Troubleshooting with Telnet

Poor telnet, it used to be the cool kid on the block. It was the program all sysadmins turned to when they needed to connect to a remote server. Telnet just wasn't that good at keeping a secret—all communication went over plain text—so administrators started switching to SSH for encrypted remote shell sessions. Of course, along with the switch came a huge stigma against administrators who still used telnet. Eventually, telnet became an outcast—the program you used if you were an out-of-touch old-timer who didn't care about security.

I for one think telnet isn't all bad. Sure, it can't keep a secret, but it still can do a lot of useful things around the server room. Really, telnet just provides you a convenient way to connect to a network port and send commands. Telnet can work well to diagnose problems with one of the many services out there that still accept plain-text commands in their protocol. In fact, it's one of my go-to command-line programs when I'm troubleshooting. In this column, I'm going to give telnet a second chance and describe how to use it to perform some common troubleshooting tasks.

Test Remote Ports

There are many different ways to test whether a network port is listening on a system, including GUI port scanners, Nmap and nc. Although all of those can work well, and even I find myself using Nmap more often than not, not all machines end up having Nmap installed. Just about every system includes telnet though, including a lot of embedded systems with BusyBox environments. So if I wanted to test whether the SMTP port (port 25) was listening on a server with the IP 192.168.5.5, I could type:


$ telnet 192.168.5.5 25
Trying 192.168.5.5...
telnet: Unable to connect to remote host: Connection refused

In this case, the remote port is unavailable, so I would fall back to some other troubleshooting methods to figure out why. If the port were open and available though, I could just start typing SMTP commands (more on that later).

As you can see from the above example, the syntax is to type the command telnet, the IP or hostname to connect to, and the remote port (otherwise it will default to port 23—the default port for telnet). So if I wanted to test a Web server instead, I would connect to the HTTP port (port 80):


$ telnet www.example.net 80

Troubleshoot Web Servers

While you are connecting to port 80, you might as well actually throw some HTTP commands at it and test that it works. For starters, you want to make sure you actually are connected:


$ telnet www.example.net 80
Trying 192.168.5.5...
Connected to www.example.net.
Escape character is '^]'.

Once you are connected, you can pass a basic HTTP GET request to ask for the default index page followed by the host you want to connect to:


GET / HTTP/1.1
host: www.example.net

The GET request specifies which page (/) along with what protocol you will use (HTTP/1.1). Since these days most Web servers end up hosting multiple virtual hosts from the same port, you can use the host command so the Web server knows which virtual host to direct you to. If you wanted to load some other Web page, you could replace GET / with, say, GET /forum/. It's possible your connection will time out if you don't type it in fast enough—if that happens, you always can copy and paste the command instead. After you type your commands, press Enter one final time, and you'll get a lot of headers you don't normally see along with the actual HTML content:


HTTP/1.1 200 OK
Date: Tue, 10 Jul 2012 04:54:04 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Mon, 24 May 2010 21:33:10 GMT
ETag: "38111c-b1-4875dc9938880"
Accept-Ranges: bytes
Content-Length: 177
Vary: Accept-Encoding
Content-Type: text/html
X-Pad: avoid browser bug

<html><body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
<p>The web server software is running but no content 
has been added, yet.</p>
</body></html>

As you can see from my output, this is just the default Apache Web server page, but in this case, the HTML output is only one part of the equation. Equally useful in this output are all of the headers you get back from the HTTP/1.1 200 OK reply code to the modification dates on the Web page, to the Apache server version. After you are done sending commands, just press Ctrl-] and Enter to get back to a telnet prompt, then type quit to exit telnet.

I usually just use telnet to do some basic HTTP troubleshooting, because once you get into the realm of authentication, following redirects and other more complicated parts of the protocol, it's much simpler to use a command-line tool like curl, or I guess if you have to, even a regular GUI Web browser.

Send an E-mail

Although I just use telnet for basic Web server troubleshooting, telnet ends up being my preferred tool for e-mail troubleshooting, mostly because it's so simple to send a complete e-mail with only a few telnet commands.

The first step is to initiate a telnet connection with the mail server you want to test on port 25:


$ telnet mail.example.net 25
Trying 192.168.5.5...
Connected to mail.example.net.
Escape character is '^]'.
220 mail.example.net ESMTP Postfix

Unlike the blank prompt you may get when you connect to an HTTP server, with SMTP, you should get an immediate reply back. In this case, the reply is telling me I'm connecting to a Postfix server. Once I get that 220 prompt, I can start typing SMTP commands, starting with the HELO command that lets me tell the mail server what server is connecting to it:


HELO lappy486.example.net
250 mail.example.net

The nice thing about the interactive SMTP connection here is that if I do somehow make a typo in a command or make a mistake, it should let me know; otherwise, I should get a 250 reply. After HELO, you use the MAIL FROM: command to list what e-mail address the e-mail should appear to be from. I say appear to be from, because you can put just about any e-mail address you want here, which is a good reason not to blindly trust FROM addresses:


MAIL FROM: <root@example.net>
250 Ok

In the past, I used to type in the e-mail address directly without surrounding it with <>. My personal Postfix servers are fine with this, but other mail servers are more strict and will reply with a syntax error if you don't surround the e-mail address with <>. Since this FROM address was accepted, you can follow up with RCPT TO: and specify who the e-mail is addressed to:


RCPT TO: <postmaster@example.net>
250 Ok

The fact that the mail server responded with 250 should mean that it accepted the TO address you specified here. Finally, you can type DATA and type the rest of your e-mail, including any extra headers you want to add, like Subject, then finish up with a single period on its own line:


DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Give Telnet a Chance 1
Hi,

All we are saying is give telnet a chance.
.
250 Ok: queued as 52A1EE3D117

When I'm testing e-mails with telnet, I usually put a number in the subject line so I can continually increment it with each test. This way, if some e-mail messages don't get delivered, I can tell which ones went through and which ones didn't.

Once you are done with the DATA section and the e-mail is queued, you can type quit to exit:


quit
221 Bye
Connection closed by foreign host.

Now that you have some ways to troubleshoot with telnet, hopefully you won't relegate telnet to the junk drawer of your Linux systems. Sure, you may not want to use it for remote shells, but now that just about everyone uses SSH anyway, maybe you can break out telnet on your terminal for all of your other plain-text network needs without your friends scolding you.

Computer network image via Shutterstock.com

______________________

Kyle Rankin is a director of engineering operations in the San Francisco Bay Area, the author of a number of books including DevOps Troubleshooting and The Official Ubuntu Server Book, and is a columnist for Linux Journal.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

A real time server

Stephen Wood's picture

Though these days I prefer netcat for this purpose, telnet is my go-to command to test whether a server is listening on port 22. There's nothing more assuring than seeing:

SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1

Well said Kyle

fmp's picture

I still use "telnet" with our servers specially with our communication devices/appliance. People may call me low-techie (like my boss) but that it just the way it works. Yes, telnet is one of my preferred ingredient.

Telnet Linux to Windows

Sharad's picture

Hi,

Nice informative article! Thanks!!

I have run into an issue with Linux to Windows telnet connection. On windows I run a command(my own application) which generates a lot of output on the screen and telnet session terminates all of a sudden. However if I redirect/write this output to file I am able to open and read file over telnet.
On windows log telnet logs an error saying "system error:error more data"

Do you have any idea what could be wrong here ..with telnet?

Thanks,
Sharad

Still useful but abandoned

ΝΤΕΤΕΚΤΙΒ's picture

Although still useful, it seems to be abandoned by the major OS providers...
There is no reason, it just happens

ΝΤΕΤΕΚΤΙΒ

Netcat is the tool you should

Anonymous's picture

Netcat is the tool you should be using.

Telnet -- client vs Daemon

Colin's picture

The point here is that the telnet client is a simple plain text tool used for communicating directly to a port. The Telnet Daemon can listen for telnet clients and facilitate their connection to your server.

You should never allow communications on port 23 unless you have legacy devices on your network that need it (and even then restrict their access to local IP's only and firewall the machine).

Telnet -- client vs Daemon

Colin's picture

The point here is that the telnet client is a simple plain text tool used for communicating directly to a port. The Telnet Daemon can listen for telnet clients and facilitate their connection to your server.

You should never allow communications on port 23 unless you have legacy devices on your network that need it (and even then restrict their access to local IP's only and firewall the machine).

Open Relay ??

Security's picture

Your email server should never be configured to operate as described... it's known as an open relay and is generally used by spammers to send illicit mass emails... and will also result in getting your mail server blacklisted rather quickly...

Furthermore, best practices in security are to turn off telnet and block the port unless there is a very good reason to leave it open...

https://utdallas.edu/infosecurity/BestPracticesServer.html

So, while telnet could be used to troubleshoot a server --- it should never be used on the open Internet as described in this article...

re Open Relay ??

Ray Mroz's picture

Furthermore, best practices in security are to turn off telnet and block the port unless there is a very good reason to leave it open...

I could not agree more. I for one would only authorize such a reckless and wanton use of telnetd in the event of either a full blown, pan-global zombie apocalypse (limited, regional zombie activity does NOT qualify here) or a vicious military invasion launched by the combined forces of China, North Korea and New Zealand against North America proper. There is nothing more horrifying to me than the prospect of several 1337, ethereal-using zombies orchestrating a sophisticated man-in-the-middle attack against my plain-text telnet sessions... _shudder_.

So, while telnet could be used to troubleshoot a server --- it should never be used on the open Internet as described in this article...

Alas, tis true, the "open Internet" can be a _scary_ place...

All kidding aside, given that the author was in no way encouraging a reckless, unsafe use of telnetd or postfix, it is probably best that you go back and take the time to re-read the article again, this time with an eye toward comprehension.

To Kyle, nice piece, I have had occasion to use telnet for troubleshooting one thing or another over the years and given that I am a programmer and not a sysadmin by trade, I have even written a few small modules, quick and dirty debug protocol interpreters into my own code with the intent of being accessible and responsive to commands/queries via a telnet session. It is a great way to remotely access debug telemetry or other useful runtime feedback from your own code as it provides one with a ready-made client from which to access and render said data. Furthermore, it is also trivial to implement this component as a reusable module of code which can then access and aggregate debug input from a variety of different sources and reliably expose it to a telnet user. Thanks again for the article!

Maybe you are trolling, but

Kyle Rankin's picture

Maybe you are trolling, but I'm not sure that you read my column all the way through. I'm advocating telnet as a simple troubleshooting tool and nowhere did I advocate using telnetd nor did I advocating or even use an open relay in the column. I just used 'example.com' as an, well, example. Ideally you would replace that with the proper test recipient address.

Basically I'm just using valid SMTP commands like any actual mailserver would use, and as long as the RCPT TO command points to a valid user on a remote mail server (or you send an outbound email from inside the restricted network your mail server is configured to allow for relays) the mail should get delivered. I've used similar commands to manually send email to google's mail servers with telnet (with the RCPT TO pointing to a valid gmail.com address) and I'm sure you wouldn't accuse them of running open relays.

Kyle Rankin is a director of engineering operations in the San Francisco Bay Area, the author of a number of books including DevOps Troubleshooting and The Official Ubuntu Server Book, and is a columnist for Linux Journal.

Using telnet to check that an MS SQLport is open on Firewall

ΝΤΕΤΕΚΤΙΒ's picture

Using telnet you can also test for if an MS SQL Server port is open on the MS SQL Server firewall.

MS SQL default Port is 1433 so please try:
telenet mssql.example.net 1433

If telenet connection succeds then you will be able to connect and use the SQL Server - of course you MUST also have a proper Username and Password to connect.

Netcat

Anonymous's picture

netcat is even better than telnet for all the above uses and is found on most Linux distributions. And socat provides even more power and flexibility.

The point is

Enrique's picture

telnet is a simple and handy tool, not only on Linux but on other OSes as well.
By example, on my default RedHat and CentOS servers installation there's no netcat by default, but there's a telnet client, so I don't need to install additional software to do basic troubleshooting on open ports or on a smtp server.
Kyle is not proposing to use telnet server to open a remote console, but tu use the telnet client to do some network troubleshooting. I found it valuable, specially the HTTP troubleshooting, as the mail server is something I periodically use.

Telnet rocks

Anonymous's picture

I work on healthcare interfaces, and we routinely use telnet to verify that the receiving system is up and waiting on a particular port. It irks me when I come across a recent Windows machine, which doesn't have telnet installed by default.

Suprisingly, recent Fedora

skuran's picture

Suprisingly, recent Fedora dists don't come with telnet client either. Linux users are not standard users, I really don't understand why telnet client is removed among a zillion software that you never run.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState