Implementing Common Protocols and

Services
Introduction
Objective
CompTIA Security+ (SY601) Domain:

Domain 3.0: Implementation

CompTIA Security+ (SY601) Objectives:

Objective 3.1: Given a scenario, implement security protocols

Overview
Telnet and SSH are two protocols that can be utilized to remotely administer a server.
However, there is a huge difference between them. TELNET sends all information over the
wire in clear text and SSH communication between two systems is encrypted. During this lab,
you will utilize TELNET, SSH, and FTP to perform functions between two systems on a
network. After completing the tasks, you will examine how the traffic looks with Wireshark,
an open source Protocol Analyzer.

OUTCOMES:
In this lab, you will learn to:

1 Use Telnet and SSH on a network and understand why you would use one over the

other.

2 Use FTP and SCP on a network and understand why you would use one over the

other.

3 Use Wireshark to capture and observe network traffic.

Key Term Description

Secure shell uses port 22 and encrypts traffic, which typically provides a
SSH
terminal interface.

a protocol where the data is transmitted between two machines over in clear
TELNET text. The use of TELNET, which uses port 23, should be avoided on networks
because it is not secure.

a free SSH client for Windows. Although Microsoft Windows does come with
a TELNET client, it lacks an SSH client. For this reason, a third party
PuTTY
application like PuTTY needs to be utilized in order for a Windows machine to
connect to an SSH server.

a free and open source protocol analyzer, which will allow a user to capture
Wireshark
network traffic or to analyze a capture file.

WinSCP is a free program for Microsoft Windows, which will allow you to
securely transfer files over an encrypted connection. The use of SCP is
WinSCP
preferred over using FTP because the file will be transmitted over an
encrypted channel.

Reading Assignment
Introduction
During this lab, you will use TELNET, Secure Shell (SSH), File Transfer Protocol (FTP), and
Secure Copy (SCP) to perform functions between two systems on a network. After
completing the tasks, you will examine the traffic with Wireshark, an open source Protocol
Analyzer.

A system administrator’s job is to protect the network from intruders and use the appropriate
protocols and tools to do that job. An administrator today should never use TELNET or FTP.
The data transmitted using those protocols is unencrypted and a hacker might be able to
harvest these credentials with a simple tool such as Wireshark. This technique will be
demonstrated in this lab.

When working with application layer protocols in the Transmission Control Protocol/Internet
Protocol (TCP/IP) protocol stack, there are two parts of the system that is required. You need
a client, whose job is to provide an interface, and initiate a connection with a server, whose
job is to serve data to clients. Once the client connects to the server, the server waits for
requests and responds to the requests of the client. All the services in this lab require the
setup of the server first and then if the client does not exist, install it, and then initiate the
connection from the client. In this case, you will connect the Windows client to the Windows
Server (Figure 1).

Remote Administration
Telnet and SSH are two protocols that can be used to remotely administer a server. However,
there is a large security risk that comes with using TELNET. This is because TELNET
transmits all information over the wire in clear text and SSH communication between two
systems is encrypted. SSH, usually asymmetrical keys, is the preferred method of doing
remote administration via command line or terminal.

Recall, ports numbers are uniquely assigned to each protocol and that is what connects the
transport layer to the application layer. Below, we will examine the default ports of protocols.

Telnet (Port 23)

Telnet is a protocol that allows for remote administration of a server. There are two parts of
TELNET: the TELNET client and the TELNET server. In this lab, you will configure the
TELNET service on the Windows server and use telnet client from the Windows 10 machine.
Telnet will be initiated from the Windows 10 machine to connect to the Windows server.

Application TELNET

Transport TCP

Network IP

Data Link Ethernet

Secure Shell (SSH) (Port 22)

SSH is a replacement for the insecure TELNET protocol. The different layers and protocols
that run SSH are shown in Figure 2. SSH can run on top of either the Secure Copy Transfer
Protocol (SCTP) or Transmission Control Protocol (TCP) in a network.
Figure 3 shows how SSH sets up a secure tunnel between the client and server based on the
public/private key pair that is generated on the Kali machine and exchange with the PuTTY
client on the Windows machine. SSH encrypts using the public key on the client and
unencrypts using the private key on the server. In this lab, you will configure SSH service on
the Kali Linux system and you will initiate a connection on the Windows 10 machine using a
free third-party application called PuTTY which provides the SSH protocol on a Windows
machine.

Application SSH

Transport SCTP, TCP

Network IP

Data Link Ethernet

File Transfer

FTP and SCP are two protocols that can be used to transfer files between two systems. There
is a difference between them because of the security-related issues that are present with
FTP. The FTP protocol transmits user credentials, passwords, and files in clear text. In
contrast, SCP encrypts and unencrypts the user credentials and files between systems.

File Transfer Protocol (FTP) (Port 20/21)

FTP is a protocol that allows for transfer of files between systems and runs on top of TCP.
The different layers and protocols that run FTP is shown in Figure 5. All data and credentials
are transmitted over the network in clear text. It is a very insecure protocol. FTP can be
secured in different ways using the Secure Sockets Layer (SSL) as one example, but SCP can
be used as the secure alternative also, and it is easier to configure since it comes with SSH. In
this lab, the Kali machine will act as the FTP client and the Windows server will act as the
FTP server.

Application FTP

Transport TCP

Network IP

Data Link Ethernet

Secure Copy (SCP) (Port 22)

SCP is a protocol that comes with SSH and run in conjunction with SSH. It uses the same port
as SSH. It works similar to the cp command in Linux but adds a user@host:directory/file in its
syntax. For example, scp file.txt jack@kali:tmp/file.txt

Application SCP, SSH

Transport SCTP, TCP

Network IP

Data Link Ethernet

Examining Protocol Traffic in Wireshark

Wireshark is a network protocol analyzer. It allows you to inspect and capture packets on
your network. It allows you to inspect the traffic that is transmitting on your network.

The format for a packet that is transmitted over a network usually looks like in Figure 7.

This relates to the layers in the TCP/IP protocol stack. Media Access Control (MAC) Header is
Ethernet, Internet Protocol (IP) header is the network/internet layer, TCP Header is the
transport layer, and the message is the application layer. When a message is transmitted over
the network, it encapsulates the header from each of the layers before it transmits onto the
network. When the message is received, the headers are stripped off as it works its way up
the protocol stack to the application. Figure 8 illustrates how a message flows from the client
to the server.

Wireshark provides a user interface that allows you to filter your network traffic and analyze
W es a p ov des a use te ace t at a ows you to te you etwo t a c a d a a y e
that traffic. A system administrator can use Wireshark if he or she suspects there might be
nefarious traffic that the firewall and intrusion detection system is not detecting. A system
administrator needs to know the protocols in depth to grasp the information being
transmitted on the network. Figure 9 shows the user interface for Wireshark. You open a
captured network traffic file, and the first step is to filter the traffic which is called a
DisplayFilter. A DisplayFilter allows you to only see traffic that you want to see. You can filter
on items like the tcp.port number, the protocol type, IP addresses, etc. For more information
on DisplayFilters, see this link. To fully appreciate the details of the headers of the different
protocols at the different layers, you need to review the header information. Wikipedia is a
good source of header information for the different protocols used on a network. Once the
filter is set, the results appear in #2. As you change the DisplayFilter, you can zero in on what
you want to see. When you click on a packet, the packet info appears in #3. Details about the
selected link are in the second part of the window. You can examine the details of that
particular part of the captured data. The #4 of the screenshot shows the file in hexadecimal
format.

In this lab, you will open an already captured network traffic and review the data transmitted
from FTP, SSH, and Telnet.

CONCLUSION:
In this lab, you learned the differences between two remote administration protocols,
TELNET, an insecure protocol, and SSH, a secure protocol. You also learned the differences
between two file transfer protocols, FTP, an insecure protocol, and SCP, a secure file transfer
protocol. You also used Wireshark to illustrate the differences between the protocols at the
packet level.

Using the Telnet and SSH Protocols

1 Click on the Windows Server icon on the topology. After the server is loaded, click

the Send Ctrl+Alt+Delete button in the upper right corner.

The Windows Server VM might need a minute or two to fully power on. If you see
a black screen that means it's still powering on and will be ready shortly.
2 Log on as administrator with the password of P@ssw0rd. Click the arrow. Then

double-click on the Command Prompt shortcut on the Windows Server 2008

Desktop.
 If you can't see the icons on the desktop, your screen is either too small or you are
zoomed in too much. There are zooming instructions in the "Before You Begin"
section of this lab. You can also make the window larger by dragging.

3 Type the following command to determine if the Telnet Server Services is

running and then press Enter.

C:\>sc query tlntsvr

4 Click on the Windows 10 icon on the topology.

5 Double-click on the cmd - Shortcut.

6 Verify that the Telnet service is open on the Windows Server by using nmap, a free

open source port scanner. You have the ability to scan for a single port, which we will

do in this case. Type the following and then press enter.

C:\Users\student>nmap 192.168.1.10 -p 23

7 Telnet can be used to connect to a remote system. It is not secure, but still in use

today. Type the following command to connect the Windows Server using Telnet

and then press Enter.

 C:\Users\student>telnet 192.168.1.10

Note: This might take a few seconds.

8 Type y when asked about sending your password information to a remote

computer. Then press Enter.

9 Log into the remote Windows Server by typing administrator for the Login and

press Enter. Type P@ssw0rd for the password and press Enter.

For security reasons the password is not shown.

 10 Type the following command to add a user account called super to the Windows

Server. Then press Enter.

C:\Users\Administrator>net user super P@ssw0rd /add

11 Type the following command to add super to the Enterprise Admins group. Then

press Enter.

C:\Users\Administrator>net group "Enterprise Admins" super /add

12 There is another account on the system called superman. View the information about

the superman account by typing the following command:

C:\Users\Administrator> net user superman

Notice the flag of 999818. Click on the Challenge icon and type the flag number into the
answer box. This is just to show you how to capture Challenge Flags you will see throughout
this lab.

CHALLENGE

13 Get the information for below Challenge Flag by using the same techniques from the

previous steps.

CHALLENGE

14 Type the following command to leave the Telnet session on the Windows

Server. Then press Enter.

C:\Users\Administrator>exit

15 Click on the Windows Server icon on the topology. If you do not already have a
 command prompt open, then double-click on the Command Prompt shortcut on the

Windows Server 2008 desktop to open one again.

16 Type the following command to stop the Telnet Server Service. Then press Enter.

C:/>sc stop tlntsvr

17 Type the following command to uninstall the Telnet Server Service. Then press Enter.

C:\>sc delete tlntsvr

18 Click on the Windows 10 icon on the topology.

19 Double-click on the cmd - Shortcut.
20 Verify that the Telnet service is not open on the Windows Server by typing the

following command. Then press Enter.

C:\Users\student>nmap 192.168.1.10 -p 23

21 Type the following command to exit the command prompt session on Windows

10. Then press Enter.

C:\Users\student>exit

22 Click on the Kali 2 Linux icon on the topology.

 If the Kali Linux is displaying the time, and not the logon box, press the Enter Key.

23 Type root for the username and click Next.

24 For the password, type toor (root spelled backwards) and click the Sign In button.

25 Click the black and white icon (second from the top) to launch the Linux terminal.
26 Type the following command to generate the SSH keys and then press Enter 4 times.

root@kali2:~# ssh-keygen

27 Type the following command to generate the SSH keys and press Enter.

root@kali2:~# service sshd start

28 Click on the Windows 10 icon on the topology.

29 Double-click on the putty icon.

30 In the Host Name box, type 192.168.1.101 Click the Open button.
31 Click the Yes button when you receive the PuTTY Security Alert pop-up box.

32 Type root for the username, and press Enter. Type toor for the password (root

spelled backwards) and press Enter.

 Note: For security reasons the password is not shown.

33 Type the following command to add a user named super to the remote LInux

system. Then press Enter.

root@kali2:~# useradd super

34 Type the following to give super a password and press Enter.

root@kali2:~# passwd super

35 Type P@ssw0rdfor the password and press Enter. When asked again,

retype P@ssw0rdfor the password and then press Enter.

Note: For security reasons the password is not shown.

36 Type the following command to get the user id (uid) for the super account. The id
 command

root@kali2:~# id super

37 Get the information for below Challenge Flag by using the same techniques from the

previous steps.

CHALLENGE

38 Type exit and press Enter.

Using the FTP and SCP protocols for File Transfer

1 Click on the Kali 2 Linux icon on the topology. Double-click the Linux Terminal icon

to launch if the terminal is not already open.

2 Type the following command to ftp to the Windows Server. Then press Enter.
root@kali2:~# ftp 192.168.1.10

3 Type ftp for the username. Then press Enter. When you are prompted for the

password, just press Enter.

4 Type the following ftp command to list all of the files and folders. Then press Enter.

ftp> ls

5 Type the following ftp command to download sampleflag.txt to your local system.

Press Enter.

ftp> get sampleflag.txt

 6 Type the following command to leave the ftp session and exit the ftp sub-

prompt. Then press Enter.

ftp> bye

7 Type the following command to view the contents of the sampleflag.txt file.

root@kali2:~# more sampleflag.txt

8 Get the information for below Challenge Flag by using the same techniques from the

previous steps.

CHALLENGE

9 Click on the Windows 10 icon on the topology. Double-click on WinSCP.

10 In the Host name box, type 192.168.1.101 Type root for the user name and toor

for the password (password will be displayed as dots for security purposes.) Click

Login.

11 Click Yes to the security warning about connecting to an unknown host.

12 Drag sampleflag.txt from the root folder on the right to the Documents folder on the

left.

13 Click OK on the WinSCP Download dialogue box.

14 Close WinSCP by clicking the red X at the top right of the program. If asked for

confirmation to terminate session, click OK. Otherwise, proceed to the next step.

15 Click the folder icon in the taskbar to open Windows Explorer.

16 Click Documents to view the locate sampleflag.txt.

17 Double click on the sampleflag.txt file to view it. Click the X in the top-right hand

corner to close sampleflag.txt.

18 Get the information for below Challenge Flag by using the same techniques from the

previous steps.

CHALLENGE
19 Close Windows Explorer by clicking on File and Selecting Close.
Examining Protocol Traffic in Wireshark

1 Click on the Windows 10 icon on the topology. Double-click on the protocol.pcap

file.
2 Type telnet in the wireshark filter pane. Click the right arrow to apply the filter.

Right-click on packet 67, then select Follow, then click on TCP Stream to view the

Telnet traffic between the client and the server.

3 The username and password are displayed in clear text. Click the left box that

states Entire conversation and select the bottom conversation from the list of two. If
needed, scroll down to Microsoft Telnet Service by clicking the down arrow in the

bottom right corner of the window.

4 Read the commands the administrator typed. Click the Close button.
5 Type ftp in the Wireshark filter pane. Click the right arrow to apply the filter. Notice

the username and password are sent over the network in clear text.

6 Right Click on Packet 386 and select Follow. Then click TCP Stream.
7 View the clear text credentials and then click close.
8 Type ssh in the Wireshark filter pane. Click the right arrow to apply the filter. Notice

the encrypted packet is listed in the right hand column. Right-click on Packet

496, then select Follow, then click TCP Stream to view the SSH traffic between the

client and server.

9 View the key exchanges between the client and server. Scroll down to view more

traffic.

10 The Traffic is encrypted between the hosts. Click Close, and then close Wireshark.
11 Close the protocol.pcap file by clicking the x in the right hand corner of the

wireshark.

12 Get the information for below Challenge Flag by using the same techniques from the

previous steps.

CHALLENGE

Note: Press STOP to complete the lab.

© 2022 - Infosec Learning INC. All Rights Reserved.