Netcat – secret weapon

Netcat or nc, is a forgotten tool in too many arsenals these days. It lays dormant waiting at the command line to make connections across the globe for you. Knowing how to use it, could ease many of your day to day tasks. Simply put, netcat creates a TCP socket either in listening mode (server) or a socket that is used to connect to a server (client).

One of the simplest examples is to use it for a chat server / client. Lets assume were starting the server on a host with an ip address of 198.19.6.8 and were going to use port 8888. The following example allows us to setup a connection between the two hosts and type messages back and forth using stdin.

server:~$ nc -lp 8888
... in a subnet far far away
client:~$ nc 198.19.6.8 8888

File Transfers

With the use of pipes, we can transfer files over netcat. The general idea is the same, we’re just feeding data into stdin.

server:~$ cat img.tar | nc -lp 8888

And on the client side.. 
client:~$ nc 198.19.6.8 8888 > img.tar

Since netcat is indifferent to what it is transporting across the network, if you wish to monitor the progress of any transfers you’ll need to pipe your file through Pipe Viewer (pv) first. You can do this on either the server or client side.

server:~$ cat img.tar | pv -rb |  nc -lp 8888
or
client:~$ nc 198.19.6.8 8888 | pv -rb  > img.tar

Since netcat uses a clear channel across the network, any traffic sent over it is unsecured. While this may be acceptable on your local area network, transfers across the internet should be secured. This is easily accomplished by piping netcat through an ssh tunnel. The server side configuration is identical to previous examples, your client side initiates the ssh connection. Of course, all of this assumes that you have sshd running on the host in question.

client:~$ ssh -f -L 2222:127.0.0.1:8888 [email protected] sleep 5;  nc 127.0.0.1 2222 | pv -rb > img.tar

Port Scanning

Netcat can also act as a quick and dirty port scanner…

client:~$ nc -v -w 1 test.net -z 1-1000
test.net [198.19.205.2] 995 (pop3s) open
test.net [198.19.205.2] 993 (imaps) open
test.net [198.19.205.2] 143 (imap2) open
test.net [198.19.205.2] 110 (pop3) open
test.net [198.19.205.2] 80 (www) open
test.net [198.19.205.2] 22 (ssh) open

Other Uses

The uses for netcat are endless, anything you can imagine can be piped through nc and sent across your network. Some of my favorites have included tcpdumps, dd images of partitions, and a quick and dirty web server. I’d be curious to hear what uses you’ve come up with in the comments below.