Netcat is a computer network tool used to create, connect network connections. Netcat also abbreviated as nc. Netcat tool supports TCP and UDP protocols. Even it is not complicated it is a very powerful tool used by system administrators, network administrators, and security professionals. The netcat tool is cross-platform which is supported and provided platforms like Linux, macOS, Windows, BSD, etc.
Netcat comes as preinstalled with most of the Linux distributions. But sometimes you may need to install netcat if it is uninstalled or does not install by default.
Install Ubuntu, Debian, Mint, Kali:
sudo apt install netcat
sudo yum install netcat
Display Help Information
Netcat command is executed as nc . The help information about the Netcat tool can be displayed by using the -h option.
The help output contains options and their descriptions.
OpenBSD netcat (Debian patchlevel 1.217-2ubuntu1) usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl] [-m minttl] [-O length] [-P proxy_username] [-p source_port] [-q seconds] [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit] [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]] [destination] [port] Command Summary: -4 Use IPv4 -6 Use IPv6 -b Allow broadcast -C Send CRLF as line-ending -D Enable the debug socket option -d Detach from stdin -F Pass socket fd -h This help text -I length TCP receive buffer length -i interval Delay interval for lines sent, ports scanned -k Keep inbound sockets open for multiple connects -l Listen mode, for inbound connects -M ttl Outgoing TTL / Hop Limit -m minttl Minimum incoming TTL / Hop Limit -N Shutdown the network socket after EOF on stdin -n Suppress name/port resolutions -O length TCP send buffer length -P proxyuser Username for proxy authentication -p port Specify local port for remote connects -q secs quit after EOF on stdin and delay of secs -r Randomize remote ports -S Enable the TCP MD5 signature option -s sourceaddr Local source address -T keyword TOS value -t Answer TELNET negotiation -U Use UNIX domain socket -u UDP mode -V rtable Specify alternate routing table -v Verbose -W recvlimit Terminate after receiving a number of packets -w timeout Timeout for connects and final net reads -X proto Proxy protocol: "4", "5" (SOCKS) or "connect" -x addr[:port] Specify proxy address and port -Z DCCP mode -z Zero-I/O mode [used for scanning] Port numbers can be individual or ranges: lo-hi [inclusive]
Alternatively the Linux and BSD systems provides the manual page of the netcat tool with the following command. The manual page provides more detailed information and description about the nc command.
Netcat/nc Command Syntax
The netcat tool or nc command has very simple syntax. As a network based tool it is mainly used with host and port information.
nc OPTIONS HOST PORT
- OPTIONS is used to provide different options. This is optional.
- HOST is used to specify the IP address. Generally used to connect remote system. This is optional.
- PORT is used to specify the local or remote port. This is required.
Scan TCP Ports
One of the most interesting and popular feature of the netcat command is network or port scanning. But as you expect netcat do not provides similar experience to the nmap. netcat command simply scans single host which is specified with its IP address and the port range we want to scan. In the following example we will scan the remote host 192.168.252.134 .
nc -z -v 192.168.253.134 20-800
This port scan create a lot of output where the result of the every port is printed to the terminal like below.
... nc: connect to 192.168.253.134 port 73 (tcp) failed: Connection refused nc: connect to 192.168.253.134 port 74 (tcp) failed: Connection refused nc: connect to 192.168.253.134 port 75 (tcp) failed: Connection refused nc: connect to 192.168.253.134 port 76 (tcp) failed: Connection refused nc: connect to 192.168.253.134 port 77 (tcp) failed: Connection refused nc: connect to 192.168.253.134 port 78 (tcp) failed: Connection refused nc: connect to 192.168.253.134 port 79 (tcp) failed: Connection refused Connection to 192.168.253.134 80 port [tcp/http] succeeded! nc: connect to 192.168.253.134 port 81 (tcp) failed: Connection refused nc: connect to 192.168.253.134 port 82 (tcp) failed: Connection refused nc: connect to 192.168.253.134 port 83 (tcp) failed: Connection refused nc: connect to 192.168.253.134 port 84 (tcp) failed: Connection refused nc: connect to 192.168.253.134 port 85 (tcp) failed: Connection refused nc: connect to 192.168.253.134 port 86 (tcp) failed: Connection refused nc: connect to 192.168.253.134 port 87 (tcp) failed: Connection refused ...
By default the netcat tool prints all port results wheter they are open or closed. We can make output more readable by only printing the opne ports. Only open ports can be listed by using the grep command. We will filter only lines those contains “succeeded” which means port is open.
nc -z -v 192.168.253.134 20-800 2>&1 | grep succeeded
Only open ports are listed like below as we can see there is only 2 ports which are open.
Connection to 192.168.253.134 22 port [tcp/ssh] succeeded! Connection to 192.168.253.134 80 port [tcp/http] succeeded!
Scan UDP Ports
Even not popular as TCP the netcat can be used to scan UDP ports similar fashion to the TCP scan. In order to scan UDP ports the -u option is provided to the nc command. Other options are the same with the TCP scan where the hostname and port range is provided. In the following example we will scan the 192.168.253.134 for UDP port range 100-200.
nc -z -u -v 192.168.253.134 100-200
Send Data/Text To Remote Host
As a simple tool netcat can be used for simple operations like sending some data to the remote system. Also some text can be send to the remote system specified port. In the following example we will send the data or message “HELO” to the remote port number 25 which is SMTP port by default.
echo "HELO" | nc 192.168.10.10 25
Send File To Remote Host
Another useful feature of the netcat tool is the ability to send file into the remote system via network. Simply the provided file is transferred into the remote host like a simple binary copy and paste. As there is two parts the remote system should listed a port in order to accept data from the local host. With the following command the remote system starts listening port number 3333 and write all incoming data into the myfile.
nc -l 3333 myfile
Now the remote system is listening for port 3333. In the local system we will read the file we want to transfer and transmit it with the nc command to the remote system. The remote system IP address is 192.168.1.10 . We will redirect the local file named myfile into the nc command like below.
nc 192.168.1.10 3333 < myfile
Create Chat Server
Interestingly the nc command can be used to create chat server where multiple users can connect and send messages. The methodology used to create chat server is the same with file transfer. In this case simple text is transferred between local and remote systems. First we will create a listening port which will be 4444 in this case.
nc -l 4444
On the other side we will connect to the chat server by providing its IP address and port number which is 4444.
nc 192.168.253.134 4444
Make HTTP Request
The nc command can be used to make HTTP Requests to the remote web server. Even there are more useful tools nc provides basic usage about making HTTP Requests. The HTTP Request text is redirected into the nc command where the nc command uses the specified remote web server IP address/Hostname and port number.
printf "GET / HTTP/1.1" | nc google.com 80
Alternatively the multiple lines for the HTTP Request can be expressed by using the “\r\n” end of line.
printf "GET / HTTP/1.1\r\nHost:google.com\r\n\r\n" | nc google.com 80