Netcat command

Introduction
• ncat or nc is networking utility with functionality
similar to cat command but for network.
• It  is a general purpose CLI tool for reading, writing,
redirecting data across a network.
• It is  designed to be a reliable back-end tool that can
be used with scripts or other programs. 
• It’s also a great tool for network debugging, as it can
create any kind of connect one can need.
• ncat/nc can be a port scanning tool,
• a security tool
• a monitoring tool 
• a simple TCP proxy. 
• Since it has so many features, it is known as a
network Swiss army knife.
• It’s one of those tools that every System Admin
should know & master.
• System admins can use it audit their system
security
• they can use it find the ports that are opened &
then secure them.
• Admins can also use it as a client for auditing web
servers, telnet servers, mail servers and so on.
• with ‘nc’ we can control every character sent & can
also view the responses to sent queries.
Command Line Options

• Option Usage
• -u The -u option tells nc to work in UDP mode. If -
u is not present, nc will be using TCP.
• -l The -l option tells nc to listen for incoming
connections, which makes it a server process.
• -h The -h option displays a help screen.
• -e filename The -e option tells nc to execute the a
file named with the filename parameter after a
client connection.
• -c string The -c option tells nc to pass the contents
of string to /bin/sh -c for execution after a client
connection.
• -i seconds The -i option defines the delay interval
used by nc when sending lines or scanning ports.
• -q seconds The -q option tells nc to wait the specified
number of seconds before quitting after getting
an EOF in standard input. If the value is negative,
nc will wait forever.
• -v The -v option tells nc to produce verbose output.
• -vvThe -vv option tells nc to produce even more
verbose output than the -v option.
• -z The -z option tells nc to use zero-I/O mode, which
is used when performing port scanning.
• -r The -r option tells nc to use random local and
remote ports, which might be good for testing.
• -o file The -o option tells nc to save the hex
dump of network traffic to file, which might be
handy for debugging.
• -n The -n option tells nc to use IP addresses (numeric)
only.
• -p port The -p option tells nc which port number to
use.
• -b The -b option tells nc to allow UDP broadcasts.
• -C The -C option tells nc to send CRLF as line-ending.
• -T type The -T option allows nc to set the type
of the TOS (Type Of Service) flag.
• -g gateway The -g option allows you to specify the
route that the packets will take through the
network. we can learn more about Source
Routing here.
• -G number The value of the -G option allows you
to specify the value of the source routing
pointer. we can learn more about the Source
Routing pointer here.
• -s address The -s option allows you to specify the
local source address that will be used in the nc
command.
• -t The -t option is used for enabling telnet
negotiation.
Using netcat as a Client
• The most common use of netcat is to act as a client
for a server process.
• This is mostly used for troubleshooting network
servers and network connections
• providing nc with just a hostname or IP address and
a port number will make netcat act as the telnet
utility
• # nc localhost port_number
• # nc 127.0.0.1 1234
Using netcat as a Server

• nc will accept connections at a given port and act as

a server when you execute it with the -l option
• # nc -l -p 1234
• In another terminal window, connect a client to the
server with nc
• # nc 127.0.0.1 1234
Using netcat for Port Scanning
• Netcat can be used for port scanning as a naive
version of nmap with the -z option.
• The command that follows scans the localhost,
which has an IP address of 127.0.0.1, using a range
of port numbers from 1 to 30 (1-30)
• # nc –v –w 2 –z 127.0.0.1 80 – scan single port
• # nc –v –w 2 –z 127.0.0.1 80 81 – scan multiple port
• # nc –v –w 2 –z 127.0.0.1 1-30 – scan range of port
Use Netcat to Transfer Files
• The netcat utility can also be used to transfer files.
Client side
• $ cat testfile
Hello World
Server side
Filename>test
To run the server:
$ nc -l port_no > test

To run the client:

cat testfile | nc localhost port_no

$ cat test
Netcat Supports Timeouts

• There are cases when we do not want a connection to

remain open forever.
• In that case, through ‘-w’ option we can specify the
timeout in a connection.
• after the seconds specified along with -w flag, the
connection between the client and server is terminated.
• Server :
• nc -l port_no

• Client :
• $ nc -w 10 localhost port_no
• The connection above would be terminated after 10
seconds.
Netcat Supports IPV6 Connectivity

• The flag -4 or -6 specifies that netcat utility should use

which type of addresses.
• -4 forces nc to use IPV4 address while -6 forces nc to use
IPV6 address.
• Server :

• $ nc -4 -l port_no
• Client :

• $ nc -4 localhost port_no
• $ netstat | grep port_no
• tcp
• Server :

• $ nc -6 -l port_no
• Client :

• $ nc -6 localhost port_no

• $ netstat | grep port_no

• tcp6
Force Netcat Server to Stay Up
• If the netcat client is connected to the server and then after sometime
the client is disconnected then normally netcat server also terminates.

• Server :

• $ nc -l port_no
• Client :

• $ nc localhost port_no
• ^C
• Server :

• $ nc -l port_no
•$
• So, in the above example we see that as soon as the client got
disconnected the server was also terminated.
• This behavior can be controlled by using the -k flag at the
server side to force the server to stay up even after the client
has disconnected.

• Server :

• $ nc -k -l port_no
• Client :

• $ nc localhost port_no
• ^C
• Server :

• $ nc -k -l port_no
• So we see that by using the -k option the server remains up
even if the client got disconnected.