An old-school method of debugging TCP-based services is to use telnet:
$ telnet www.wireshark.org 80
Connected to www.wireshark.org.
Escape character is '^]'.
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Fri, 16 Oct 2009 19:31:47 GMT
X-Slogan: Be good. You never know who's running Wireshark nearby.
Connection closed by foreign host.
It’s like giving your web server a big ol’ hug.
Most telnet clients do something very clever here. If you connect to a port other than 23 (or whatever getservbyname returns when you feed it “telnet”) they will disable telnet protocol negotiation and switch to line mode. This gives you a raw, line-based connection which is just the thing you need to interact with an HTTP, POP, IMAP, FTP, or NNTP server.
Adding SSL and IPv6 to the mix complicates things. I’m in the process of making Wireshark’s public-facing services available over IPv6. It would be helpful to be able to test connectivity to each service before adding its corresponding AAAA record. Standard telnet clients support 6, but not SSL. OpenSSL’s s_client command speaks SSL, but not over IPv6 (not on my systems, at least):
$ openssl s_client -connect '[2607:f0d0:2001:e:1::123]:443'
getservbyname failure for f0d0:2001:e:1::123]:443
$ openssl s_client -connect ipv6.wireshark.org:443
Luckily Fyodor released Nmap 5 a while back. Nmap 5 includes ncat, which lets you connect over SSL+IPv6. It is now my new favorite service-poking utility.
$ ncat -6 --ssl -v 2607:f0d0:2001:e:1::123 443
Ncat version 5.00 ( http://nmap.org/ncat )
SSL connection to 2607:f0d0:2001:e:1::123:443. bugs.wireshark.org
SHA-1 fingerprint: F6BA 2EE9 DEEF 74D3 B4B0 86D7 F5DB 6237 FF7F 896A
HEAD /bugzilla/ HTTP/1.0
HTTP/1.1 200 OK
Date: Fri, 16 Oct 2009 20:26:23 GMT
Content-Type: text/html; charset=UTF-8
On many Linux distributions you can also use telnet-ssl:
telnet-ssl -z ssl 2607:f0d0:2001:e:1::123 443