What is Netcat?

Netcat (also known as ?nc? or ?Swiss Army knife?) is a networking utility used for reading or writing from TCP and UDP sockets using an easy interface. NetCat is designed as a Dependable ?back-end? device that can be used directly or easily driven by other programs and scripts. Netcat is a treat to network administrators, programmers, and pen-testers as it?s a feature rich network debugging and investigation tool.

This article will show you netcat usage by examples I have used with it. There are obviously a lot more ways of using it but my needs have been simple.

Basic Usage

Netcat syntax is very easy and simple, and is practically similar in any Unix-like Operating System. The executable netcat command is nc.

# nc [-options]  port[s] [ports]

Where:

  • nc: The executable netcat command name, executed on the shell;
  • [-options]: Options Parameters and arguments passed to the main command executable, like listen, tcp, etc;
  • : IP or name of the host to be connected to;
  • port[s]: TCP/UDP port used for the service;

Examples

Testing a UDP Port

I often have to test to see if firewall rules have been opened and telnet is for TCP. Simply enough you can do the following:

[tethys]:/home/rnejdl> sudo nc -vu tethys.ringofsaturn.com 53
Connection to tethys.ringofsaturn.com 53 port [udp/domain] succeeded!
^CExit 130

When you run the command you can actually send data over so you need to press CTRL+C to break out of netcat.

Testing a TCP Port

Testing a tcp port is very easy and can be done with telnet but this is all about netcat. Below, I test port 80 on my webserver and do actually pass some commands over to get traffic back.

[tethys]:/home/rnejdl> nc tethys.ringofsaturn.com 80

GET / HTTP/1.0

HTTP/1.1 200 OK
Date: Tue, 09 Apr 2013 16:12:22 GMT
Server: Apache/2.4.4 (FreeBSD) OpenSSL/0.9.8x PHP/5.4.13
x-frame-options: SAMEORIGIN
X-Powered-By: PHP/5.4.13
Vary: User-Agent
Content-Length: 2035
Connection: close
Content-Type: text/html; charset=utf-8

<html>
....

Netcat as a Port Scanner

If you don't have nmap installed, you can use netcat as a very quick and simple portscanner. It is noisy though and includes rows for success and failure. The -v flag adds verbosity. The -w2 flag adds a 2 second timeout to try to speed things up. The -r flag randomizes the source ports to help get this through firewalls. Finally, the -z flag allows us to specify a port range.

[tethys]:/home/rnejdl> nc -v -w2 -r -z tethys.ringofsaturn.com 20-80
nc: connect to tethys.ringofsaturn.com port 37 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 37 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 29 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 29 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 49 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 49 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 40 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 40 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 31 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 31 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 50 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 50 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 21 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 21 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 70 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 70 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 58 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 58 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 59 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 59 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 27 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 27 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 54 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 54 (tcp) failed: Operation timed out
Connection to tethys.ringofsaturn.com 80 port [tcp/http] succeeded!
nc: connect to tethys.ringofsaturn.com port 38 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 38 (tcp) failed: Operation timed out
Connection to tethys.ringofsaturn.com 53 port [tcp/domain] succeeded!
nc: connect to tethys.ringofsaturn.com port 34 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 34 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 68 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 68 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 46 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 46 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 71 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 71 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 28 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 28 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 63 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 63 (tcp) failed: Operation timed out
Connection to tethys.ringofsaturn.com 22 port [tcp/ssh] succeeded!
nc: connect to tethys.ringofsaturn.com port 56 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 56 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 47 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 47 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 30 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 30 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 51 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 51 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 64 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 64 (tcp) failed: Operation timed out
Connection to tethys.ringofsaturn.com 25 port [tcp/smtp] succeeded!
nc: connect to tethys.ringofsaturn.com port 45 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 45 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 26 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 26 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 72 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 72 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 75 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 75 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 77 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 77 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 39 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 39 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 57 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 57 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 35 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 35 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 74 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 74 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 23 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 23 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 79 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 79 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 76 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 76 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 33 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 33 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 52 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 52 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 66 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 66 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 24 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 24 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 48 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 48 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 61 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 61 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 44 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 44 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 36 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 36 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 42 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 42 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 60 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 60 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 78 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 78 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 41 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 41 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 65 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 65 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 67 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 67 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 69 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 69 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 62 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 62 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 32 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 32 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 20 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 20 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 55 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 55 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 73 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 73 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 43 (tcp) failed: Operation timed out
nc: connect to tethys.ringofsaturn.com port 43 (tcp) failed: Operation timed out
[tethys]:/home/rnejdl> 

Netcat acting as a Server

Many times the network administrator has the need to test the connectivity of many network services going through the interfaces of a firewall, but configuring services like DNS and Web Servers just for the purpose of a test could take a long and precious time. Netcat helps us in this task by using it in LISTEN (-l) mode in any socket or port (-p) we want, as can be seen in the example below:

# nc -l -p 80

Be sure to run the above command as root or you will likely get a permission denied when trying to bind to a port less than 1024.

Transferring files

With knowing that you can have netcat act as a server, you can also have it pass a file. This example will pass a text file in clear text using pipes. We will use md5sum in this example to verify that integrity of the file on the receiving end.

Server 1 (serving the file)
[tethys]:/home/rnejdl# md5 php.txt 
MD5 (php.txt) = 31ddd4aa8df1fc569d56d8cd2fcae048
[tethys]:/home/rnejdl# cat php.txt | nc -l -p 10000

Server 2 (capturing the file)
[tethys]:/home/rnejdl# nc 192.168.217.132 10000 > get-client.txt
[tethys]:/home/rnejdl# md5 get.txt
MD5 (php.txt) = 31ddd4aa8df1fc569d56d8cd2fcae048
[tethys]:/home/rnejdl#
}