Discussion on: Stupid Telnet Tricks

[Thomas H Jones II]

Many organizations forbid the installation of a telnet client. In a pinch, you can substitute Linux's ability to write directly to the network drivers. E.g., say you wanted to check for a response from Google's web servers, doing something like:

exec 3<>/dev/tcp/www.google.com/80
echo -e "GET / HTTP/1.1\r\nhost: http://www.google.com\r\nConnection: close\r\n\r\n" >&3
cat <&3

Would get you back:

HTTP/1.1 400 Bad Request
Content-Length: 54
Content-Type: text/html; charset=UTF-8
Date: Fri, 28 Feb 2020 01:48:58 GMT
Connection: close

<html><title>Error 400 (Bad Request)!!1</title></html>

Other services yield similarly. Want to test SSH connectivity:

exec 3<>/dev/tcp/ssh.mydomain.com/22
echo -e "" >&3
cat <&3

Should get you something like:

SSH-2.0-OpenSSH_7.4
Protocol mismatch.

Similarly, if you're using SSL-protected services, using openssl's s_client function is super-helpful.