TELNET 协议初探

根据RFC相关标准，使用TELNET协议通讯的计算机系统必须遵守相关的标准，以便与其他TELNET通讯系统对接。协议规范参考RFC 854: Telnet Protocol Specification (rfc-editor.org)

一. python3中的实现

在python3中，有相应的库telnetlib3，该库以python源码形式提供，实现了telnet客户端程序(支持Stand-Up Protocol Dialect(SUPDUP)扩展子协议，用于传输大块数据)。如果想要详细研究telnet，打算用c/c++手动实现的话，可以进行参考(telnetlib3 · PyPI)。

r"""TELNET client class.Based on RFC 854: TELNET Protocol Specification, by J. Postel and
J. ReynoldsExample:>>> from telnetlib import Telnet
>>> tn = Telnet('www.python.org', 79)   # connect to finger port
>>> tn.write(b'guido\r\n')
>>> print(tn.read_all())
Login       Name               TTY         Idle    When    Where
guido    Guido van Rossum      pts/2        <Dec  2 11:10> snag.cnri.reston..>>>Note that read_all() won't read until eof -- it just reads some data
-- but it guarantees to read at least one byte unless EOF is hit.It is possible to pass a Telnet object to a selector in order to wait until
more data is available.  Note that in this case, read_eager() may return b''
even if there was data on the socket, because the protocol negotiation may have
eaten the data.  This is why EOFError is needed in some cases to distinguish
between "no data" and "connection closed" (since the socket also appears ready
for reading when it is closed).To do:
- option negotiation
- timeout should be intrinsic to the connection object instead of anoption on one of the read calls only"""# Imported modules
import sys
import socket
import selectors
from time import monotonic as _time__all__ = ["Telnet"]# Tunable parameters
DEBUGLEVEL = 0# Telnet protocol defaults
TELNET_PORT = 23# Telnet protocol characters (don't change)
IAC  = bytes([255]) # "Interpret As Command"
DONT = bytes([254])
DO   = bytes([253])
WONT = bytes([252])
WILL = bytes([251])
theNULL = bytes([0])SE  = bytes([240])  # Subnegotiation End
NOP = bytes([241])  # No Operation
DM  = bytes([242])  # Data Mark
BRK = bytes([243])  # Break
IP  = bytes([244])  # Interrupt process
AO  = bytes([245])  # Abort output
AYT = bytes([246])  # Are You There
EC  = bytes([247])  # Erase Character
EL  = bytes([248])  # Erase Line
GA  = bytes([249])  # Go Ahead
SB =  bytes([250])  # Subnegotiation Begin# Telnet protocol options code (don't change)
# These ones all come from arpa/telnet.h
BINARY = bytes([0]) # 8-bit data path
ECHO = bytes([1]) # echo
RCP = bytes([2]) # prepare to reconnect
SGA = bytes([3]) # suppress go ahead
NAMS = bytes([4]) # approximate message size
STATUS = bytes([5]) # give status
TM = bytes([6]) # timing mark
RCTE = bytes([7]) # remote controlled transmission and echo
NAOL = bytes([8]) # negotiate about output line width
NAOP = bytes([9]) # negotiate about output page size
NAOCRD = bytes([10]) # negotiate about CR disposition
NAOHTS = bytes([11]) # negotiate about horizontal tabstops
NAOHTD = bytes([12]) # negotiate about horizontal tab disposition
NAOFFD = bytes([13]) # negotiate about formfeed disposition
NAOVTS = bytes([14]) # negotiate about vertical tab stops
NAOVTD = bytes([15]) # negotiate about vertical tab disposition
NAOLFD = bytes([16]) # negotiate about output LF disposition
XASCII = bytes([17]) # extended ascii character set
LOGOUT = bytes([18]) # force logout
BM = bytes([19]) # byte macro
DET = bytes([20]) # data entry terminal
SUPDUP = bytes([21]) # supdup protocol
SUPDUPOUTPUT = bytes([22]) # supdup output
SNDLOC = bytes([23]) # send location
TTYPE = bytes([24]) # terminal type
EOR = bytes([25]) # end or record
TUID = bytes([26]) # TACACS user identification
OUTMRK = bytes([27]) # output marking
TTYLOC = bytes([28]) # terminal location number
VT3270REGIME = bytes([29]) # 3270 regime
X3PAD = bytes([30]) # X.3 PAD
NAWS = bytes([31]) # window size
TSPEED = bytes([32]) # terminal speed
LFLOW = bytes([33]) # remote flow control
LINEMODE = bytes([34]) # Linemode option
XDISPLOC = bytes([35]) # X Display Location
OLD_ENVIRON = bytes([36]) # Old - Environment variables
AUTHENTICATION = bytes([37]) # Authenticate
ENCRYPT = bytes([38]) # Encryption option
NEW_ENVIRON = bytes([39]) # New - Environment variables
# the following ones come from
# http://www.iana.org/assignments/telnet-options
# Unfortunately, that document does not assign identifiers
# to all of them, so we are making them up
TN3270E = bytes([40]) # TN3270E
XAUTH = bytes([41]) # XAUTH
CHARSET = bytes([42]) # CHARSET
RSP = bytes([43]) # Telnet Remote Serial Port
COM_PORT_OPTION = bytes([44]) # Com Port Control Option
SUPPRESS_LOCAL_ECHO = bytes([45]) # Telnet Suppress Local Echo
TLS = bytes([46]) # Telnet Start TLS
KERMIT = bytes([47]) # KERMIT
SEND_URL = bytes([48]) # SEND-URL
FORWARD_X = bytes([49]) # FORWARD_X
PRAGMA_LOGON = bytes([138]) # TELOPT PRAGMA LOGON
SSPI_LOGON = bytes([139]) # TELOPT SSPI LOGON
PRAGMA_HEARTBEAT = bytes([140]) # TELOPT PRAGMA HEARTBEAT
EXOPL = bytes([255]) # Extended-Options-List
NOOPT = bytes([0])# poll/select have the advantage of not requiring any extra file descriptor,
# contrarily to epoll/kqueue (also, they require a single syscall).
if hasattr(selectors, 'PollSelector'):_TelnetSelector = selectors.PollSelector
else:_TelnetSelector = selectors.SelectSelectorclass Telnet:"""Telnet interface class.An instance of this class represents a connection to a telnetserver.  The instance is initially not connected; the open()method must be used to establish a connection.  Alternatively, thehost name and optional port number can be passed to theconstructor, too.Don't try to reopen an already connected instance.This class has many read_*() methods.  Note that some of themraise EOFError when the end of the connection is read, becausethey can return an empty string for other reasons.  See theindividual doc strings.read_until(expected, [timeout])Read until the expected string has been seen, or a timeout ishit (default is no timeout); may block.read_all()Read all data until EOF; may block.read_some()Read at least one byte or EOF; may block.read_very_eager()Read all data available already queued or on the socket,without blocking.read_eager()Read either data already queued or some data available on thesocket, without blocking.read_lazy()Read all data in the raw queue (processing it first), withoutdoing any socket I/O.read_very_lazy()Reads all data in the cooked queue, without doing any socketI/O.read_sb_data()Reads available data between SB ... SE sequence. Don't block.set_option_negotiation_callback(callback)Each time a telnet option is read on the input flow, this callback(if set) is called with the following parameters :callback(telnet socket, command, option)option will be chr(0) when there is no option.No other action is done afterwards by telnetlib."""def __init__(self, host=None, port=0,timeout=socket._GLOBAL_DEFAULT_TIMEOUT):"""Constructor.When called without arguments, create an unconnected instance.With a hostname argument, it connects the instance; port numberand timeout are optional."""self.debuglevel = DEBUGLEVELself.host = hostself.port = portself.timeout = timeoutself.sock = Noneself.rawq = b''self.irawq = 0self.cookedq = b''self.eof = 0self.iacseq = b'' # Buffer for IAC sequence.self.sb = 0 # flag for SB and SE sequence.self.sbdataq = b''self.option_callback = Noneif host is not None:self.open(host, port, timeout)def open(self, host, port=0, timeout=socket._GLOBAL_DEFAULT_TIMEOUT):"""Connect to a host.The optional second argument is the port number, whichdefaults to the standard telnet port (23).Don't try to reopen an already connected instance."""self.eof = 0if not port:port = TELNET_PORTself.host = hostself.port = portself.timeout = timeoutself.sock = socket.create_connection((host, port), timeout)def __del__(self):"""Destructor -- close the connection."""self.close()def msg(self, msg, *args):"""Print a debug message, when the debug level is > 0.If extra arguments are present, they are substituted in themessage using the standard string formatting operator."""if self.debuglevel > 0:print('Telnet(%s,%s):' % (self.host, self.port), end=' ')if args:print(msg % args)else:print(msg)def set_debuglevel(self, debuglevel):"""Set the debug level.The higher it is, the more debug output you get (on sys.stdout)."""self.debuglevel = debugleveldef close(self):"""Close the connection."""sock = self.sockself.sock = Noneself.eof = Trueself.iacseq = b''self.sb = 0if sock:sock.close()def get_socket(self):"""Return the socket object used internally."""return self.sockdef fileno(self):"""Return the fileno() of the socket object used internally."""return self.sock.fileno()def write(self, buffer):"""Write a string to the socket, doubling any IAC characters.# IAC作为命令起始标识，如果正文中存在IAC字符，未免歧义需要进行转义Can block if the connection is blocked.  May raiseOSError if the connection is closed."""if IAC in buffer:buffer = buffer.replace(IAC, IAC+IAC)self.msg("send %r", buffer)self.sock.sendall(buffer)def read_until(self, match, timeout=None):"""Read until a given string is encountered or until timeout.When no match is found, return whatever is available instead,possibly the empty string.  Raise EOFError if the connectionis closed and no cooked data is available."""n = len(match)self.process_rawq()i = self.cookedq.find(match)if i >= 0:i = i+nbuf = self.cookedq[:i]self.cookedq = self.cookedq[i:]return bufif timeout is not None:deadline = _time() + timeoutwith _TelnetSelector() as selector:selector.register(self, selectors.EVENT_READ)while not self.eof:if selector.select(timeout):i = max(0, len(self.cookedq)-n)self.fill_rawq()self.process_rawq()i = self.cookedq.find(match, i)if i >= 0:i = i+nbuf = self.cookedq[:i]self.cookedq = self.cookedq[i:]return bufif timeout is not None:timeout = deadline - _time()if timeout < 0:breakreturn self.read_very_lazy()def read_all(self):"""Read all data until EOF; block until connection closed."""self.process_rawq()while not self.eof:self.fill_rawq()self.process_rawq()buf = self.cookedqself.cookedq = b''return bufdef read_some(self):"""Read at least one byte of cooked data unless EOF is hit.Return b'' if EOF is hit.  Block if no data is immediatelyavailable."""self.process_rawq()while not self.cookedq and not self.eof:self.fill_rawq()self.process_rawq()buf = self.cookedqself.cookedq = b''return bufdef read_very_eager(self):"""Read everything that's possible without blocking in I/O (eager).Raise EOFError if connection closed and no cooked dataavailable.  Return b'' if no cooked data available otherwise.Don't block unless in the midst of an IAC sequence."""self.process_rawq()while not self.eof and self.sock_avail():self.fill_rawq()self.process_rawq()return self.read_very_lazy()def read_eager(self):"""Read readily available data.Raise EOFError if connection closed and no cooked dataavailable.  Return b'' if no cooked data available otherwise.Don't block unless in the midst of an IAC sequence."""self.process_rawq()while not self.cookedq and not self.eof and self.sock_avail():self.fill_rawq()self.process_rawq()return self.read_very_lazy()def read_lazy(self):"""Process and return data that's already in the queues (lazy).Raise EOFError if connection closed and no data available.Return b'' if no cooked data available otherwise.  Don't blockunless in the midst of an IAC sequence."""self.process_rawq()return self.read_very_lazy()def read_very_lazy(self):"""Return any data available in the cooked queue (very lazy).Raise EOFError if connection closed and no data available.Return b'' if no cooked data available otherwise.  Don't block."""buf = self.cookedqself.cookedq = b''if not buf and self.eof and not self.rawq:raise EOFError('telnet connection closed')return bufdef read_sb_data(self):"""Return any data available in the SB ... SE queue.Return b'' if no SB ... SE available. Should only be calledafter seeing a SB or SE command. When a new SB command isfound, old unread SB data will be discarded. Don't block."""buf = self.sbdataqself.sbdataq = b''return bufdef set_option_negotiation_callback(self, callback):"""Provide a callback function called after each receipt of a telnet option."""self.option_callback = callbackdef process_rawq(self):"""Transfer from raw queue to cooked queue.Set self.eof when connection is closed.  Don't block unless inthe midst of an IAC sequence."""buf = [b'', b'']try:while self.rawq:c = self.rawq_getchar()if not self.iacseq:if c == theNULL:continueif c == b"\021":continueif c != IAC:buf[self.sb] = buf[self.sb] + ccontinueelse:self.iacseq += celif len(self.iacseq) == 1:# 'IAC: IAC CMD [OPTION only for WILL/WONT/DO/DONT]'if c in (DO, DONT, WILL, WONT):self.iacseq += ccontinueself.iacseq = b''if c == IAC:buf[self.sb] = buf[self.sb] + celse:if c == SB: # SB ... SE start.self.sb = 1self.sbdataq = b''elif c == SE:self.sb = 0self.sbdataq = self.sbdataq + buf[1]buf[1] = b''if self.option_callback:# Callback is supposed to look into# the sbdataqself.option_callback(self.sock, c, NOOPT)else:# We can't offer automatic processing of# suboptions. Alas, we should not get any# unless we did a WILL/DO before.self.msg('IAC %d not recognized' % ord(c))elif len(self.iacseq) == 2:cmd = self.iacseq[1:2]self.iacseq = b''opt = cif cmd in (DO, DONT):self.msg('IAC %s %d',cmd == DO and 'DO' or 'DONT', ord(opt))if self.option_callback:self.option_callback(self.sock, cmd, opt)else:self.sock.sendall(IAC + WONT + opt)elif cmd in (WILL, WONT):self.msg('IAC %s %d',cmd == WILL and 'WILL' or 'WONT', ord(opt))if self.option_callback:self.option_callback(self.sock, cmd, opt)else:self.sock.sendall(IAC + DONT + opt)except EOFError: # raised by self.rawq_getchar()self.iacseq = b'' # Reset on EOFself.sb = 0passself.cookedq = self.cookedq + buf[0]self.sbdataq = self.sbdataq + buf[1]def rawq_getchar(self):"""Get next char from raw queue.Block if no data is immediately available.  Raise EOFErrorwhen connection is closed."""if not self.rawq:self.fill_rawq()if self.eof:raise EOFErrorc = self.rawq[self.irawq:self.irawq+1]self.irawq = self.irawq + 1if self.irawq >= len(self.rawq):self.rawq = b''self.irawq = 0return cdef fill_rawq(self):"""Fill raw queue from exactly one recv() system call.Block if no data is immediately available.  Set self.eof whenconnection is closed."""if self.irawq >= len(self.rawq):self.rawq = b''self.irawq = 0# The buffer size should be fairly small so as to avoid quadratic# behavior in process_rawq() abovebuf = self.sock.recv(50)self.msg("recv %r", buf)self.eof = (not buf)self.rawq = self.rawq + bufdef sock_avail(self):"""Test whether data is available on the socket."""with _TelnetSelector() as selector:selector.register(self, selectors.EVENT_READ)return bool(selector.select(0))def interact(self):"""Interaction function, emulates a very dumb telnet client."""if sys.platform == "win32":self.mt_interact()returnwith _TelnetSelector() as selector:selector.register(self, selectors.EVENT_READ)selector.register(sys.stdin, selectors.EVENT_READ)while True:for key, events in selector.select():if key.fileobj is self:try:text = self.read_eager()except EOFError:print('*** Connection closed by remote host ***')returnif text:sys.stdout.write(text.decode('ascii'))sys.stdout.flush()elif key.fileobj is sys.stdin:line = sys.stdin.readline().encode('ascii')if not line:returnself.write(line)def mt_interact(self):"""Multithreaded version of interact()."""import _thread_thread.start_new_thread(self.listener, ())while 1:line = sys.stdin.readline()if not line:breakself.write(line.encode('ascii'))def listener(self):"""Helper for mt_interact() -- this executes in the other thread."""while 1:try:data = self.read_eager()except EOFError:print('*** Connection closed by remote host ***')returnif data:sys.stdout.write(data.decode('ascii'))else:sys.stdout.flush()def expect(self, list, timeout=None):"""Read until one from a list of a regular expressions matches.The first argument is a list of regular expressions, eithercompiled (re.Pattern instances) or uncompiled (strings).The optional second argument is a timeout, in seconds; defaultis no timeout.Return a tuple of three items: the index in the list of thefirst regular expression that matches; the re.Match objectreturned; and the text read up till and including the match.If EOF is read and no text was read, raise EOFError.Otherwise, when nothing matches, return (-1, None, text) wheretext is the text received so far (may be the empty string if atimeout happened).If a regular expression ends with a greedy match (e.g. '.*')or if more than one expression can match the same input, theresults are undeterministic, and may depend on the I/O timing."""re = Nonelist = list[:]indices = range(len(list))for i in indices:if not hasattr(list[i], "search"):if not re: import relist[i] = re.compile(list[i])if timeout is not None:deadline = _time() + timeoutwith _TelnetSelector() as selector:selector.register(self, selectors.EVENT_READ)while not self.eof:self.process_rawq()for i in indices:m = list[i].search(self.cookedq)if m:e = m.end()text = self.cookedq[:e]self.cookedq = self.cookedq[e:]return (i, m, text)if timeout is not None:ready = selector.select(timeout)timeout = deadline - _time()if not ready:if timeout < 0:breakelse:continueself.fill_rawq()text = self.read_very_lazy()if not text and self.eof:raise EOFErrorreturn (-1, None, text)def __enter__(self):return selfdef __exit__(self, type, value, traceback):self.close()def test():"""Test program for telnetlib.Usage: python telnetlib.py [-d] ... [host [port]]Default host is localhost; default port is 23."""debuglevel = 0while sys.argv[1:] and sys.argv[1] == '-d':debuglevel = debuglevel+1del sys.argv[1]host = 'localhost'if sys.argv[1:]:host = sys.argv[1]port = 0if sys.argv[2:]:portstr = sys.argv[2]try:port = int(portstr)except ValueError:port = socket.getservbyname(portstr, 'tcp')with Telnet() as tn:tn.set_debuglevel(debuglevel)tn.open(host, port, timeout=0.5)tn.interact()if __name__ == '__main__':test()

二. 简单使用

使用telnetlib提供的客户端，与telnet服务端建立连接。TCP连接成功后通信双方首先需要商议通讯基本配置，一般是由服务端发起，因此客户端提供一个回调函数来处理服务端的协商请求。

import time
from telnetlib import DO, ECHO, IAC, SB, SE, TTYPE, WILL, Telnetdef option_negotiation_callback(socket, cmd, opt):IS = b'\00'terminal_type = "VT100"if cmd == WILL and opt == ECHO:# hex:ff fb 01 name:IAC WILL ECHO description:(I will echo)socket.sendall(IAC + DO + opt)  # hex(ff fd 01), name(IAC DO ECHO), descr(please use echo)elif cmd == DO and opt == TTYPE:# hex(ff fd 18), name(IAC DO TTYPE), descr(please send environment type)socket.sendall(IAC + WILL + TTYPE) # hex(ff fb 18), name(IAC WILL TTYPE), descr(Dont worry, i'll send environment type)elif cmd == SB:socket.sendall(IAC + SB + TTYPE + IS + terminal_type.encode() +IS + IAC + SE)# hex(ff fa 18 00 b"VT100" 00 ff f0) name(IAC SB TTYPE iS VT100 IS IAC SE) #descr(Start subnegotiation, environment type is VT100, end negotation)elif cmd == SE:  # server letting us know sub negotiation has endedpass  # do nothingelse:print('Unexpected telnet negotiation')if __name__ == "__main__":username = "admin"pwd = "123456"ip = "127.0.0.1"port = 23timeout = 5telnet = Telnet()telnet.set_option_negotiation_callback(option_negotiation_callback)try:telnet.open(ip, port, timeout)time.sleep(0.5)_ = telnet.read_until(b'login:')print(_)telnet.write(username.encode() + b'\r\n')_ = telnet.read_until(b'password:')print(_)telnet.write(pwd.encode() + b'\r\n')_ = telnet.read_until(b'\r\n')print(_)except Exception as msg:print(msg)telnet.close()print("Connection failed")returnprint("Connection successfully established")telnet.write(b"hello world")#调用write接口，如果正文中有IAC字符，telnetlib会在内部自动进行转义。如果直接用socket发送，则需要自己手动对正文中的IAC进行转义_ = telnet.read_until(b"\r\n")input('::')telnet.close()print("quit")

TELNET 协议初探相关推荐

Telnet协议详解
这因为有个任务涉及到使用telnet 来连接远端的路由器,获取信息,之后进行处理. 所以需要写一个自动telnet登录到远端,之后获取信息进行处理的程序. 自己C++ 一塌糊涂,所以几乎最开始就没打算 ...
VC++分析数据包实现Telnet协议分析
Telnet协议是TCP/IP协议族中的一员,是Internet远程登陆服务的标准协议和主要方式.它为用户提供了在本地计算机上完成远程主机工作的能力.在终端使用者的电脑上使用telnet程序,用它连接 ...
基于visual c++之windows核心编程代码分析（30）Telnet协议编程
Telnet协议是TCP/IP协议族中的一员,是Internet远程登陆服务的标准协议和主要方式.它为用户提供了在本地计算机上完成远程主机工作的能力.在终端使用者的电脑上使用telnet程序,用它连接 ...
SMTP协议初探（二）----linux下c编程实现发邮件
仿照,SMTP协议初探(一)--我的前一篇博客,结合网上的材料,利用socket,写了个Linux下c编程实现的发邮件程序. 大家可以拿自己的邮箱去做实验啦,base64是一种编码方式,网上可以找到一 ...
OpenFlow协议初探——OpenFLow中的流和流表
OpenFlow协议初探--OpenFLow中的流和流表 OpenFlow交换机转发面由两部分组成:端口和流表.一个交换机可以有很多种端口,也可以有很多级流表.下图是思科提供的OpenFlow交换机总 ...
口令暴力破解--Telnet协议暴力破解、数据库暴力破解与远程桌面暴力破解
Telnet协议暴力破解 Telnet Telnet协议是TCP/IP协议族中的一员,是Internet远程登陆服务的标准协议和主要方式.它为用户提供了在本地计算机上完成远程主机工作的能力.要开始一个 ...
针对 Telnet 协议的威胁观察
物联网协议威胁观察本节我们选取了三个被攻击利用较多的协议进行分析. 6.1.2.1 针对 Telnet 协议的威胁观察在绿盟威胁捕获系统的数据中,Telnet 服务(端口 23)是被攻击者攻击最多 ...
windows网络编程——telnet协议
1.windows网络编程--telnet协议 Telnet是最老的Internet应用,起源于1969年的ARPANET,名字是"电信网络协议(TelecommuicationNetwo ...
Telnet协议详解及使用C# 用Socket 编程来实现Telnet协议 - Atpking - 博客园
Telnet协议详解及使用C# 用Socket 编程来实现Telnet协议 - Atpking - 博客园 Telnet协议详解及使用C# 用Socket 编程来实现Telnet协议 - Atpkin ...

TELNET 协议初探

一. python3中的实现

TELNET 协议初探相关推荐

最新文章

热门文章