1

I wrote an app to automatically connect to our different Firewalls. All of them work with the same frontend. We telnet to the IP and they give the message LOGIN or LOGOUT and ask for a username or password.

I used this code: 

    public static void ConnectToFirewall(string strUsername, string strPassword, string strFirewallIp)
    {
        IPAddress[] ipaIpAddressCollection = Dns.GetHostAddresses(strFirewallIp);
        IPEndPoint ipeIpEndPoint = new IPEndPoint(ipaIpAddressCollection[0], intPort);
        Socket sckSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
        sckSocket.Connect(ipeIpEndPoint);
        string strData = strUsername + "\r\n"+ strPassword + "\r\n";
        byte[] bytData = new byte[1024];
        bytData = Encoding.ASCII.GetBytes(strData);
        sckSocket.Send(bytData);
        byte[] bytDataReceived = new byte[1024];
        int intData = sckSocket.Receive(bytDataReceived);
        sckSocket.Close();
    }

If I am not logged in, when I telnet to it, I receive the message: LOGIN, username: / Password:. If I am logged on, I receive LOGOUT, username: / Password.

This works perfectly well with the above method for half of my firewalls, it does not seem to work (I keep getting login as if I had not tried to pass credentials). I also tried it with

    TcpClient tcpConnection = new TcpClient(myip,myport);

but this gives the same result. It works for certain firewall ip's. fails for others. They are all in the same domain.

Does anyone have idea how I could get past this or what steps I could undertake to troubleshoot this or what may be the cause of some server not accepting this method, allthough it does accept if I telnet to it?

Any help or suggestions are appreciated.

Many thanks in advance.

XikiryoX
  • 1,898
  • 1
  • 12
  • 33
  • 1
    I've given several thoughts below for approaches to fix this. If they don't work, aim [wireshark](http://en.wikipedia.org/wiki/Wireshark) at both successful and unsuccessful connection attempts and try to spot the difference. – sarnold Nov 14 '11 at 00:14
  • 1
    thanks for the feedback. Will use wireshark to check the difference and will let you know the outcome. Thanks. – XikiryoX Nov 14 '11 at 00:18
  • From what I can see here you are doing a RAW connection. Are you sure your server is not doing a Telnet, try Putty with RAW vs Telnet Connection to the same location? if so you may need to handle negotiation. http://en.wikipedia.org/wiki/Telnet – Paul Farry Nov 14 '11 at 04:56
  • 1
    I used Putty to connect but it works perfectly well with RAW connection and with Telnet connection. The only difference is that with RAW it displays the password that I type and with Telnet it does not. But apart from that, it makes not difference whatsoever. Thanks for the tip anyway. – XikiryoX Nov 14 '11 at 13:00

1 Answers1

1

When you call sckSocket.Send(bytData), how does the socket know to send only the portion of the bytData that has been initialized with the username and password? I have a feeling that Send() will send the entire 1024 bytes along, most of which will be 0x00 bytes. I would not expect a router to handle this gracefully.

I've seen systems that accepted the password only after the prompt for the password has been generated and sent. Try sending the username and password with two separate requests. If your environment makes it feasible to set the TCP_NODELAY socket option to disable Nagle's algorithm, it might help to get the username string sent along more quickly. (I wouldn't bother with this unless you also split apart sending the username from the password.)

sarnold
  • 102,305
  • 22
  • 181
  • 238
  • How could I avoid sending the entire bytData array and just send the portion that contains the username and password. When I ran wireshark during the telnet connection, I saw that it sent every letter of the username and password seperatly. I however could not make this work when recreating this via the code. – XikiryoX Nov 14 '11 at 00:20
  • Correct, `telnet` sends every single keypress immediately. This would be annoying to replicate in your program, but you could do it if you use `TCP_NODELAY` and submit every character as an individual `Send()` request. (This is probably not necessary.) – sarnold Nov 14 '11 at 00:22
  • 2
    [The MSDN docs](http://msdn.microsoft.com/en-us/library/ms145160.aspx) show that you can initialize the `byte[]` directly from `Encoding.UTF8.GetBytes()` without specifying a size first. – sarnold Nov 14 '11 at 00:24
  • sarnold - I initialized the byte directly from Encoding and added the TCP_NODELAY. I did not make a difference. I also captured the connection with wireshark, I however don't see any difference apart for the response I get. Which is about the same as it is with the manual telnet connection. I am somewhat stuck here. Any other suggestions of something that might go wrong? – XikiryoX Nov 14 '11 at 12:55
  • 1
    The last thing I can think of is splitting apart the username from the password -- send them in two different packets. Either hard code a delay in there that is long enough for the password prompt to be displayed, or wait for the arrival of the password prompt, before sending the password. – sarnold Nov 14 '11 at 22:37
  • 1
    sarnold - Your last suggestion did the trick. sending them in different packects combined with the delay have worked out just fine. The issue was related to serverspeeds. Many thanks, Kevin – XikiryoX Nov 15 '11 at 13:17
  • Excellent! I'm glad that you got it! :) – sarnold Nov 15 '11 at 23:32