 97 48 FB 20 E0 A6 54 01
    02
    80 00 00 17 01 07 36 E6 2E 4D 96 54 50 10 1F E5 02 18 00 00 22 BC
    SEND *** ack push data included
    FF 03 00 21 45 00 00 2C 00 09 00 00 40 06 69 92 48 FB 20 E0 A6 54 01
    02
    80 00 00 17 01 07 36 E6 2E 4D 96 54 50 18 1F E5 EA 10 00 00 FF FA 18
    00
    A0 ;
    RECIEVE *** ack
    FF 03 00 21 45 48 00 28 00 00 40 00 33 06 36 57 A6 54 01 02 48 FB 20
    E0
    00 17 80 00 2E 4D 96 54 01 07 36 EA 50 10 83 2C 9E CC 00 00 B5 79
    SEND *** ack push data included
    FF 03 00 21 45 00 00 30 00 0A 00 00 40 06 69 8D 48 FB 20 E0 A6 54 01
    02
    80 00 00 17 01 07 36 EA 2E 4D 96 54 50 18 1F E5 AE 3F 00 00 m i n i 00 FF F0 E9 ;


    Are you using a Telnet client or server?

    The sequences seem to be Telnet control sequences, see
    RFC 854 <http://tools.ietf.org/html/rfc854>.

    --

    Tauno Voipio



    --- MBSE BBS v1.0.1 (GNU/Linux-i386)
    * Origin: PANIX Public Access Internet and UNIX, NYC (110:110/2002@linuxnet)