When it comes to checking if a network port isopened or closed on a remote computer, there's no easier way than to usetelnet. Ports left open for no reason are a security risk that maliciousprograms and viruses can exploit. At the same time, if legitimate softwarecommunicates through a specific port, having that port closed will make theprogram throw errors and malfunction.
Many people findthe challenge of checking if a port is opened to be too complex. However, oneof the most efficient ways is to use the network protocol telnet. Telnet allowsthe user to test individual ports and see whether they are open. In thisarticle, we'll break down how telnet can be used to check ports on Windows 10,Windows Server 2022, 2016, 2012 and 2008.
What is Telnet?
The name"telnet" is short for "teletype network protocol."
In anutshell, telnet is a computer protocol that was built for interacting withremote computers. It enables terminal-to-terminal communication and can be usedfor a variety of purposes.
The word"telnet" also refers to the command-line utility "telnet,"available under Windows OS and Unix-like systems, including Mac, Linux, andothers. We will use the term "Telnet" mainly in the context of thetelnet client software.
Telnetutility allows remote user access to test connectivity to remote machines andissue commands through a keyboard. Though most users opt to work with graphicalinterfaces, telnet is one of the simplest ways to check connectivity on certainports.
What is telnet used for?
The telnetprotocol is as “old school” as it gets in the tech world. It was developed in1969, so it doesn't pack the robust security features of today's networkprotocols.
As we'vementioned, via telnet, users can connect to software that utilizes text-basedunencrypted protocols from web servers to ports. You can open the command lineinterface on a remote computer, type "telnet," the remote machine'sname or IP address, and wait for the telnet connection to ping the port tocheck if it's open.
However, youcan use telnet to execute various other tasks. When properly connected, you canedit files, run programs, or check your email with it.
In addition,some servers enable remote telnet connections to access public data. Forstarters, you can check the weather forecast via the Weather Undergroundservice, active since 1995 and still running, because, let's face it, TVforecasts can get boring.
Moreover,telnet lets you play chess at the Free Internet Chess Server (FICS) and reallymerge with the spirit of old digital masters.
To play chessthere, use the command:
ofreechess.org
Now, for thehardcore Star Wars fans — you can watch Star Wars Episode 4 in the defaultASCII mode. Or at least the part of the movie that's finished and available for"streaming."
To do so, usethe following command in telnet:
otowel.blinkenlights.nl 23
Via telnet, anostalgic network user can also talk to the AI psychotherapist Eliza. Even ifshe rarely understands you, her lines are bound to brighten your day and giveyou a laugh.
To get intouch with Eliza, type the following command:
otelehack.com, followed byeliza
Some usersstill use telnet to administer and join text-based bulletin board systems. Asforums are plain text, you won't need fancy pictures or animations to spice upthe threads.
To sum up,aside from its ability to check port status, telnet is primarily used fornostalgic fun or to equip an older user system that doesn't support access tospecific data otherwise.
What are the three modes oftelnet protocol?
The telnetprotocol generally has three modes of operation. In all of them, your keyboardproduces outgoing data via the telnet command structure, travels via a telnetTCP connection, and arrives at a virtual or physical terminal to satisfy aterminal-computer connection.
Defaultmode
·If no other modes areinvoked, telnet will default to this mode.
·Echoing is performedin this mode by the user.
·Here, the user cantype a character, and the client echoes said character on the screen. However,it won't send it until the whole line is completed.
This mode isalso referred to as "half-duplex device operating mode" or"half-duplex mode". It requires the telnet GA command (GO AHEAD) fromthe server before accepting any user input data. The motivation for this is thehigh potential cost of processing network input interrupts along with the NVTspecification that "echoes" do not traverse the network.
Charactermode
·In telnet charactermode, only one character is transmitted at a time. (user-to-server direction)
·The server's telnetinterpreter will acknowledge the receipt of the character by echoing it back tothe client.
·Then, the telnetclient software will send back a TCP ACK packet to the server to inform of thereceipt of the echo from it.
·Telnet generates an IPdatagram packet for each character, which may cause connectivity delays due tothe high volume of network traffic (in older systems).
Line mode
·The line mode (aka"line-at-a-time mode") derives from the telnet character mode.
·In this mode,characters are echoed by a locally defined explicit signal and sent to thetelnet server once completed.
·In Line mode, eitherthe ECHO or the SUPPRESS GO AHEAD commands are disabled.
Telnet command section
Telnetcommands are distinguished by various characters use with the most significantbit set. The data stream portion of telnet ensures the incorporation ofcommands invoked by network users. Commands are always introduced via thedecimal 255, also known as the interpret as command (IAC) character.
Definedtelnet commands consist of:
WILL - 251 -Offer or accept to enable
WON'T - 252 -Accept of offer to disable
DO - 253 -Request or approve to enable operation
DON'T - 254 -Disapprove enable or request to disable
SE - 240 -End of subnegotiation parameters
NOP - 241 -No operation
DM - 242- Thetelnet command "data mark" indicates and locates a telnet synch sequencewithin the data stream. (critical to be accompanied by a transmission controlprotocol (TCP) urgent notification)
BRK - 243 -Break command. It indicates that the "attention" or "break"key was hit
IP - 244 -Suspends, interrupts, or aborts the network virtual terminal connectioncorresponding to the specific process
AO - 245 -Aborts output — allows for the process to complete but doesn't send data
AYT - 246 -This stands for "Are you there?" — It requests to send back visibleevidence that the AYT was received from the network virtual terminal (NVT)
EC - 247 -Erase character command — The receiver of the command should delete the lastundeleted preceding
EL - 248 -Erase line command — Delete characters from the stream back to — but notincluding — the previous carriage return line feed (CRLF)
GA - 249 -The telnet “go ahead” command — used primarily to inform the other end that itcan start to transmit data
SB - 250 -Indicates subnegotiation of the included options to follow
IAC - 255 -The "interpret-as-command" character
Telnet protocol commandoptions
Severaltelnet option specifications are available to negotiate between the telnetclient and server. This can be done by using commands at any stage as long asthe connection persists. Below is a list of the most important command options.
Actualcode assignments
1 echo
3 suppress goahead
5 status
6 timing mark
24 terminaltype
31 window size
32 terminalspeed
33 remoteflow control
34 linemode
36environment variables
Optionsundergo a negotiation process to present the client and server with a commonview of the potential extra capabilities affecting the interchange and theoperation of applications.
Both ends ofa telnet dialogue can either enable or disable options locally or remotely.
How to enable a telnetconnection on a server?
The telnetclient is built into Windows 11, but to use it on Windows Server 2022, you'dneed to enable it as it's disabled by default.
To do so,you'd need to go through the graphical user interface (GUI).
1.Log into WindowsServer 2022 with administrative privileges
2.Open "ServerManager" from the Start menu
3.Select the"Manage" menu (in the top right corner) → select "Add Roles and Features"
4.In the "Add Rolesand Features Wizard" select "Next" on the "Before youbegin" line
5.Click "Next"→ click "Select installation type"
6.On the "Selectdestination server" screen, select your local server in the server list → click "Next"
7.Click "Next"on the "Select server roles" line
8.On the "Selectfeatures" screen, scroll through the available features -> check"Telnet Client" → click "Next"
9.Select"Install" on the "Confirmation installation selections" line
10.Close the "AddRoles and Features Wizard"
The telnetprotocol can be enabled in several ways. Below, we will explore all availableoptions so that you can choose the most efficient one for you.
Enabling telnet client inMicrosoft Windows operating systems
As we'vementioned, telnet is disabled by default in Windows settings, so you need toturn it on before you can do anything. Enabling it will help you run therequired diagnostics and check if a port is open. If you try to use Telnetwithout turning it on first, you'll receive a message like this:
In orderto turn telnet on, you need to use the command line or the graphical interfaceof your computer.
Enabling telnet clientthrough command prompt:
If you wantto enable telnet via the command line, open the command prompt with elevatedprivileges ("as Administrator") and run the following command:
Dism /Online/Enable-feature /FeatureName:TelnetClient
After you'veput this in, telnet will be ready to use to check your ports.
Alternativelyto command prompt, you can use the following PowerShell command to achieve thesame result:
Install-WindowsFeature-name telnet-client
If you wantto use the graphical user interface, you need to:
Enablingtelnet client on Windows 7, 8, 10:
Open WindowsStart menu > Type "Control Panel" > Press Enter > “Programs”> "Programs and Features" > Turn Windows features on or off> Select "Telnet Client" > Press “OK"
Enablingtelnet client on Windows Server 2008:
Open"Server Manager"> Features > click "Add Features">enable "Telnet Client" checkbox > click "Next"> click"Install"> when the feature installation finishes, click"Close"
Enablingtelnet client on Windows Server 2012, 2016:
Open"Server Manager"> "Add roles and features"> click"Next" until reaching the "Features" step > tick"Telnet Client"> click "Install"> when the featureinstallation finishes, click "Close".
Using telnet command to testopen ports
One ofTelnet's biggest perks is that you can test whether a port is open with asimple command. Issuing the Telnet line telnet [domainname or ip] [port] willallow you to test connectivity to a remote host on the given port.
Issue thefollowing command in the Command Prompt:
telnet[domain name or ip] [port]
Put the IPaddress or domain name of the server you're trying to connect to in place of[domain name or ip], and replace the second brackets with the port number onthe remote machine, the connection to which you want to test.
For example,to verify connection to 192.168.0.10 on port 25, issue the command:
telnet 192.168.0.1025
If theconnection succeeds, a blank screen will appear, meaning that the computer portis open.
A failedconnection will be accompanied by an error message. Such a signal can indicateeither a closed port or that the indicated remote server is not listening onthe provided port.
Example
telnetrpc.acronis.com 443
Testing openports with telnet console
How to check if a port isopen on Mac
High Sierrausers: Apple removed the telnet client from macOS 10.13 High Sierra. There isno official way to return it, but you can still copy it from an older OS orcompile it from sources and use it on High Sierra. See more details here andhere.
Just like onWindows, telnet can be accessed through terminal, the command prompt on macOS.To open telnet, click "Go"> "Utilities">"Terminal", then run the following command (the numbers are exampleIP address and port): telnet [domainname or ip] [port], e.g.>telnet192.168.1.1 443
When acomputer port is open, a blank screen will show up, meaning that the connectionhas been successful. An unsuccessful connection will be accompanied by an errormessage.
Analternative to telnet in checking user ports is network utility. To check portson a Mac, follow the plan below:
Open"Network Utility"> Click "Port Scan"> Indicate thehostname and ports to scan the remote host, e.g., myserver.com from 995 to 995> Check the output
Acting on the resultsobtained from the telnet test
Many timeswhen you try to use telnet, you may find that your own network is blocking yourconnection. It's common for users to run a firewall, which blocks theconnection to outbound ports. A basic way to test whether your firewall isinterrupting your telnet is to disable your firewall and run a telnet test.
If you wantto check for closed ports on your router, enter your router management console.Open a web browser and enter the IP address or name of the router, for example,"192.168.0.10". If the page does not open, try replacing"http" with "https" at the beginning of the address.
Next, enteryour username and password, and click "Enter" or "Log in."Head to the security section to open or close ports and access other firewallsettings of the router.
If you needto make resources in the internal network accessible from the outside, enter"External access"/" Port forwarding" section. Consult therouter manufacturer's documentation for detailed instructions.
What is SSH? What is itsport?
SSH standsfor "secure shell" or "secure socket shell." It's a secureprotocol that enables encrypted communication between two computers.
Secure shelluses hypertext transfer protocol (HTTP) to transfer hypertext (web pages) andshare data.
As SSHenables encrypted communication between the two machines, it is suitable forunsecured networks.
SSH isprimarily used to establish a virtual terminal connection and log onto a remotemachine to perform operations or transfer data. The default port for the SSHclient connection is 22. You can change the default by entering a port numberbetween 1024 and 32,767.
Keep in mind,in a virtual system (VSYS), the root and VSYS share the same SSH port number.This means that if you change the SSH port from the default (22), the port willalso change for all virtual terminals.
How does SSH work?
To establishremote terminal access via secure shell, you'd need an SSH client on yourcomputer to connect to the SSH server.
The SSHclient, once enabled, invokes the connection setup process to processcommunication secured by strong symmetric encryption.
The client relieson public key cryptography to verify the SSH server's identity, followed byhashing algorithms to ensure the privacy and integrity of exchanged databetween the client and the server.
What is the differencebetween telnet and SSH?
Telnet andSSH are both network protocols used to manage a remote computer system.
But whatmakes them different? Let's explore that below step by step.
·Definition
Telnet is an applicationnetwork protocol that enables user communication with a remote computer via atext-based interface. Telnet creates a virtual terminal connection, allowingusers to access applications on a remote machine.
SSH serves the same primaryfunctions as telnet but adds security to the process. It allows secure accesseven when the connected network is unsecured, making it safer than the telnetprotocol. Additionally, network admins can log into a remote machine via SSH,execute commands, transfer files, and more.
·Operation
Telnet requires a server appinstalled on the remote computer (the one you want to manage) and a client appinstalled on the local machine.
Telnet usesthe TCP port protocol and port 23 to establish a connection with remotecomputers. The created system acts as a Telnet server and is available toreceive commands. Said commands are sent via the network virtual terminal (NVT)format. Then, they are received and interpreted by the telnet server and sentto the corresponding application.
-insert image-
SSH ensures a secureconnection to the server via port 22. It generates a session after the clientverifies the server via key-based authentication. The generated session is sentto both the client and the server, and all traffic is encrypted for the currentsession.
Lastly, theserver verifies the client via a generated SSH key pair. After successfulclient authentication, it establishes an encrypted connection, and the twosystems can exchange data securely.
-insert image-
·Security
Telnet doesn't provide anysecurity features or protocols when transmitting data. The network protocol ishighly vulnerable to cyber threats unless used on private, trusted, preferablyoffline, networks.
Thanks to the key pairs usedfor authentication, SSH is extremely difficult to penetrate and read thetransferred data. This makes it a way more secure protocol than Telnet, evenfor unsecured networks.
·Data formats
Telnet sends data as plain textvia the NVT format.
SSH sends data via anencrypted format through a secure channel.
·Authentication
Telnet employs noauthentication mechanism.
SSH relies on public keyencryption.
·Supported operatingsystems
Both telnet andSSH are available on Windows, macOS and Linux. (withsome exceptions for telnet in newer macOS versions)
·Bandwidth usage
Telnet connection bandwidthusage is low.
SSH connection bandwidthusage is high.
When to use telnet or SSH?
There are twoprimary cases when using a telnetconnection over SSH isrecommended.
·When operating ontrusted networks (e.g., LANs) that are disconnected from the internet.
·When operating with aremote host that doesn't support SSH.
In all othercases, it's best to use SSH since it provides high security forinternet-connected devices.
In addition,SSH enables more functionality options than Telnet. (e.g., secure filetransfer, port forwarding)
Is telnet still used?
Telnet is aprimordial being in the tech universe. And as such, it is still being used inspecific scenarios. Telnet is easy to operate, requires no high-tech knowledge,and doesn't overload your network. (in most cases)
As we'vediscussed, network admins rely on telnet (at times) to access and manage remotenetwork devices. In addition, individual users can establish a telnetconnection to check port status on private, trusted networks.
