DEV Community

Zach Peters
Zach Peters

Posted on

Stupid Telnet Tricks

As a system administrator, it is often necessary to do a "sanity check" from time to time.  Most problems become simple when you can break them down into their various parts.  Often, though, we take the services we use for granted.  We know that the web server is running, email "just works"...right???  Using some of the tricks below, you can verify that these services, in fact work, as you assumed and save yourself a lot of time and trouble.

HTTP

telnet server 80
GET / HTTP/1.1
Enter fullscreen mode Exit fullscreen mode

SMTP

telnet server 25
Trying X.X.X.X...
Connected to localhost.
Escape character is '^]'.
220 sever ESMTP Exim 4.69 Wed, 07 Jan 2009 21:53:57 -0600
HELO foobar.com
250 server Hello localhost [127.0.0.1]
mail from: <a href="mailto:test@foobar.com">test@foobar.com</a>
250 OK
rcpt to: <a href="mailto:you@somewhere.com">you@somewhere.com</a>
250 Accepted
data
354 Enter message, ending with "." on a line by itself
payload
.
250 OK id=1LKlz9-0000cW-Tz
quit
221 server closing connection
Connection closed by foreign host.
Enter fullscreen mode Exit fullscreen mode

POP3

telnet mail.foobar.com 110
Trying X.X.X.X...
Connected to mail.foobar.com.
Escape character is '^]'.
+OK The Microsoft Exchange POP3 service is ready.
USER username
+OK
PASS password
+OK User successfully logged on.
STAT
+OK 6 48274
LIST
+OK 6 48274
1 11274
2 11269
3 4929
4 4461
5 13350
6 2991
.
QUIT
+OK Microsoft Exchange Server 2007 POP3 server signing off.
Connection closed by foreign host.
Enter fullscreen mode Exit fullscreen mode

What are your favorite telnet tricks?

I am sure most of these are old-hat to many of you, what other "stupid telnet tricks" do you have?

Top comments (1)

Collapse
 
ferricoxide profile image
Thomas H Jones II

Many organizations forbid the installation of a telnet client. In a pinch, you can substitute Linux's ability to write directly to the network drivers. E.g., say you wanted to check for a response from Google's web servers, doing something like:

exec 3<>/dev/tcp/www.google.com/80
echo -e "GET / HTTP/1.1\r\nhost: http://www.google.com\r\nConnection: close\r\n\r\n" >&3
cat <&3

Would get you back:

HTTP/1.1 400 Bad Request
Content-Length: 54
Content-Type: text/html; charset=UTF-8
Date: Fri, 28 Feb 2020 01:48:58 GMT
Connection: close

<html><title>Error 400 (Bad Request)!!1</title></html>

Other services yield similarly. Want to test SSH connectivity:

exec 3<>/dev/tcp/ssh.mydomain.com/22
echo -e "" >&3
cat <&3

Should get you something like:

SSH-2.0-OpenSSH_7.4
Protocol mismatch.

Similarly, if you're using SSL-protected services, using openssl's s_client function is super-helpful.