Can a Telnet server detect the client being used through the protocol?

While web browsers send, among other things, the User-Agent string, does the Telnet protocol have a similar method of determining anything about the client connecting to it? OS? Specific Telnet client? Etc.


There is no User-Agent, but there exist a few Telnet protocol options for sending client information:

  • TERMINAL TYPE – shows the used terminal type (e.g. xterm, urxvt, screen-256color...) You can't really get rid of this without breaking things. Same goes for NAWS which reports the window size (columns × rows).

  • OLD-ENVIRON and NEW-ENVIRON – can reveal some specific environment variables; some clients also reveal their FQDN in a fake $DISPLAY variable. Sending your configured system locale ($LANG, $LC_*) or timezone ($TZ) is also not uncommon.

  • XDISPLOC – similar to above, some clients send your FQDN as the X11 display location.

  • If any of the authentication features are enabled, they can reveal your OS username.

  • Finally, the whole set of recognized options varies between implementations and can be used as a rough Panopticlick-style fingerprint.

frost$ echo $DISPLAY
:0

frost$ telnet
telnet> set options
Will show option processing.
telnet> open m-net.arbornet.org
Trying 162.202.67.157...
Connected to m-net.arbornet.org.
Escape character is '^]'.
SENT DO SUPPRESS GO AHEAD
SENT WILL TERMINAL TYPE
SENT WILL NAWS
SENT WILL TSPEED
SENT WILL LFLOW
SENT WILL LINEMODE
SENT WILL NEW-ENVIRON
SENT DO STATUS
SENT WILL XDISPLOC
RCVD DO AUTHENTICATION
SENT WONT AUTHENTICATION
RCVD WILL SUPPRESS GO AHEAD
RCVD DO TERMINAL TYPE
RCVD DO NAWS
SENT IAC SB NAWS 0 95 (95) 0 46 (46)
RCVD DO TSPEED
RCVD DO LFLOW
RCVD DO LINEMODE
SENT IAC SB LINEMODE SLC SYNCH NOSUPPORT 0; IP VARIABLE|FLUSHIN|FLUSHOUT 3; AO VARIABLE 15; AYT NOSUPPORT 0; ABORT VARIABLE|FLUSHIN|FLUSHOUT 28; EOF VARIABLE 4; SUSP VARIABLE|FLUSHIN 26; EC VARIABLE 127; EL VARIABLE 21; EW VARIABLE 23; RP VARIABLE 18; LNEXT VARIABLE 22; XON VARIABLE 17; XOFF VARIABLE 19; FORW1 NOSUPPORT 0; FORW2 NOSUPPORT 0;
SENT DO SUPPRESS GO AHEAD
RCVD DO NEW-ENVIRON
RCVD WILL STATUS
RCVD DO XDISPLOC
RCVD WILL ENCRYPT
SENT DONT ENCRYPT
RCVD DO OLD-ENVIRON
SENT WONT OLD-ENVIRON
RCVD IAC SB TERMINAL-SPEED SEND
SENT IAC SB TERMINAL-SPEED IS 38400,38400
RCVD IAC SB X-DISPLAY-LOCATION SEND
SENT IAC SB X-DISPLAY-LOCATION IS "frost.nullroute.eu.org:0"
RCVD IAC SB NEW-ENVIRON SEND 
SENT IAC SB NEW-ENVIRON IS VAR "DISPLAY" VALUE "frost.nullroute.eu.org:0"
RCVD IAC SB TERMINAL-TYPE SEND
SENT IAC SB TERMINAL-TYPE IS "XTERM-256COLOR"
RCVD DO ECHO
SENT WONT ECHO
RCVD WILL ECHO
SENT DO ECHO
RCVD IAC SB TOGGLE-FLOW-CONTROL OFF
RCVD IAC SB TOGGLE-FLOW-CONTROL RESTART-XON
RCVD DONT LINEMODE
SENT WONT LINEMODE
RCVD IAC SB LINEMODE SLC IP VARIABLE|ACK|FLUSHIN|FLUSHOUT 3; AO VARIABLE|ACK 15; ABORT VARIABLE|ACK|FLUSHIN|FLUSHOUT 28; EOF VARIABLE|ACK 4; SUSP VARIABLE|ACK|FLUSHIN 26; EC VARIABLE|ACK 127; EL VARIABLE|ACK 21; EW VARIABLE|ACK 23; RP VARIABLE|ACK 18; LNEXT VARIABLE|ACK 22; XON VARIABLE|ACK 17; XOFF VARIABLE|ACK 19;

FreeBSD/i386 (m-net.arbornet.org) (pts/5)

login: