CHARGEN
From Wikipedia, the free encyclopedia
The five-layer TCP/IP model |
---|
5. Application layer |
DHCP · DNS · FTP · Gopher · HTTP · IMAP4 · IRC · NNTP · XMPP · POP3 · RTP · SIP · SMTP · SNMP · SSH · TELNET · RPC · RTCP · RTSP · TLS (and SSL) · SDP · SOAP · GTP · STUN · NTP · (more) |
4. Transport layer |
TCP · UDP · DCCP · SCTP · RSVP · ECN · (more) |
3. Network/internet layer |
IP (IPv4 · IPv6) · OSPF · IS-IS · BGP · IPsec · ARP · RARP · RIP · ICMP · ICMPv6 · IGMP · (more) |
2. Data link layer |
802.11 (WLAN) · 802.16 · Wi-Fi · WiMAX · ATM · DTM · Token ring · Ethernet · FDDI · Frame Relay · GPRS · EVDO · HSPA · HDLC · PPP · PPTP · L2TP · ISDN · ARCnet · LLTD · (more) |
1. Physical layer |
Ethernet physical layer · RS-232 · SONET/SDH · G.709 · Optical fiber · Coaxial cable · Twisted pair · (more) |
The CHARGEN (character generator) service is an internet protocol defined in RFC 864. It is intended for testing and measurement purposes.
A host may connect to a server that supports the CHARGEN protocol, on either TCP or UDP port 19. Upon opening a TCP connection, the server starts sending arbitrary characters to the connecting host and continues until the hosts closes the connection. In the UDP version of the protocol, the server sends a UDP packet containing a random number (between 0 and 512) of characters every time it receives a UDP packet from the connecting host. Any data received by the server is thrown away.
Contents |
[edit] Inetd implementation of CHARGEN
On Linux, FreeBSD, and other UNIX-like operating systems a chargen server is built into the inetd daemon. The chargen service is usually not enabled by default. It may be enabled by adding the following lines to the file /etc/inetd.conf and telling inetd to reload its configuration:
chargen stream tcp nowait root internal chargen dgram udp wait root internal
[edit] Examples of use
- As a source of generic byte-stream payload for debugging TCP and/or UDP based network code for proper bounds checking and buffer management.
- Can also be a source of generic payload for bandwidth measurement and/or QoS fine-tuning. Although consideration must be given if hardware compression is active, as the output from chargen is easily and efficiently compressed. This compression can cause bandwidth tests to report the size of the data after decompression, instead of the actual amount of data which passed along the wire. (Eg. 5Gb of actual data transferred may decompress to as much as 9..10Gb)
[edit] A sample session
A typical CHARGEN session looks like this: first the user connects to the host using a telnet client.
$ telnet localhost chargen Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
What follows is a stream of bytes. Although the precise format of the output is not prescribed by RFC 864, the recommended pattern (and a de-facto standard) is shifted lines of 72 ASCII characters repeating:
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh "#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi #$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij $%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk %&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl &'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklm '()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmn ()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmno )*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop *+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq +,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr ,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs -./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst ./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstu /0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuv
This goes on until the client quits.
^] telnet> quit Connection closed.
[edit] Abuse
- Was used maliciously to crash MS DNS servers running Microsoft Windows NT 4.0 by piping the arbitrary characters straight into the port the DNS server listens on (telnet ntbox 19 | telnet ntbox 53). [1] However, the attack was presumably a symptom of improper buffer management on the part of Microsoft's DNS service and not directly related to the CHARGEN service.
[edit] See also
[edit] External links
- The Character Generator Protocol (RFC 864)