Small servers

26/03/11 17:08 Filed in: services

A quick note about tcp small servers.

DOC-CD says:

"The TCP small servers consist of three services: Discard (port 9), Echo (port 7), and Chargen (port 19)."

If we do a portscan to a router before and after enabling tcp-small-server with the command:

R(config)#service tcp-small-servers


We can see that these ports are opened:

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on  (10.1.0.254):
Port       State       Service
7/tcp      open        echo                    
9/tcp      open        discard                 
13/tcp     open        daytime                 
19/tcp     open        chargen


The DOC-CD misses port 13 corresponding to Daytime Protocol. As Fox Mulder used to say: "trust no one".

Let's check if it works: 

telnet 10.1.0.254 13
Trying 10.1.0.254...
Connected to 10.1.0.254.
Escape character is '^]'.
Saturday, March 26, 2011 18:09:30-ROME
Connection closed by foreign host.


Great! IOS tell us the time.

The chargen port:

telnet 10.1.0.254 19
Trying 10.1.0.254...
Connected to 10.1.0.254.
Escape character is '^]'.
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh
"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi
#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij
$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk
%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl



The echo port is quite funny, it send us back whatever we send it:

telnet 10.1.0.254 7
Trying 10.1.0.254...
Connected to 10.1.0.254.
Escape character is '^]'.
hi!
hi!
hello!
hello!


The traffic sent to the discard port is simply discarded, used for testing:

telnet 10.1.0.254 9
Trying 10.1.0.254...
Connected to 10.1.0.254.
Escape character is '^]'.
junk
junk
trash


UDP small servers work as TCP, just over a different transport protocol.


HTH