RouterOS Mac-Telnet application for Linux users
Earlier, I wrote about a Wireshark plugin for dissecting Mac-Telnet packets. Now I have created an open source application for connecting to a RouterOS router via its MAC address from Linux without having to install Wine. At the time of writing the project is still in “alpha” stage. But it is fully functional. Though it will probably be rewritten soon. I feel that the second time you write the same application, it tends to be more robust and thought through.. The first time is more of a proof of concept, and I let myself do a lot of short-cuts, just to be able to see it working.
The source code can be found at github. Just find the “download source” link at the top of the page.
To compile it, simply untar it, and compile it with “make” .
Because it needs to alter the frame headers, it uses RAW sockets, which means that you will need root access to use this tool.
To find the MAC address of connected routers, try the included tool mndp. It might take up to 2 minutes to find all routers, since it is a passive tool that waits for the routers to broadcast their info on the network:
# ./mndp Searching for MikroTik routers... Abort with CTRL+C. 0:c:42:43:58:a5 HMG
HMG is my name of the found router, set in the Identity section of the router.
Here are some mac-telnet usage information:
# ./mactelnet --help Usage: ./mactelnet <ifname> <MAC> <username> [password] Parameters: ifname Network interface that the RouterOS resides on. (ex: eth0) MAC MAC-Address of the RouterOS device. Use mndp to discover them. username Your username. password Your password.
Tip: Log out using CTRL+D on your keyboard.
# sudo ./mactelnet eth0 0:c:42:43:58:a5 admin mysecretpass Connecting to 0:c:42:43:58:a5...done MMM MMM KKK TTTTTTTTTTT KKK MMMM MMMM KKK TTTTTTTTTTT KKK MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK MikroTik RouterOS 4.0 (c) 1999-2009 http://www.mikrotik.com/ [admin@HMG] >
Omni Flux sent me a patch that speeds up the MNDP discovery time by sending out a MNDP request before waiting for replies. Thanks!
He also informed me that his tests showed that you could send all the mac-telnet traffic to- and from- the broadcast address. This means that you would not need socket_raw (read: root privileges) capabillities to be able to send data to the router.
So the latest version of mactelnet, now also as a binary .deb package below, can be used without root privileges, unless you don’t want all data from your session to be broadcasted on your local network. You can optionally use the “old” method, where it uses the destination routers mac address as destination instead of broadcast.
Last commits on MAC-Telnet at GitHub
- 03.07.2014 - Fixed timeout problems where client tried to connect via multiple interfaces.
- 01.07.2014 - Fix for replying to keepalive-acks more correctly. (Should decrease the amount of unexpected timeouts)
- 01.07.2014 - Fixed a bug where the first packet could trigger several authentication start-replies, if resent
- 29.05.2014 - Fixes debian bug #749658
- 23.02.2014 - Code whitespace cleanup, and full malloc removal.