Testing Remote TCP/IP Connectivity on IBM i (AS400)

Estimated reading time: 2 mins

Preface

I’m used to run telnet to do a quick check if a remote server is reachable and listening on a specific port. When trying this on i5/OS with telnet CMD you may get headache! After some research I ended up with openssl in PASE to succeed my task on IBM i (AS400).

telnet vs openssl syntax

On Telnet 5250 Command Line you first have to enter PASE using

call qp2term

Then run

openssl s_client -connect <server>:<port></pre>

instead of

telnet <server> <port>

as it is not installed in PASE.

Examples

Success, with server using SSL

with openssl

openssl s_client -connect google.at:443  
CONNECTED(00000003)                      
:
---                                      
Certificate chain                        
:
---                                      
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256  
Server public key is 2048 bit                            
Secure Renegotiation IS supported                        
:
---            
read:errno=0   
$       

with telnet

me@somewhere:~$ telnet google.at 443
Trying 216.58.214.67...
Connected to google.at.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

Failure

with openssl

openssl s_client -connect google.at:1234   
:
: ...timeout is about a minute
:
connect: Connection timed out              
connect:errno=78                           
$          

with telnet

me@somewhere:~$ telnet google.at 4321
Trying 216.58.214.67...
^C

Success, with server not using SSL

with openssl

openssl s_client -connect google.at:80                                                           
CONNECTED(00000003)                                                                              
:
---                                                                                              
no peer certificate available                                                                    
---                                                                                              
:
---                                                                                              
New, (NONE), Cipher is (NONE)                                                                    
Secure Renegotiation IS NOT supported                                                            
:
---                            
$          

with telnet

me@somewhere:~$ telnet google.at 80
Trying 216.58.214.67...
Connected to google.at.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

Posted on: Wed, 08 Aug 2018 15:59:45 +0100 by Markus Neuhold

  • IBM
Markus Neuhold
IBMi (AS400) sysadmin since 1997, linux fanboy and loving open source, docker and all about tech and science.