Solved

VTY virtual terminal NOT ACCESSIBLE.....

Posted on 2008-06-15
24
840 Views
Last Modified: 2011-10-19
I tried to use the windows Hyper terminal to access the router on the network. This is not direct connection. This is my setting in my Hyper terminal:
Connect using : TCP/IP [winsock]
host address: 10.0.1.254
the rest are default setting.

It displayed the User Access Verification and asking for password. But when I type in the number, it's not even showing on the screen. I hit enter, it still doing nothing.

I tried with telnet, it's working well without problem though.
0
Comment
Question by:wuitsung
  • 12
  • 6
  • 6
24 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 21790608
Hyperterm is a telnet client.  So what is the other telnet client you are using?

Have you tried configuring hyperterm so that it presents itself as a VT100 type terminal?
0
 

Author Comment

by:wuitsung
ID: 21790639
The Hyper terminal I am talking about is from Start-programs-Accessories-communication-Hyper terminal

The telnet I am talking about here is through the RUN command
TELNET IP ADDRESS
0
 

Author Comment

by:wuitsung
ID: 21790641
yes. it's VT100
0
 
LVL 7

Expert Comment

by:kanlue
ID: 21791029
an easier workaround is to use another terminal, just like PuTTY:
-------------
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-------------

hope it helps.

0
 

Author Comment

by:wuitsung
ID: 21791091
Thanx kanlue. But you didn't tell me why Hyper terminal is not working? I think it's supposed to work with CISCO router.
0
 
LVL 7

Expert Comment

by:kanlue
ID: 21791186
Hi wuitsung, sorry that i missed that part.

yes, the 'HyperTerminal' is just a telnet client application, it should work with any telnet servers including cisco routers.

did you try to use the same HyperTerminal to telnet to other telnet servers like your linux, cisco equipments? if you did get the same issue here, i would think that the HyperTerminal application is not working properly, and it needs to be fixed.

hope it helps.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 21792466
You may want to do a packet capture.  I use hyperterm to Cisco equipment all of the time and have never had an issue.
0
 

Author Comment

by:wuitsung
ID: 21797904
thank you giltjr. How do I use the packet capture and what do you look inside?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 21797997
Well I use wireshark (http://wwww.wireshark.org) you capture the packets, then look to see if the router is sending back data.
0
 

Author Comment

by:wuitsung
ID: 21807763
For the server (domain controller ) that was not able to VTY the router. I take the cable and connect the router directly to the server. Still the Hyper terminal not able to do anything with the router. (I also changed the configuration to com port). I am able to see the bootup process, btu after that, no matter what I do, it still stay there.

I also reinstall the hyper terminal on the server, it still doesn't fix the problem.

I used the windows network monitor, I did see some traffic from the router 10.0.1.254. Here is the screenshot.

I am wondering that is that there is a conflict with domain controller ?
nm.JPG
0
 
LVL 57

Expert Comment

by:giltjr
ID: 21809669
If "CISCO 37A954" is the router, it is sending a ARP to find the MAC address for the device with the IP address of 10.0.1.254.  Do yo know what device that is?

Why do you think there is a conflict with the domain controller?

Run the packet capture again, but this time filter so that only traffic between your computer and the router is captured.  You can capture the data with netmon, but I would still suggest that you get wireshark.  Wireshark can look at data caputed with netmon and Wireshark is a lot easier to use to filter traffic.
0
 

Author Comment

by:wuitsung
ID: 21809771
Hi giltjr, Thank you very much.
10.0.1.254 is the ip address of the router. The other side of the router is 10.0.2.254. My DC has the ip address 10.0.1.1

I tried Wireshark, indeed, it looks better than netmon. thank you. But I am not sure if I configured the right setting. I went to Capture/Capture filters/New/
I created the filter string : host 10.0.1.254

And here is the result I got (screenshot) and more detail in txt file. Thank you again.


cisco.JPG
cisco.txt
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:wuitsung
ID: 21809822
I also saw this at later time when I capture all traffic without filtering.

Source: Cisco_37:a9:54
Destination: CDP/VTP/DTP/PAqP/UDLD
Protocol: CDP
Info: Device ID: Router Port ID: Ethernet 0

*The DC is directly connected to the router.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 200 total points
ID: 21809841
I seeing no telnet traffic.  What is weird, at least to me, is that the router seems to be sending out a gratuitous arp ALL of the time.

O.K. In wireshark select Capture, then interfaces, then click on options for your NIC.  If you have multiple NIC's select the NIC that the telnet traffic will go out on.  Now in the box labeled "capture filter" enter:

   tcp port 23

then start the capture.  This will cause Wireshark (actually winpcap) to capture only TCP packets that have a destination or source port of 23 (which is what telnet uses).  Then see what you get.

Just as a note, in Wireshark capture filters are based on the filter statements of tcpdump.  Once you have done the capture you can do other filters and those filter statements are different.

After using Wireshark, I will never go back to netmon.  Plus wireshark will run on Windows, Linxu, xxxBSD and a host of other OS's.  Wireshark will also view captures from other programs, like netmon, tcpdump, Cisco router packet captures, Network Observer, Sniffer, ect.
0
 
LVL 7

Expert Comment

by:kanlue
ID: 21809871
Hi wuitsung, you mentioned that you can 'telnet 10.0.1.254'  successfully through command line in the SAME server. then why not do that again while you are capturing the packet by using 'Wireshark'. that way, you will get some data in the result.

0
 
LVL 7

Expert Comment

by:kanlue
ID: 21809877
if both 'telnet 10.0.1.254' and 'HyperTerminal' are not working in your server, maybe your server block the traffic.
0
 

Author Comment

by:wuitsung
ID: 21809903
Hi giltjr, I tried what you said, but I see nothing there.

And as kanlue suggested, I I captured the tcp port 23 traffic, here is the result in attachment.
Telnet is working. I am able to access my router.
telnet.txt
0
 

Author Comment

by:wuitsung
ID: 21809922
And I just tried one more thing. I tried to use the hyper terminal from other server (VTY). And it's WORKING.... I really have no idea why it's not working on my DC. I already uninstalled it and reinstalled...
0
 
LVL 7

Expert Comment

by:kanlue
ID: 21809996
strange. you may try to check the following although it sounds not that right:
is there any anti-virus application running in your server?
it might block outgoing telnet traffic; or your server firewall settings block it?
just a thought.
0
 

Author Comment

by:wuitsung
ID: 21810062
No firewall or antivirus installed on my DC
0
 
LVL 7

Assisted Solution

by:kanlue
kanlue earned 200 total points
ID: 21810091
did you try to use other telnet client (like 'PuTTY') in your server to connect to the router?
if that works, then the HyperTerminal in your server is the only one that's not working:
-not working through com port: can see but cannot input;
-not working through tcp/winsock, no packet out from your server;
-but you can 'telnet 10.0.1.254' in the same server;

you've already removed/install the hyperTerminal in that server and reboot, right?
0
 

Author Comment

by:wuitsung
ID: 21810205
I am wondering if the com port is defective.. but if I can see the output, I think it's not...

And I haven't restarted my DC yet.. I will do it.
0
 

Author Comment

by:wuitsung
ID: 21810271
It's fixed now after I restarted my DC! and reinstall the hyper terminal. Thank you for everyone here.

And for the wireshark, how can I specify other protocol to filter? I noticed that there are not many choices in Capture filter, less than windows network monitor.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 21812359
The capture filter is based on tcpdump, so if you look at examples of how to run tcpdump you can them.  There are basically TONS of stuff you can do.  Examples:

   ip host www.someplace.tdl

will only capture traffic to/from the ip address that the name www.someplace.tdl resloves to.  The  filter

   tcp port 23

will only trap traffic that has a source or destination port of tcp port 23 and:

   ip host www.someplace.tdl and tcp port 23

will only capture traffic that is to/from the address that www.someplace.tdl resloves to and is also to from tcp port 23.

Now the view filters in wireshark are totally different from tcpdump.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now