identifing tcp codes

Discussion in 'Linux Networking' started by Hul Tytus, Jun 20, 2014.

  1. Hul Tytus

    Hul Tytus Guest

    comp.os.linux.networking
    identifing tcp codes

    I've been looking through several versions of tcp source trying to identify the 2 byte codes in the data sections of some tcp packets. These are typically 0xff 0xfd, 0xff 0xfe, 0xff 0xfb, etc and appear to identify the data segment in some cases and perform some apparantly indepent purpose in others.
    The packets shown below, which show these codes, start with a 4 byte ppp header, then a 5 word (32 bit) ip header. In the second line is the tcp header with the data included. If a byte in the data segment is in the range 0x20 - 0x7? (z), the ascii charactor is shown.
    The last packet shows a minix system sending what I'm guessing to be an announcement of it's "minix" terminal. 0xff 0xf0 is a code for terminal announcements?.
    Anyone know the common name for these codes, or, even better, where they are identified?

    Hul


    ____________________________________________________________________
    RECIEVE *** ack push data included
    FF 03 00 21 45 48 00 3A 00 00 40 00 33 06 36 45 A6 54 01 02 48 FB 20 E0
    00 17 80 00 2E 4D 96 3C 01 07 36 D4 50 18 83 2C 37 89 00 00 FF FB 26 FF
    FD 18 FF FD 20 FF FD # FF FD ' FF FD $ 8A 81
    SEND *** ack
    FF 03 00 21 45 00 00 28 00 05 00 00 40 06 69 9A 48 FB 20 E0 A6 54 01 02
    80 00 00 17 01 07 36 D4 2E 4D 96 4E 50 10 1F EB 02 2A 00 00 2E B5
    SEND *** ack push data included
    FF 03 00 21 45 00 00 2B 00 06 00 00 40 06 69 96 48 FB 20 E0 A6 54 01 02
    80 00 00 17 01 07 36 D4 2E 4D 96 4E 50 18 1F EB DC 1F 00 00 FF FE 26 D5
    AE
    RECIEVE *** ack
    FF 03 00 21 45 48 00 28 00 00 40 00 33 06 36 57 A6 54 01 02 48 FB 20 E0
    00 17 80 00 2E 4D 96 4E 01 07 36 D4 50 10 83 2C 9E E8 00 00 75 B6
    RECIEVE *** ack to ack or not to ack...
    FF 03 00 21 45 48 00 28 00 00 40 00 33 06 36 57 A6 54 01 02 48 FB 20 E0
    00 17 80 00 2E 4D 96 4E 01 07 36 D7 50 10 83 2C 9E E5 00 00 0D 9F
    SEND *** ack push data included
    FF 03 00 21 45 00 00 37 00 07 00 00 40 06 69 89 48 FB 20 E0 A6 54 01 02
    80 00 00 17 01 07 36 D7 2E 4D 96 4E 50 18 1F EB A8 D2 00 00 FF FB 18 FF
    FC 20 FF FC # FF FC ' FF FC $ 1B h
    RECIEVE *** ack push data included
    FF 03 00 21 45 48 00 2E 00 00 40 00 33 06 36 51 A6 54 01 02 48 FB 20 E0
    00 17 80 00 2E 4D 96 4E 01 07 36 E6 50 18 83 2C 86 DB 00 00 FF FA 18 01
    FF F0 14 h
    SEND *** ack
    FF 03 00 21 45 00 00 28 00 08 00 00 40 06 69 97 48 FB 20 E0 A6 54 01 02
    80 00 00 17 01 07 36 E6 2E 4D 96 54 50 10 1F E5 02 18 00 00 22 BC
    SEND *** ack push data included
    FF 03 00 21 45 00 00 2C 00 09 00 00 40 06 69 92 48 FB 20 E0 A6 54 01 02
    80 00 00 17 01 07 36 E6 2E 4D 96 54 50 18 1F E5 EA 10 00 00 FF FA 18 00
    A0 ;
    RECIEVE *** ack
    FF 03 00 21 45 48 00 28 00 00 40 00 33 06 36 57 A6 54 01 02 48 FB 20 E0
    00 17 80 00 2E 4D 96 54 01 07 36 EA 50 10 83 2C 9E CC 00 00 B5 79
    SEND *** ack push data included
    FF 03 00 21 45 00 00 30 00 0A 00 00 40 06 69 8D 48 FB 20 E0 A6 54 01 02
    80 00 00 17 01 07 36 EA 2E 4D 96 54 50 18 1F E5 AE 3F 00 00 m i n i x
    00 FF F0 E9 ;
     
    Hul Tytus, Jun 20, 2014
    #1
    1. Advertisements

  2. Hul Tytus

    Tauno Voipio Guest

    Are you using a Telnet client or server?

    The sequences seem to be Telnet control sequences, see
    RFC 854 <http://tools.ietf.org/html/rfc854>.
     
    Tauno Voipio, Jun 20, 2014
    #2
    1. Advertisements

  3. Hul Tytus

    Hul Tytus Guest

    Tauno - it is indeed telnet. I was anticipating more chit/chat between the
    tcp sections and your pointing to telnet put me on the right track -
    thanks.

    Hul
     
    Hul Tytus, Jun 20, 2014
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.