Telnet is a network command that enables its users to access the command prompt of a remote computer or network device. Network and system administrators use this application to configure and administer network devices such as servers, routers, switches, etc.
Using telnet: syntax
The telnet command is accessible via a computer’s command line interface. For most users there’s no need for installing telnet as this command is preloaded in many operating systems. The telnet command syntax is the following:
telnet hostname_or_IP_address [ non_standard_port_used ]
By default, a telnet server listens on port TCP 23 for incoming connections from clients. For this reason, only the host parameter is mandatory. The port number is optional for remote computers that use the default port. However, if you want to test connectivity to a remote service using port 20011 on host test.netbeez.net, you’ll have to type:
telnet netbeez.net 20011
Telnet limits and use cases
The telnet network protocol is based on the Transmission Control Protocol (TCP), which is connection-oriented. The telnet protocol doesn’t encrypt traffic. As a result, the information exchanged between a client and server is unencrypted. For this reason, in the last years, the Secure Shell command (SSH) replaced telnet for connecting to remote systems. In fact, SSH uses the Secure Socket Layer (SSL) protocol.
Although telnet is rarely used for remote administration purposes, the telnet client is still widely used to verify connectivity to remote services that are based on TCP. In a client-server model architecture, you can use a telnet client to make sure that no firewalls in between are blocking incoming connections to the server.
As we’ll see in the next paragraphs, there are three possible outcomes when using telnet:
- There are no firewalls blocking the connection from the client to the server.
- There are firewalls explicitly rejecting the connection from the client to the server.
- There are firewalls silently dropping connections from the client to the server.
Successful telnet
If the service is running with no firewalls in-between blocking incoming connections, the telnet command will return the following prompt:
As you can see, the telnet command line interface returns the resolved IP address associated to the provided hostname, and give notice of the escape character ‘SHIFT ]’ that can be used to terminate the connection and resume the telnet prompt.
Refused telnet connection
Let’s see what happens when a firewall in between is rejecting connections:
In this case, the prompt telnet is returning the message “Connection refused” to communicate to the user that a firewall is blocking connections to the specified TCP port on the remote host.
Unsuccessful telnet connection
When troubleshooting client connectivity issues to a TCP service, another possible scenario is the following:
In this other scenario, the telnet prompt is not returning any message. This case is more difficult to troubleshoot because it could be either that:
1) a network or host firewall is dropping incoming connections
2) the remote host is down or the telnet server is not running
3) network connectivity between the client and server is unavailable for some reason.
In this case, you can troubleshoot to see if you find more information. In some case, you can test with a TCP traceroute where the connection fails. You can also get in touch with the administrator of the remote host to ask if they allow telnet connections.
Before concluding this post, I would like to explain two important concepts related to firewalls …
Difference between host firewalls and network firewalls
A host firewall runs on a computer, or server, to block or allow incoming connections to specific local services. The goal of such firewall is to protect the host itself where the firewall is running. Most modern operating systems, like Windows, Mac, or Linux, have available such a service.
A network firewall is a dedicated device that is installed on a specific network segment to protect one or more private networks that reside behind it. Network firewalls are sophisticated appliances that can inspect a large amount of throughput data adding little delay.
Difference between reject and drop in firewall configurations
Firewalls can block connections via two methods: reject or drop. When a connection is rejected, the firewall tells the source that the destination host is not allowing incoming connections to specific port(s).
The second method is to silently drop the packets, acting as if the host is unreachable. As I described earlier, since this method is more difficult to troubleshoot, it’s more appropriate to slow down hostile users that are scanning a network in the hopes of finding vulnerabilities to exploit. For this reason, it’s a good idea to configure internal firewalls with reject rules and external ones, while facing public networks with drop rules.
Conclusion
Telnet is a network protocol that once used to connect to a remote computer or device. Its lack of encryption caused SSH to replace telnet for accessing . However, there are several other use cases for which telnet is still a much needed tool. For instance, users can determine if a remote TCP port is reachable, unreachable, or blocked by firewalls.
A network performance monitoring tool like NetBeez is capable of automating telnet tests thanks to its continuous testing capabilities. If you are a network administrator that needs to periodically verify TCP/IP ports availability, but also monitor network performance and uptime, request a demo or a free trial to see how NetBeez works. NetBeez is capable of automating telnet checks and do much more.
