Telnet is one of the popular Linux/Windows utilities that has long served its purpose. A major problem with telnet on modern systems is that it is not secure. All communication in telnet happens in plain text, and all network traffic is unencrypted. Essentially anyone with proper access and tools can snoop on network traffic to read this traffic. As such, most modern Linux operating systems do not come with telnet pre-installed, and others recommend against using it. With the advent of SSH or Secure Shell protocol, which is more than an encrypted replacement for telnet, the use of telnet for its intended purpose has long been outdated. But there’s an alternate use of telnet that many system administrators and tech enthusiasts still use, which is to check the connectivity of remote TCP ports. One can simply check if the remote TCP port is listening and responding properly using the telnet command. The below snippet shows how we can check if google.com is up and working by checking HTTP/HTTPS connectivity. A TCP port that is not open or accessible will behave like the below when checked with telnet: This makes troubleshooting simple network connectivity issues easy in combination with ping, traceroute or tracepath, netstat etc. commands. If you’re using RHEL 8 (or even older versions of RHEL/CentOS), you have the option to use nc (or Ncat or Network Connector), which supports many network diagnostic-related options. We’ll be discussing how to install and use this tool on RHEL8 and similar systems.
What is nc?
nc (or Ncat) is a popular general-purpose command-line tool for reading, writing, redirecting, and encrypting data across a network. Originally written for nmap project, there are now multiple Netcat implementations available. It works with both TCP and UDP across IPv4 and IPv6 and provides limitless potential use cases. Below are some of the major features of nc utility:
Ability to chain ncats togetherRedirection of TCP, UDP, and SCTP ports to other sitesEncrypt communication with SSL supportProxy support via SOCK4/5 or HTTP proxies (including authentication)Supports multiple platforms, including Windows, Linux, and macOS
Installing nc
nc is available as part of default repositories in RHEL systems. To install it on RHEL 7 system, simply issue the below command on the terminal: For RHEL 8 system, you can use dnf as:
Check TCP Connectivity
Though nc offers a host of features that supports a number of use cases across applications, one of the common one is during network troubleshooting in place of telnet. nc can show if you can reach a TCP port. Here’s the syntax: As an example, if I want to check if I can reach Geekflare over http or https. I can check that using nc as shown below (port 80 is for http while 443 is for https): Similarly, a non-reachable or blocked port will show output like (multiple addresses are checked as Geekflare DNS points to multiple IPs):
Check UDP Connectivity
telnet can only check communication with a remote TCP port while nc allows you to check TCP as well as UDP connectivity. nc can simply send UDP packets instead of default TCP ones using: But UDP is a session-less protocol, unlike TCP, so as such, you can’t confirm end-to-end UDP connectivity on all possible scenarios just by sending UDP packets on one end as unless the listening process on the remote end sends some response, nc won’t be able to judge whether its sent packet reached the destination or not. But nc offers an alternative to determine end-to-end UDP connectivity by launching a UDP listener, assuming you’ve proper access to CLI on the remote server. So assuming you need to check UDP connectivity between two Linux hosts for DNS using nc, a simple way to do this would be to launch nc server listening on required port: For DNS, we need to check port 53 which would make the above command as: On the client end, you would need to launch another nc process that sends UDP packets to the server: Which would make our command: Considering nothing blocking the UDP traffic for port 53 between these two machines, whatever you type and enter on one machine should be visible on the other hosts like two-way chat. If not, some firewall is blocking the connectivity between these two systems. Server and client model using nc works flawlessly for these kinds of simple connectivity checks between hosts. Like the above UDP check, nc can also listen for TCP packets on a given port: On the client end, you can normally send TCP packets to check connectivity: The above server/client nc method is not required in the case of TCP connections (unlike UDP) as it is a connection-oriented protocol and works with acknowledgments. Any listening process working on TCP will directly respond to nc TCP packets.
Summary
This article summarizes how nc utility stands as a direct replacement for telnet in modern Linux systems as far as checking port connectivity goes and provides much more power to the end-user in diagnosing and resolving network issues. nc help can be accessed using nc -h command: For more detailed information on nc command, refer to its manual page.