Netcat – secret weapon
- Tony Mattke
- Automation & tools
- April 19, 2010
- 3 min read
Netcat or nc, is a forgotten tool in too many arsenals these days. It lays dormant waiting at the command line to make connections across the globe for you. Knowing how to use it, could ease many of your day to day tasks. Simply put, netcat creates a TCP socket either in listening mode (server) or a socket that is used to connect to a server (client).
One of the simplest examples is to use it for a chat server / client. Lets assume were starting the server on a host with an ip address of 198.19.6.8 and were going to use port 8888. The following example allows us to setup a connection between the two hosts and type messages back and forth using stdin.
server:~$ nc -lp 8888
# ...in a subnet far far away
client:~$ nc 198.19.6.8 8888File Transfers
With the use of pipes, we can transfer files over netcat. The general idea is the same, we’re just feeding data into stdin.
server:~$ cat img.tar | nc -lp 8888
# And on the client side..
client:~$ nc 198.19.6.8 8888 > img.tarSince netcat is indifferent to what it is transporting across the network, if you wish to monitor the progress of any transfers you’ll need to pipe your file through Pipe Viewer (pv) first. You can do this on either the server or client side.
server:~$ cat img.tar | pv -rb | nc -lp 8888
# or
client:~$ nc 198.19.6.8 8888 | pv -rb > img.tarSince netcat uses a clear channel across the network, any traffic sent over it is unsecured. While this may be acceptable on your local area network, transfers across the internet should be secured. This is easily accomplished by piping netcat through an ssh tunnel. The server side configuration is identical to previous examples, your client side initiates the ssh connection. Of course, all of this assumes that you have sshd running on the host in question.
client:~$ ssh -f -L 2222:127.0.0.1:8888 [email protected] sleep 5; nc 127.0.0.1 2222 | pv -rb > img.tarPort Scanning
Netcat can also act as a quick and dirty port scanner…
client:~$ nc -v -w 1 test.net -z 1-1000
test.net [198.19.205.2] 995 (pop3s) open
test.net [198.19.205.2] 993 (imaps) open
test.net [198.19.205.2] 143 (imap2) open
test.net [198.19.205.2] 110 (pop3) open
test.net [198.19.205.2] 80 (www) open
test.net [198.19.205.2] 22 (ssh) openOther Uses
The uses for netcat are endless, anything you can imagine can be piped through nc and sent across your network. Some of my favorites have included tcpdumps, dd images of partitions, and a quick and dirty web server. I’d be curious to hear what uses you’ve come up with in the comments below.
