Terry : netcat

This page last changed on May 03, 2013 by terry.

netcat is the TCP/IP Swiss Army Knife

DESCRIPTION

The nc (or netcat) utility is used for just about anything under the sun involving TCP or UDP.  It can open TCP connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning, and deal with both IPv4 and IPv6.  Unlike telnet(1), nc scripts nicely, and separates error messages onto standard error instead of sending them to standard output, as telnet(1) does with some.

Common uses include:

  • simple TCP proxies
  • shell-script based HTTP clients and servers
  • network daemon testing
  • a SOCKS or HTTP ProxyCommand for ssh(1)
  • and much, much more

Use cases

Transfer files over network

On destination host, listening on specified port, waiting to receive stream

Example: waiting to receive a tar file and then extract it to the destination folder:

nc -l port | tar zxvfp -C /mnt/backup

Example: listen on port, save the received file to terry.tar.gz

nc -l port > terry.tar.gz

Send the file (terry.tar.gz)

cat terry.tar.gz | nc -q 0 hostname port

Or

nc -q 0 hostname port < terry.tar.gz

Option -q: after EOF on stdin, wait the specified number of seconds and then quit. If seconds is negative, wait forever.

NOTE: For security reasons, scp or rsync over SSH are recommended.

Use netcat as chat service

server

nc -l port

client

nc hostname port

netcat as a port scanner

nc -vz hostname 20-1204

Port Scan a range of hosts (IPs) using netcat

Example, discover VNC on port 5900 (:0)

for i in {1..253}; do nc -vz -n -w 1 10.187.46.$i 5900; done
for i in {1..253}; do nc -vz -n -w 1 10.187.39.$i 10000; done

nmap (recommended)

# discover port 10000 (webmin)
nmap -T4 -p10000 10.187.46.100-199


# quick scan with OS detection
nmap -sT -O IP_RANGE

NOTE: use range in form of 192.168.0-255.1-127

Other useful tools

  • socat
  • corkscrew
  • connect-proxy