Netcat – secret weapon

Netcat – secret weapon

Netcat or nc, is a forgotten tool in too many arsenals these days. It lays dormant waiting at the command line to make connections across the globe for you. Knowing how to use it, could ease many of your day to day tasks. Simply put, netcat creates a TCP socket either in listening mode (server) or a socket that is used to connect to a server (client).

One of the simplest examples is to use it for a chat server / client. Lets assume were starting the server on a host with an ip address of and were going to use port 8888. The following example allows us to setup a connection between the two hosts and type messages back and forth using stdin.

server:~$ nc -lp 8888
... in a subnet far far away
client:~$ nc 8888

File Transfers

With the use of pipes, we can transfer files over netcat. The general idea is the same, we’re just feeding data into stdin.

server:~$ cat img.tar | nc -lp 8888

And on the client side.. 
client:~$ nc 8888 > img.tar

Since netcat is indifferent to what it is transporting across the network, if you wish to monitor the progress of any transfers you’ll need to pipe your file through Pipe Viewer (pv) first. You can do this on either the server or client side.

server:~$ cat img.tar | pv -rb |  nc -lp 8888
client:~$ nc 8888 | pv -rb  > img.tar

Since netcat uses a clear channel across the network, any traffic sent over it is unsecured. While this may be acceptable on your local area network, transfers across the internet should be secured. This is easily accomplished by piping netcat through an ssh tunnel. The server side configuration is identical to previous examples, your client side initiates the ssh connection. Of course, all of this assumes that you have sshd running on the host in question.

client:~$ ssh -f -L 2222: [email protected] sleep 5;  nc 2222 | pv -rb > img.tar

Port Scanning

Netcat can also act as a quick and dirty port scanner…

client:~$ nc -v -w 1 -z 1-1000 [] 995 (pop3s) open [] 993 (imaps) open [] 143 (imap2) open [] 110 (pop3) open [] 80 (www) open [] 22 (ssh) open

Other Uses

The uses for netcat are endless, anything you can imagine can be piped through nc and sent across your network. Some of my favorites have included tcpdumps, dd images of partitions, and a quick and dirty web server. I’d be curious to hear what uses you’ve come up with in the comments below.

comments powered by Disqus

Related Posts

Public Service Announcement for Engineers

Public Service Announcement for Engineers

We all know how stressful our jobs can be. And we certainly know about our own hot button issues that press on the nerves in our brain, resulting in great pain and agony which in …

Read More
Forward Networks – A forward approach to formal verification

Forward Networks – A forward approach to formal verification

Forward Networks has stepped out of the shadows to announce their Network Assurance platform, and I was fortunate enough to be a delegate for Networking Field Day 13 to see their …

Read More
Securing SSH against bruteforce attacks

Securing SSH against bruteforce attacks

This is one of the methods I’ve used in the past to secure a Linux host against brute force ssh attacks. While its not a perfect method, it does a good job of preventing 100s of …

Read More