routeros-mac-telnetlisted

# MAC-Telnet — MikroTik Layer-2 Terminal Protocol MAC-Telnet lets you open an interactive RouterOS terminal (or run commands) addressing a device by its **MAC address** — you do not need to know or route to the target's IP. It works across a Layer-2 broadcast domain even when the target has no IP, a wrong IP, or an IP you cannot route to, which is why WISPs and provisioning tools rely on it. WinBox's "MAC Telnet" and the `tools/mac-telnet` CLI use this protocol family. ## Why This Matters for Agents - It is the only way to get a shell on a freshly-unboxed or misconfigured RouterOS device that has no reachable IP. - The protocol carries its **own 6+6-byte source/destination MAC addressing inside every packet**, independent of the outer UDP/L2 delivery. This trips up implementers who assume normal UDP semantics. - Authentication has **two incompatible modes** — classic **MD5** and modern **MTWEI (EC-SRP over Curve25519)**. Current RouterOS 7.x defaults to MTWEI; getting the mode-detection wrong is the single most common failure. - It is simple enough to implement from scratch for the MD5 path; MTWEI needs an elliptic-curve library. ## Protocol Basics | Property | Value | |----------|-------| | Transport | UDP | | Port | **20561** (server listens; client may use an ephemeral or matching source port) | | Addressing | In-packet 6-byte src + 6-byte dst MAC (the real addressing); outer UDP/IP is just transport | | Delivery | Layer-2 — broadcast or unicast Ethernet f