What is Netcat?
Netcat (also known as ?nc? or ?Swiss Army knife?) is a networking utility used for reading or writing from TCP and UDP sockets using an easy interface. NetCat is designed as a Dependable ?back-end? device that can be used directly or easily driven by other programs and scripts. Netcat is a treat to network administrators, programmers, and pen-testers as it?s a feature rich network debugging and investigation tool.
This article will show you netcat usage by examples I have used with it. There are obviously a lot more ways of using it but my needs have been simple.
Basic Usage
Netcat syntax is very easy and simple, and is practically similar in any Unix-like Operating System. The executable netcat command is nc.
# nc [-options]port[s] [ports]
Where:
- nc: The executable netcat command name, executed on the shell;
- [-options]: Options Parameters and arguments passed to the main command executable, like listen, tcp, etc;
: IP or name of the host to be connected to; - port[s]: TCP/UDP port used for the service;
Examples
Testing a UDP Port
I often have to test to see if firewall rules have been opened and telnet is for TCP. Simply enough you can do the following:
[tethys]:/home/rnejdl> sudo nc -vu tethys.ringofsaturn.com 53 Connection to tethys.ringofsaturn.com 53 port [udp/domain] succeeded! ^CExit 130
When you run the command you can actually send data over so you need to press CTRL+C to break out of netcat.
Testing a TCP Port
Testing a tcp port is very easy and can be done with telnet but this is all about netcat. Below, I test port 80 on my webserver and do actually pass some commands over to get traffic back.
[tethys]:/home/rnejdl> nc tethys.ringofsaturn.com 80 GET / HTTP/1.0 HTTP/1.1 200 OK Date: Tue, 09 Apr 2013 16:12:22 GMT Server: Apache/2.4.4 (FreeBSD) OpenSSL/0.9.8x PHP/5.4.13 x-frame-options: SAMEORIGIN X-Powered-By: PHP/5.4.13 Vary: User-Agent Content-Length: 2035 Connection: close Content-Type: text/html; charset=utf-8 <html> ....
Netcat as a Port Scanner
If you don't have nmap installed, you can use netcat as a very quick and simple portscanner. It is noisy though and includes rows for success and failure. The -v flag adds verbosity. The -w2 flag adds a 2 second timeout to try to speed things up. The -r flag randomizes the source ports to help get this through firewalls. Finally, the -z flag allows us to specify a port range.
[tethys]:/home/rnejdl> nc -v -w2 -r -z tethys.ringofsaturn.com 20-80 nc: connect to tethys.ringofsaturn.com port 37 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 37 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 29 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 29 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 49 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 49 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 40 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 40 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 31 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 31 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 50 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 50 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 21 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 21 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 70 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 70 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 58 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 58 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 59 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 59 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 27 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 27 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 54 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 54 (tcp) failed: Operation timed out Connection to tethys.ringofsaturn.com 80 port [tcp/http] succeeded! nc: connect to tethys.ringofsaturn.com port 38 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 38 (tcp) failed: Operation timed out Connection to tethys.ringofsaturn.com 53 port [tcp/domain] succeeded! nc: connect to tethys.ringofsaturn.com port 34 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 34 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 68 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 68 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 46 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 46 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 71 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 71 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 28 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 28 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 63 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 63 (tcp) failed: Operation timed out Connection to tethys.ringofsaturn.com 22 port [tcp/ssh] succeeded! nc: connect to tethys.ringofsaturn.com port 56 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 56 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 47 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 47 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 30 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 30 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 51 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 51 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 64 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 64 (tcp) failed: Operation timed out Connection to tethys.ringofsaturn.com 25 port [tcp/smtp] succeeded! nc: connect to tethys.ringofsaturn.com port 45 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 45 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 26 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 26 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 72 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 72 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 75 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 75 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 77 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 77 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 39 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 39 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 57 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 57 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 35 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 35 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 74 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 74 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 23 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 23 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 79 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 79 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 76 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 76 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 33 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 33 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 52 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 52 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 66 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 66 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 24 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 24 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 48 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 48 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 61 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 61 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 44 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 44 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 36 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 36 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 42 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 42 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 60 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 60 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 78 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 78 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 41 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 41 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 65 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 65 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 67 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 67 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 69 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 69 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 62 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 62 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 32 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 32 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 20 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 20 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 55 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 55 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 73 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 73 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 43 (tcp) failed: Operation timed out nc: connect to tethys.ringofsaturn.com port 43 (tcp) failed: Operation timed out [tethys]:/home/rnejdl>
Netcat acting as a Server
Many times the network administrator has the need to test the connectivity of many network services going through the interfaces of a firewall, but configuring services like DNS and Web Servers just for the purpose of a test could take a long and precious time. Netcat helps us in this task by using it in LISTEN (-l) mode in any socket or port (-p) we want, as can be seen in the example below:
# nc -l -p 80
Be sure to run the above command as root or you will likely get a permission denied when trying to bind to a port less than 1024.
Transferring files
With knowing that you can have netcat act as a server, you can also have it pass a file. This example will pass a text file in clear text using pipes. We will use md5sum in this example to verify that integrity of the file on the receiving end.
Server 1 (serving the file) [tethys]:/home/rnejdl# md5 php.txt MD5 (php.txt) = 31ddd4aa8df1fc569d56d8cd2fcae048 [tethys]:/home/rnejdl# cat php.txt | nc -l -p 10000 Server 2 (capturing the file) [tethys]:/home/rnejdl# nc 192.168.217.132 10000 > get-client.txt [tethys]:/home/rnejdl# md5 get.txt MD5 (php.txt) = 31ddd4aa8df1fc569d56d8cd2fcae048 [tethys]:/home/rnejdl#