Last updated

Telnet (short for "teletype network") [1] [2] is a client/server application protocol that provides access to virtual terminals of remote systems on local area networks or the Internet. [3] Telnet consists of two components: (1) the protocol itself which specifies how two parties to communicate and (2) the software application that provides the service. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP). Telnet was developed in 1969 beginning with RFC   15, extended in RFC   855, and standardized as Internet Engineering Task Force (IETF) Internet Standard STD 8, one of the first Internet standards. [1] [2] Telnet transmits all information including usernames and passwords in plaintext so it is not recommended for security-sensitive applications such as remote management of routers. [3] [4] Telnet's use for this purpose has waned significantly in favor of SSH. [5] Some extensions to Telnet which would provide encryption have been proposed. [6]



Telnet consists of two components: (1) the protocol itself and (2) the service component. The telnet protocol is a client-server protocol, based on a reliable connection-oriented transport. [3] This protocol is used to establish a connection to Transmission Control Protocol (TCP) port number 23 or 2323, where a Telnet server application is listening. [7] [8] [9] Telnet predated TCP/IP and originally ran over Network Control Protocol (NCP). [10] The telnet service is best understood in the context of a user with a simple terminal using the local Telnet program (known as the client program) to run a logon session on a remote computer where the user's communications needs are handled by a Telnet server program.

Telnet Protocol


Even though Telnet was an ad hoc protocol with no official definition until March 5, 1973, [11] the name actually referred to Teletype Over Network Protocol as the RFC 206 (NIC 7176) on Telnet makes the connection clear: [12]

The TELNET protocol is based upon the notion of a virtual teletype, employing a 7-bit ASCII character set. The primary function of a User TELNET, then, is to provide the means by which its users can 'hit' all the keys on that virtual teletype. [13]

Essentially, it used an 8-bit channel to exchange 7-bit ASCII data. Any byte with the high bit set was a special Telnet character. On March 5, 1973, a Telnet protocol standard was defined at UCLA [14] with the publication of two NIC documents: Telnet Protocol Specification, NIC 15372, and Telnet Option Specifications, NIC 15373.


Many extensions were made for Telnet because of its negotiable options protocol architecture. Some of these extensions have been adopted as Internet standards, IETF documents STD 27 through STD 32. Some extensions have been widely implemented and others are proposed standards on the IETF standards track (see below).

Telnet service

The Telnet service is the application providing services over the Telnet protocol. Most operating systems provide a service that can be installed or enabled to provide Telnet services to clients. [15]

Security vulnerabilities

Telnet is vulnerable to network-based cyberattacks, such as packet sniffing sensitive information including passwords and fingerprinting. [4] [16] Telnet services can also be exploited to leak information about the server (such as hostnames, IP addresses and brand) by packet sniffing the banner. This information can then be searched to determine if a Telnet service accepts a connection without authentication. Telnet is also frequently exploited by malware due to being improperly configured. [9] In fact, Telnet is targeted by attackers more frequently than other common protocols, especially when compared to UPnP, CoAP, MQTT, AMQP and XMPP. Common devices targeted are Internet of things devices, routers and modems.

The SANS Institute recommends that the use of Telnet for remote logins should be discontinued under normal circumstances for the following reasons: [17]

Extensions to Telnet provide Transport Layer Security (TLS) security and Simple Authentication and Security Layer (SASL) authentication that address the above concerns. [6] However, most Telnet implementations do not support these extensions; and they do not address other vulnerabilities such as parsing the banner information. [16]

IBM 5250 or 3270 workstation emulation is supported via custom telnet clients, TN5250/TN3270, and IBM i systems. Clients and servers designed to pass IBM 5250 data streams over Telnet generally do support SSL encryption, as SSH does not include 5250 emulation. Under IBM i (also known as OS/400), port 992 is the default port for secured telnet. [18]


Figure 1: BusyBox running under the Microsoft Telnet Client from a router. Busybox DG834Gt.PNG
Figure 1: BusyBox running under the Microsoft Telnet Client from a router.

Historical uses

Historically, Telnet provided access to a command-line interface on a remote host. However, because of serious security concerns when using Telnet over an open network such as the Internet, its use for this purpose has waned significantly in favor of SSH. [19] The usage of Telnet for remote management has declined rapidly, especially on the public Internet, in favor of the Secure Shell (SSH) protocol. [3] [20] SSH provides much of the functionality of telnet, with the addition of strong encryption to prevent sensitive data such as passwords from being intercepted, and public key authentication, to ensure that the remote computer is actually who it claims to be.

Modern day uses

Telnet may be used in debugging network services such as SMTP, IRC, HTTP, FTP or POP3, to issue commands to a server and examine the responses. [15] [21] [22] For example, Telnet client applications can establish an interactive TCP session to a port other than the Telnet server port. For example, a command line telnet client could make an HTTP request to a web server on TCP port 80 as follows: [22]

$ telnet 80GET /path/to/file.html HTTP/1.1Host: www.example.comConnection: close

The older protocol is used these days only in rare cases to access decades-old legacy equipment that does not support more modern protocols. [23] For example, a large number of industrial and scientific devices only have Telnet available as a communication option. Some are built with only a standard RS-232 port and use a serial server hardware appliance to provide the translation between the TCP/Telnet data and the RS-232 serial data. In such cases, SSH is not an option unless the interface appliance can be configured for SSH (or is replaced with one supporting SSH).

Telnet is commonly used by amateur radio operators for providing public information. [21]

Although recommended against, security researchers estimated that 7,096,465 devices connected to the Internet continue to use Telnet, however, much less are often estimated because most estimates only scan for TCP port 23. [9]

Technical details

The technical details of Telnet are defined by a variety of specifications including RFC 854. [7]

USASCII control codes

NameByte codeExplanationNotes
Line feed241
Carriage return242
Horizontal tab245
Vertical tab246
Form feed247
Source: J. Postel and Reynolds (1983) [7]

Telnet commands

Telnet commands consist of at least two bytes. [7] The first byte is the IAC escape character (typically byte 255) followed by the byte code for a given command:

NameByte codeExplanationNotes
Data Mark242
Interrupt Process244
Abort output245
Are you there?246
Erase character247
Erase Line248
Go ahead249
Source: J. Postel and Reynolds (1983) [7]

Interpret As Command

All data octets except 0xff are transmitted over Telnet as is. (0xff, or 255 in decimal, is the IAC byte (Interpret As Command) which signals that the next byte is a telnet command. The command to insert 0xff into the stream is 0xff, so 0xff must be escaped by doubling it when sending data over the telnet protocol.) [7]

Telnet options

Telnet also has a variety of options that terminals implementing Telnet should support.

Telnet Options
0Binary Transmission RFC 856 The 8-bit mode (so named binary option) is intended to transmit binary data, not ASCII characters. The standard suggests the interpretation of codes 0000–0176 as ASCII, but does not offer any meaning for high-bit-set data octets. There was an attempt to introduce a switchable character encoding support like HTTP has, [24] but nothing is known about its actual software support.
1Echo RFC 857
2ReconnectionNIC 15391 of 1973
3Suppress Go Ahead RFC 858
4Approx Message Size NegotiationNIC 15393 of 1973
5Status RFC 859
6Timing Mark RFC 860
7Remote Controlled Trans and Echo RFC 726
8Output Line WidthNIC 20196 of August 1978
9Output Page SizeNIC 20197 of August 1978
10Output Carriage-Return Disposition RFC 652
11Output Horizontal Tab Stops RFC 653
12Output Horizontal Tab Disposition RFC 654
13Output Formfeed Disposition RFC 655
14Output Vertical Tabstops RFC 656
15Output Vertical Tab Disposition RFC 657
16Output Linefeed Disposition RFC 658
17Extended ASCII RFC 698
18Logout RFC 727
19Byte Macro RFC 735
20Data Entry Terminal
22SUPDUP Output RFC 749
23Send Location RFC 779
24Terminal Type RFC 1091
25End of Record RFC 885
26TACACS User Identification RFC 927
27Output Marking RFC 933
28Terminal Location Number RFC 946
29Telnet 3270 Regime RFC 1041
30X.3 PAD RFC 1053
31Negotiate About Window Size RFC 1073
32Terminal Speed RFC 1079
33Remote Flow Control RFC 1372
34Linemode RFC 1184
35X Display Location RFC 1096
36Environment Option RFC 1408
37Authentication Option RFC 2941
38Encryption Option RFC 2946
39New Environment Option RFC 1572
40TN3270E RFC 2355
43Telnet Remote Serial Port (RSP)
44Com Port Control Option RFC 2217
45Telnet Suppress Local Echo
46Telnet Start TLS
255Extended-Options-List RFC 861
Source: Internet Assigned Numbers Authority (n.d) [25]

Internet Standards

Proposed Standards


Other RFCs

Telnet clients

Star Wars: Episode IV – A New Hope from 1977 has been recreated as a text art movie served through Telnet. [26]

See also

Related Research Articles

In computing, the Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. POP version 3 (POP3) is the version in common use, and along with IMAP the most common protocols for email retrieval.

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport Layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

<span class="mw-page-title-main">Email client</span> Computer program used to access and manage a users email

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems (Sun) in 1984, allowing a user on a client computer to access files over a computer network much like local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call system. NFS is an open IETF standard defined in a Request for Comments (RFC), allowing anyone to implement the protocol.

The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data connections between the client and the server. FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service. RADIUS was developed by Livingston Enterprises in 1991 as an access server authentication and accounting protocol. It was later brought into IEEE 802 and IETF standards.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.

Terminal Access Controller Access-Control System refers to a family of related protocols handling remote authentication and related services for network access control through a centralized server. The original TACACS protocol, which dates back to 1984, was used for communicating with an authentication server, common in older UNIX networks including but not limited to the ARPANET, MILNET and BBNNET. It spawned related protocols:

<span class="mw-page-title-main">Virtual Network Computing</span> Graphical desktop-sharing system

Virtual Network Computing (VNC) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a network.

The Berkeley r-commands are a suite of computer programs designed to enable users of one Unix system to log in or issue commands to another Unix computer via TCP/IP computer network. The r-commands were developed in 1982 by the Computer Systems Research Group at the University of California, Berkeley, based on an early implementation of TCP/IP.

OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.

FTPS is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer cryptographic protocols.

In computer networks, a tunneling protocol is a communication protocol which allows for the movement of data from one network to another. It involves allowing private network communications to be sent across a public network through a process called encapsulation.

NX technology, commonly known as NX or NoMachine, is a proprietary cross-platform software application for remote access, desktop sharing, virtual desktop and file transfer between computers. It is developed by the Luxembourg-based company NoMachine.

A terminal server connects devices with a serial port to a local area network (LAN). Products marketed as terminal servers can be very simple devices that do not offer any security functionality, such as data encryption and user authentication. The primary application scenario is to enable serial devices to access network server applications, or vice versa, where security of the data on the LAN is not generally an issue. There are also many terminal servers on the market that have highly advanced security functionality to ensure that only qualified personnel can access various servers and that any data that is transmitted across the LAN, or over the Internet, is encrypted. Usually, companies that need a terminal server with these advanced functions want to remotely control, monitor, diagnose and troubleshoot equipment over a telecommunications network.

<span class="mw-page-title-main">ZOC (software)</span>

ZOC is a popular computer-based terminal emulator and Telnet software client for the Microsoft Windows and Apple Macintosh macOS operating systems that supports telnet, modem, SSH 1 and 2, ISDN, serial, TAPI, Rlogin and other means of communication. Its terminal emulator supports Xterm emulation with full colors, meta-keys and local printing, VT102, VT220 and several types of ANSI as well as Wyse, TVI, TN3270, and Sun's CDE. It supports full keyboard remapping, scripting in REXX and other languages, and support for named pipes.

<span class="mw-page-title-main">OpenSSH</span> Set of computer programs providing encrypted communication sessions

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

In computer networking, tcpcrypt is a transport layer communication encryption protocol. Unlike prior protocols like TLS (SSL), tcpcrypt is implemented as a TCP extension. It was designed by a team of six security and networking experts: Andrea Bittau, Mike Hamburg, Mark Handley, David Mazières, Dan Boneh and Quinn Slack. Tcpcrypt has been published as an Internet Draft. Experimental user-space implementations are available for Linux, Mac OS X, FreeBSD and Windows. There is also a Linux kernel implementation.


  1. 1 2 Wheen, Andrew (2011). Dot-dash to Dot.Com: How Modern Telecommunications Evolved from the Telegraph to the Internet. Springer. p. 132. ISBN   9781441967596.
  2. 1 2 Meinel, Christoph; Sack, Harald (2013). Internetworking: Technological Foundations and Applications. p. 57. ISBN   978-3642353918.
  3. 1 2 3 4 Valenčić, D.; Mateljan, V. (2019). "Implementation of NETCONF Protocol". 2019 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO): 421–430. doi:10.23919/MIPRO.2019.8756925. ISBN   978-953-233-098-4. S2CID   195883872.
  4. 1 2 Daş, Resul; Karabade, Abubakar; Tuna, Gurkan (2015). "Common network attack types and defense mechanisms". 2015 23nd Signal Processing and Communications Applications Conference (SIU): 2658–2661. doi:10.1109/SIU.2015.7130435. ISBN   978-1-4673-7386-9. S2CID   11256038.
  5. Todorov, Dobromir (2007). Mechanics of user identification and authentication : fundamentals of identity management. Boca Raton: Auerbach Publications. ISBN   978-1-4200-5220-6. OCLC   263353270.
  6. 1 2 Mahmood, H.B. (2003). "Transport layer security protocol in Telnet". 9th Asia-Pacific Conference on Communications (IEEE Cat. No.03EX732). 3: 1033–1037 Vol.3. doi:10.1109/APCC.2003.1274255. ISBN   0-7803-8114-9. S2CID   56798078.
  7. 1 2 3 4 5 6 Postel, J.; Reynolds, J. K. (1983). "Telnet Protocol Specification". Network Working Group. doi:10.17487/RFC0854. ISSN   2070-1721.
  8. "Service Name and Transport Protocol Port Number Registry". Retrieved 2023-01-12.
  9. 1 2 3 4 Srinivasa, Shreyas; Pedersen, Jens Myrup; Vasilomanolakis, Emmanouil (2021-11-02). "Open for hire: attack trends and misconfiguration pitfalls of IoT devices". Proceedings of the 21st ACM Internet Measurement Conference. IMC '21. New York, NY, USA: Association for Computing Machinery: 195–215. doi:10.1145/3487552.3487833. ISBN   978-1-4503-9129-0. S2CID   240357287.
  10. Postel, J. (1981). "NCP/TCP transition plan". Network Working Group. doi:10.17487/RFC0801. ISSN   2070-1721.
  11. RFC 318 — documentation of old ad hoc telnet protocol
  12. Bruen, Garth O. (2015). WHOIS Running the Internet: Protocol, Policy, and Privacy (1st ed.). Wiley. p. 25. ISBN   9781118679555.
  13. The RFC 206 (NIC 7176) Archived 2017-03-15 at the Wayback Machine , 9 August 1971; Computer Research Lab, UCSB; J. White.
  14. RFC 495 — announcement of Telnet protocol
  15. 1 2 Shimonski, Robert J.; Eaton, Wally; Khan, Umer; Gordienko, Yuri (2002-01-01), Shimonski, Robert J.; Eaton, Wally; Khan, Umer; Gordienko, Yuri (eds.), "Chapter 11 - Detecting and Performing Security Breaches with Sniffer Pro", Sniffer Pro Network Optimization and Troubleshooting Handbook, Burlington: Syngress, pp. 513–565, ISBN   978-1-931836-57-9 , retrieved 2023-01-12
  16. 1 2 3 4 Samtani, Sagar; Yu, Shuo; Zhu, Hongyi; Patton, Mark; Chen, Hsinchun (2016). "Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques". 2016 IEEE Conference on Intelligence and Security Informatics (ISI): 25–30. doi:10.1109/ISI.2016.7745438. ISBN   978-1-5090-3865-7. S2CID   11741873.
  17. Kirk, Jeremy (2007-02-12). "Zero-day flaw in Solaris allows remote attacks". Network World. Retrieved 2023-01-12.
  18. "IBM TCP/IP Ports Required for Access for Windows and Related Functions - United States". IBM Technote. Archived from the original on 2016-09-18. Retrieved 2016-09-07.{{cite web}}: CS1 maint: others (link)
  19. Todorov, Dobromir (2007). Mechanics of user identification and authentication : fundamentals of identity management. Boca Raton: Auerbach Publications. ISBN   978-1-4200-5220-6. OCLC   263353270.
  20. Poulsen, Kevin (2 April 2007). "Telnet, dead at 35...RIP". Wired. p. 24. Archived from the original on 21 December 2016. Retrieved 14 June 2017.
  21. 1 2 "Telnet | PDF | Networking Standards | Internet Standards". Scribd. Retrieved 2023-01-12.
  22. 1 2 "SysAdmin MD". Retrieved 2023-01-12.
  23. Ylonen, Tatu. "History of the SSH Protocol". SSH home page. SSH Communications Security, Inc. Archived from the original on 25 July 2018. Retrieved 14 June 2017.
  24. RFC 2066 — TELNET CHARSET Option
  25. "Telnet Options". Retrieved 2023-01-12.
  26. "The Lost Worlds of Telnet". The New Stack. 10 March 2019. Retrieved 5 June 2022.