Troubleshooting Linux Servers with telnet

Telnet is one of the older ways of doing business over a network: a network protocol running over TCP/IP, which allows a client to talk to a server remotely. Back in the day (such as when I first got online), telnet was the usual means to connect to a remote computer to get a console, and from there do server administration, check email, 


and run applications. These days ssh is the default for security reasons, but telnet still has its uses. Because telnet transmits all data as-is you can use it to open a raw TCP session, then talk to a server running a network service, and do a little debugging. At the very least, telnetting to a particular port on a server can confirm that you can reach the remote server from your machine, and that there is a running service bound to the port.

It's important to remember that telnet is NOT encrypted, so it's very vulnerable to packet-sniffing and man-in-the-middle attacks. You should never use it to transmit a username and password except for controlled tests using disposable accounts.

SMTP

SMTP servers run on port 25, and you can use telnet to talk to them directly:

telnet smtp.example.com 25

Note that you won't get anything that looks like a prompt as the server doesn't expect to interact with humans. Instead, you'll get a couple of lines of output, then a blank line waiting for you to initiate the connection. Type:

EHLO example.com

to register on the server for the domain example.com. EHLO initiates the conversation with the remote server, tells it the host's name, and specifies that the host wants to use the extended SMTP protocol (to use the regular SMTP protocol, use HELO instead). See this site for a useful summary of SMTP server commands.

Your connection is now established, so you can try sending a mail directly.

MAIL From:
RCPT To:
DATA

At this point, you can type your message in. When you're done, hit return, then type . and hit return again to send the message. Type QUIT to leave the session.

This can be a useful way to check what's happening with your SMTP server. Some SMTP servers require TLS, which means that you won't be able to get any further than initiating the connection. But you can at least check that the server is there and taking connections. (The OpenSSL s_client test program is for testing TLS connections on mail servers; come back tomorrow for a s_client howto.)

IMAP

Similarly, you can talk directly to an IMAP server to find out what's going on there:

telnet localhost 143

Once the connection is established, you'll get a bunch of output that looks a bit like this:

Connected to imap.example.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
 THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT
 QUOTA IDLE ACL ACL2=UNION] Courier-IMAP ready.
Copyright 1998-2010 Double Precision, Inc.  
See COPYING for distribution information.

To log in, use this (note that the 1 is needed):

1 LOGIN username password

Note: this password is going across in the clear! If you definitely want to do this, use a disposable test account and get rid of it afterwards.

Here are a few more commands to try, from WikiQuestions:

• 1 SELECT Inbox will select the Inbox folder. Look for the EXISTS line of output to tell you how many mails there are.
• 4 LIST "" "INBOX" will list each item in the inbox, with various pieces of information about the items including the date sent, any flags on the mail, and the subject line.
• 1 LOGOUT will log you out.

Web and IRC Servers

telnet www.example.com 80

Try getting a particular page:

GET /index.html HTTP/1.1
host: www.example.com

Note that you need to hit enter twice after the host name line, and you need to specify both the HTTP protocol version, and the hostname.

If the page is there, you should get a bunch of HTTP header information, then the HTML content of the page. If it's not, you'll get an HTTP 404 Not Found error, and the website's 404 page. Use the same request structure again to request a different page. If you want to experiment more with this, check outthe HTTP 1.1 protocol.

Other

Most IRC servers run on port 6667. Try connecting to an IRC server like this:

telnet irc.freenode.net 6667

This will connect you, but you'll need to set your nickname manually (type NICK yournickname) and join channels with the raw protocol command (type JOIN #thischannel). You'll get a lot of output that you may or may not recognise, and the whole thing is a bit more tortuous than using a real IRC client! But it gives you a chance to experiment with the raw commands, which (as discussed in the O'Reilly book IRC Hacks can be useful if you want to write or improve IRC clients.

You can also try port 9 to test that your telnet client is working OK. It's the discard/null port, so you won't affect any other services.

Conclusion

Telnetting to servers won't always work these days, as some (quite reasonably!) insist on only connecting over an encrypted connection for some services, and telnet is plaintext. However, it can be a useful debugging tool, particularly when you're setting up your own servers to make sure that everything is working as it should. Not to mention... it's always kind of fun to be able to talk to people or servers in their own language.