Netcat or nc (the command) is a networking utility for debugging and investigating a network, typically by creating and utilizing raw TCP/IP connections.  Known as “The Swiss Army Knife for TCP/IP”, nc is used to read or write to network connections using TCP or UDP.

It’s raw features include:

  • Outbound or inbound connections, TCP or UDP, to or from any ports
  • Full DNS forward/reverse checking, with appropriate warnings
  • Ability to use any local source port
  • Ability to use any locally-configured network source address
  • Built-in port-scanning capabilities, with randomization
  • Built-in loose source-routing capability
  • Can read command line arguments from standard input
  • Slow-send mode, one line every N seconds
  • Hex dump of transmitted and received data
  • Optional ability to let another program service established connections
  • Optional telnet-options responder
  • Featured tunneling mode which allows also special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.)

Here are some useful Netcat constructs:

1. Netcat in a Server-Client Architecture

The netcat utility can be run in server mode on a specified port to listen for incoming connections.  For instance, to listen on port 2389:

$ nc -l 2389

Also, it can be used in client mode to connect to a client on a specific port (2389)

$ nc localhost 2389

You can then send raw data (text in this example) to the server through Netcat

$ nc localhost 2389
I AM SENDING THIS TEXT THRU NC TO PORT 2389 ON LOCALHOST

On the terminal where server is running, you would see the text appear:

$ nc -l 2389
I AM SENDING THIS TEXT THRU NC TO PORT 2389 ON LOCALHOST

2. Use Netcat to Transfer Files

The netcat utility can also be used to transfer files. On the client side, suppose we have a file named ‘testfile’ containing :

$ cat testfile
hello test

and at the server side we have an empty file ‘test’

Now, we activate listener on port 2389 and redirect communication received through the listener to the file named test :

$ nc -l 2389 > test

On the client side, cat the testfile to the nc listener on the server:

cat testfile | nc localhost 2389

Now, we cat the file to see if the text came through nc ok:

$ cat test
hello test

The file data was transferred from client to server using nc.

3. Netcat Supports Timeouts

There are cases when we do not want a connection to remain open forever. In that case, through the nc ‘-w’ switch we can specify the timeout for the connection. After X seconds (specified with -w flag), the connection between the client and server will be terminated.

Server :

nc -l 2389

Client :

$ nc -w 10 localhost 2389

The connection above would be terminated after 10 seconds.

NOTE : Do not use the -w flag with -l flag at the server side as in that case -w flag causes no effect and hence the connection remains open forever.

4. Netcat Supports IPV6 Connectivity

The flag -4 or -6 specifies that netcat utility should use which type of addresses. -4 forces nc to use IPV4 address while -6 forces nc to use IPV6 address.

Server :

$ nc -4 -l 2389

Client :

$ nc -4 localhost 2389

Now, if we run the netstat command, we see :

$ netstat | grep 2389
tcp        0      0 localhost:2389          localhost:50851         ESTABLISHED
tcp        0      0 localhost:50851         localhost:2389          ESTABLISHED

The first field in the above output would contain a postfix ’6′ in case the IPV6 addresses are being used. Since in this case it is not, so a connection between server and client is established using IPV4 addresses.

Now, If we force nc to use IPV6 addresses

Server :

$ nc -6 -l 2389

Client :

$ nc -6 localhost 2389

Now, if we run the netstat command, we see :

$ netstat | grep 2389
tcp6       0      0 localhost:2389          localhost:33234         ESTABLISHED
tcp6       0      0 localhost:33234         localhost:2389          ESTABLISHED

So now a postfix ’6′ with ‘tcp’ shows that nc is now using IPV6 addresses.

5. Disable Reading from STDIN in Netcat

This functionality can be achieved by using the flag -d. In the following example, we used this flag at the client side.

Server :

$ nc -l 2389

Client :

$ nc -d localhost 2389
Hi

The text ‘Hi’ will not be sent to the server end as using -d option the read from stdin has been disabled.

6. Force Netcat Server to Stay Up

If the netcat client is connected to the server and then after sometime the client is disconnected then normally netcat server would also terminate.  For example

Server :

$ nc -l 2389

Client :

$ nc localhost 2389
^C

Server :

$ nc -l 2389
$

In the above example we see that as soon as the client got disconnected the server was also terminated.

This behavior can be changed by using the -k flag at the server side to force the server to stay up even after the client has disconnected.

Server :

$ nc -k -l 2389

Client :

$ nc localhost 2389
^C

Server :

$ nc -k -l 2389

So we see that by using the -k option the server remains up even if the client got disconnected.

7. Configure Netcat Client to Stay Up after EOF

Netcat client can be configured to stay up after EOF is received. In a normal scenario, if the nc client receives an EOF character then it terminates immediately but this behavior can also be controlled if the -q flag is used. This flag expects a number which depicts number of seconds to wait before client terminates (after receiving EOF)

Client should be started like :

nc  -q 5  localhost 2389

Now if the client ever receives an EOF then it will wait for 5 seconds before terminating.

8. Use Netcat with UDP Protocol

By default all the sockets that nc utility creates are TCP protocols but this utility also works with UDP protocol. To enable UDP protocol the -u flag is used.

Server :

$ nc -4 -u -l 2389

Client :

$ nc -4 -u localhost 2389

Now, both the server and client are configured to use UDP protocol. This can be confirmed by the following netstat command. So we see that this connection is now using the UDP protocol.

$ netstat | grep 2389
udp        0      0 localhost:42634         localhost:2389          ESTABLISHED

Leave a Reply