Geek Answers Handbook

Netstat says 443 is open, but I cannot connect to it using telnet .. why?

I created my own hosting server using wsHttpBinding . I am running a Windows 2003 R2 SP2 server.

If I set it to listen to http://localhost:443/MyService , everything will be fine. I can connect to http://localhost:443/MyService using Internet Explorer, and I get the standard Bad Request message

Now, if I try to switch to HTTPS, I observe a strange phenomenon.

Here is what I did:

  • I changed my wcf configuration file from http://localhost to https://localhost and from Security=None to Security=Transport (as explained in numerous wcf tutorials).

  • I registered my HTTP port as follows:

     httpcfg delete ssl -i 0.0.0.0:443 httpcfg set ssl -i 0.0.0.0:443 -h ea2e450ef9d4...

Please note that the certificate I used is a β€œreal certificate” (ie issued by a trusted CA, namely Comodo). The server responds to ping on the NS specified in the certificate.

Now the following timeout:

 Microsoft Telnet> open localhost 443

Here's the output from netstat (The Pid '4' is the "System" process):

 netstat -nao Proto Local Adress Remote Adress State Pid TCP 0.0.0.0:443 0.0.0.0:0 Listening 4

And here is a screenshot from TCPView captured when I issued the open command on telnet:

alt text http://img26.imageshack.us/img26/3376/tcpview2si6.jpg

I am a little puzzled. For me, if netstat says that the server is listening on 443, the telnet connection to 443 should not time out, and I should have at least a blank prompt waiting for me to type some encrypted files :)

So far I have tried:

  • Repeat all steps from scratch following MSDN instructions
  • Used port 10443 instead of 443
  • Disable firewall
  • Use a self-signed certificate

I don’t know what to try next .. any ideas?

+4
source share
4 answers

The telnet client is not going to send a correctly designed request to initiate an https handshake, so I assume that the secure ssl server is just waiting for more data.

The telnet client, of course, will not know what to do with the response from the secure ssl server (it, of course, will not offer you to send data). Communication can only happen after the completion of the https handshake.

You need to use a client who knows how to perform a handshake. The openssl handle can do this out of the box.

+2
source

Telnet cannot be used to communicate with websites with encrimia.

Check out this microsfot note. It says: β€œNOTE: This example assumes that the web server is configured to use the default HTTP port (TCP 80). If the web server is listening on another port, replace this port number in the first line of the example. Also, this the example does not work properly over an HTTPS / SSL connection (TCP 443 by default), because the telnet client cannot negotiate the necessary encryption commands to establish an SSL session.Although the initial connection is possible via an HTTPS / SSL port, no data is returned when a GET request is issued. "

Update: Checkout this other note. HOW: Determine if SSL connections are connected on a web server or on an intermediate device.

+1
source

As FerrariB said, telnet does not negotiate necessary to open an SSL connection. Telnet knows nothing about certificates or encryption. Thus, you are guaranteed to not be able to communicate with the HTTPS port 443 via telnet. You will need to find another way to do what you are trying to do.

Look at the TLS Wikipedia page, where it directly says:

If any of the above steps fails, the TLS handshake fails and a connection is not created.

This is exactly what you see when trying to use telnet to communicate with the SSL endpoint.

+1
source

  • at the command line: netstat -nao |find "443" in the last columns the number is indicated: pic no.1

  • Now open the result number of task.find task in the first section in the pid column (if pid has not been enabled, select it on the view tab), the name of the program will show the program that uses the port.

  • disable the program using the port / in my case I stopped it from the services

0
source

More articles:


All Articles