~/ linuxnetwork.net

Telnet: A Deep Dive into the Classic Remote Terminal Protocol

In the early days of the internet, Telnet was the go-to tool for remote terminal access, allowing users to connect to servers and devices across networks as if they were sitting directly in front of them. First standardized in 1972 via RFC 854, Telnet pioneered the concept of client-server remote computing and laid the groundwork for modern remote access protocols like SSH.

Today, while Telnet’s role as a secure remote access tool has been largely replaced by more secure alternatives, it remains a critical utility for network debugging, TCP port testing, and accessing legacy systems that lack support for modern protocols. This blog will explore Telnet’s inner workings, common use cases with practical examples, security limitations, best practices for safe usage, and modern alternatives.

Table of Contents#

  1. What is Telnet? 1.1 Core Components 1.2 Protocol Basics
  2. How Telnet Works 2.1 Session Handshake 2.2 Network Virtual Terminal (NVT) 2.3 Command Structure: Interpret As Command (IAC)
  3. Installing Telnet Client & Server 3.1 Windows 3.2 Linux (Ubuntu/Debian) 3.3 macOS
  4. Common Use Cases & Example Usage 4.1 Testing TCP Port Connectivity 4.2 Debugging Network Services (SMTP, HTTP) 4.3 Accessing Legacy Systems 4.4 Basic Remote Terminal Access
  5. Security Limitations of Telnet
  6. Best Practices for Safe Telnet Usage
  7. Modern Alternatives to Telnet
  8. Conclusion
  9. References

1. What is Telnet?#

Telnet (short for "teletype network") is a client-server protocol and tool that enables bidirectional, text-based communication between two devices over a TCP/IP network. Its primary original purpose was to provide remote terminal access, allowing users to execute commands on a remote server as if they were using a local terminal.

1.1 Core Components#

  • Telnet Client: A software application that initiates connections to remote servers (e.g., the telnet command-line tool).
  • Telnet Server: A service running on a remote host that listens for and accepts client connections (typically on TCP port 23).

1.2 Protocol Basics#

  • Default Port: Uses TCP port 23 for unencrypted sessions.
  • Plaintext Transmission: All data (including usernames, passwords, and commands) is sent in unencrypted plaintext.
  • Standardized Interface: Relies on the Network Virtual Terminal (NVT) to ensure compatibility between different terminal hardware.

2. How Telnet Works#

Telnet operates through a structured client-server handshake and data transmission process.

2.1 Session Handshake#

  1. Connection Initiation: The client sends a TCP SYN packet to the server’s port 23.
  2. SYN-ACK Response: The server responds with a SYN-ACK packet if port 23 is open.
  3. ACK & NVT Negotiation: The client sends an ACK to establish the connection, then both parties negotiate NVT options (e.g., echo, terminal type) using control commands.
  4. Session Established: Once options are agreed upon, the client and server can exchange text data.

2.2 Network Virtual Terminal (NVT)#

NVT is a standardized abstraction layer that bridges differences between physical terminal devices. It defines:

  • A common character set (ASCII) for text transmission.
  • Control functions (e.g., cursor movement, line breaks) that work across all terminal types. Both the client and server translate local terminal commands to/from NVT format to ensure compatibility.

2.3 Command Structure: Interpret As Command (IAC)#

Telnet uses a special byte (0xFF, or IAC) to signal that subsequent bytes are control commands, not data. Common IAC commands include:

  • IAC DO: Client requests the server to enable an option (e.g., echo).
  • IAC DONT: Client requests the server to disable an option.
  • IAC WILL: Server agrees to enable an option.
  • IAC WONT: Server refuses to enable an option.

For example, to request the server to echo typed characters, the client sends IAC DO ECHO (0xFF, 0xFD, 0x01), and the server responds with IAC WILL ECHO to confirm.

3. Installing Telnet Client & Server#

Telnet clients are easy to install on most operating systems. Servers are only recommended for legacy use cases.

3.1 Windows#

Enable Telnet Client#

The client is disabled by default. Enable it via:

  • PowerShell (Admin): 
    Enable-WindowsOptionalFeature -Online -FeatureName TelnetClient
  • Control Panel: Programs > Programs and Features > Turn Windows features on or off > Check "Telnet Client".

For legacy use only:

Install-WindowsFeature Telnet-Server
Start-Service TelnetServer
Set-Service TelnetServer -StartupType Automatic

3.2 Linux (Ubuntu/Debian)#

Install Telnet Client#

sudo apt update
sudo apt install telnet -y

Install Telnet Server (Legacy Use Only)#

sudo apt install telnetd -y
# Manage via inetd super-server
sudo systemctl enable --now inetd
# Verify port 23 is listening
sudo ss -tuln | grep 23

3.3 macOS#

macOS does not include Telnet by default. Install via Homebrew:

brew install telnet

Telnet servers are not provided by default and are strongly discouraged for security reasons.

3. Common Use Cases & Example Usage#

While Telnet is no longer the preferred tool for remote access, it remains useful for network debugging and legacy system interaction.

4.1 Testing TCP Port Connectivity#

The most common modern use case for Telnet is verifying if a TCP port is open and reachable.

Example: Test Port 80 (HTTP)#

telnet example.com 80
  • Success: Connected to example.com. Escape character is '^]'. (port is open).
  • Refused: telnet: Unable to connect to remote host: Connection refused (port closed).
  • Timeout: telnet: Unable to connect to remote host: Operation timed out (firewall-blocked or host unreachable).

Exit by pressing Ctrl+] then typing quit.

4.2 Debugging Network Services#

Telnet allows manual interaction with text-based services to diagnose issues.

Example: Debug an SMTP Server#

telnet smtp.example.com 25
# Once connected, issue SMTP commands:
EHLO your-domain.com
MAIL FROM:<[email protected]m>
RCPT TO:<[email protected]m>
DATA
Subject: Test via Telnet
This is a test email.
. # End message with a period on a new line
QUIT

Note: Modern SMTP servers often require TLS encryption, so use openssl s_client for secured sessions.

Example: Debug an HTTP Server#

telnet example.com 80
# Send a raw GET request:
GET / HTTP/1.1
Host: example.com
Connection: close
 
# Press Enter twice

The server will return raw HTTP headers and content, useful for diagnosing header issues.

4.3 Accessing Legacy Systems#

Many older devices (e.g., industrial control systems, network switches) only support Telnet for remote management.

Example: Connect to a Legacy Switch#

telnet 192.168.1.1 23
# Enter legacy credentials (sent in plaintext)

4.4 Basic Remote Terminal Access#

For legacy servers that don’t support SSH:

telnet remote-legacy-server.com
# Enter username and password (plaintext)
# Execute commands as if on a local terminal

5. Security Limitations of Telnet#

Telnet’s design predates modern network security, so it has critical weaknesses:

  1. Plaintext Data: All data (credentials, commands) is sent unencrypted, making it easy for attackers to sniff.
  2. No Encrypted Authentication: Passwords and usernames are transmitted in clear text.
  3. MitM Vulnerability: Attackers can intercept sessions, modify data, or impersonate servers/clients.
  4. Lack of Modern Features: No support for 2FA, certificate-based auth, or data integrity checks.

6. Best Practices for Safe Telnet Usage#

If you must use Telnet (e.g., for legacy systems), follow these guidelines:

  1. Restrict to Trusted Networks: Never use Telnet over public internet. Limit to internal, isolated networks.
  2. Avoid Sensitive Data: Never send passwords or confidential information via Telnet.
  3. Use SSH Tunneling: Encrypt Telnet traffic with an SSH tunnel: 
    # Forward local port 2323 to legacy-server:23 via a jump host
ssh -L 2323:legacy-server:23 user@jump-host
# Connect to the tunneled port locally
telnet localhost 2323
  4. Limit Server Access: Use firewall rules to restrict Telnet server access to specific IPs: 
    # Ubuntu UFW example
sudo ufw allow from 192.168.1.0/24 to any port 23
  5. Monitor Traffic: Enable logging on the Telnet server to track all sessions for unauthorized access.

7. Modern Alternatives to Telnet#

For most use cases, replace Telnet with more secure tools:

  • SSH: De facto replacement for remote access (encrypts all data). Example: ssh [email protected].
  • Netcat (nc): Versatile tool for port testing and debugging. Example: nc -zv example.com 80.
  • OpenSSL s_client: For testing encrypted services (HTTPS, SMTP with TLS). Example: openssl s_client -connect example.com:443.
  • curl/wget: For HTTP/HTTPS debugging. Example: curl -v example.com.
  • PuTTY: GUI tool for SSH (supports Telnet but avoid for public networks).

8. Conclusion#

Telnet is a foundational protocol that shaped remote network access, but its security limitations make it unsuitable for modern remote terminal use. However, it remains a valuable tool for quick port testing and debugging legacy systems.

When using Telnet, prioritize security by restricting it to trusted networks, avoiding sensitive data, and using SSH tunneling when possible. For all other use cases, opt for modern alternatives like SSH or Netcat to ensure encrypted, secure communication.

9. References#

  1. RFC 854: Telnet Protocol Specification - https://datatracker.ietf.org/doc/html/rfc854
  2. RFC 855: Telnet Option Specifications - https://datatracker.ietf.org/doc/html/rfc855
  3. Microsoft Docs: Enable Telnet Client - https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/enable-telnet-client
  4. Ubuntu Server Docs: Telnet - https://ubuntu.com/server/docs/service-telnet
  5. OpenBSD SSH Manual - https://man.openbsd.org/ssh
  6. Wireshark: Telnet Protocol Analysis - https://www.wireshark.org/docs/dfref/t/telnet.html
2026-04