Netcat (nc) command is a powerful tool to analyze network connections, scan for open ports, transfer data etc. It is a networking utility for reading from and writing to network connections using TCP or UDP protocols.
How to install netcat
Its is a cross-platform tool and it is available for Linux, macOS, Windows and BSD. We are going to install netcat on Ubuntu 18.04 machine using apt install or compiling it from source code.
Installation using apt is pretty simple, you just need to type the following command in the terminal:
sudo apt install netcat
On CentOS 8
The ncat can be installed with nmap package on RHEL 8/CentOS 8. Use dnf command as below
sudo dnf install nmap
How to install netcat from source code
Compiling netcat from source code is not as easy as installing via apt install, but if you follow the steps below you can install it easily.
Download the source code from netcat website with the following command
wget http://sourceforge.net/projects/netcat/files/netcat/0.7.1/netcat-0.7.1.tar.gz
Extract the newly downloaded archive. To do so you can run:
tar -xzvf netcat-0.7.1.tar.gz
cd to the directory containing the package’s source code and type ./configure to configure the package for your system.
cd netcat-0.7.1
./configure
If you are getting error message like this – “no acceptable C compiler found in $PATH” when running ./configure command, make sure you have installed gcc compiler. To install it type the following command:
apt-get install build-essential
Running configure takes awhile.
Once configure has been successfully finished run:
sudo make
and
sudo make install
You can remove the program binaries and object files from the source code directory by typing make clean. To also remove the files that configure created, run make distclean command.
Netcat Examples
Before starting to explore some netcat commands it’s important to know that if you are binding to well-known ports (0-1023) with nc, you need root privilege. Otherwise, you can run nc as a normal user.
1) Test if a particular TCP port of a remote host is open
nc -vn 192.168.40.146 2424
Output if the 2424 port on remote server is closed
nc: connect to 192.168.40.146 port 2424 (tcp) failed: Connection refused
Output if the port on remote server is opened (e.g. 22 port)
Connection to 192.168.40.146 22 port [tcp/*] succeeded! SSH-2.0-OpenSSH_7.6p1 Ubuntu-4
2) Perform TCP port scanning against a remote host
The command below will check the ports from 20 to 25 on the remote host and print the result.
nc -vnz -w 1 192.168.40.146 20-25
Output will look like this
nc: connect to 192.168.40.146 port 20 (tcp) failed: Connection refused nc: connect to 192.168.40.146 port 21 (tcp) failed: Connection refused Connection to 192.168.40.146 22 port [tcp/*] succeeded! nc: connect to 192.168.40.146 port 23 (tcp) failed: Connection refused nc: connect to 192.168.40.146 port 24 (tcp) failed: Connection refused nc: connect to 192.168.40.146 port 25 (tcp) failed: Connection refused
3) Perform UDP port scanning against a remote host
nc -vnzu 192.168.40.146 1-65535
Output will show only the ports which allow udp connections.
Connection to 192.168.40.146 2424 port [udp/*] succeeded! Connection to 192.168.40.146 12354 port [udp/*] succeeded!
4) Send a test UDP packet to a remote host
echo -n "udp test" | nc -u -w1 192.168.40.146 2424
The command above will send a test UDP packet with 1 second timeout to a remote host at port 2424
5) Copy a file (e.g., test.txt) from one host to another
On the receiver host (192.168.40.146 in my case) run:
nc -lp 2424 > test.txt
On the sender host (192.168.40.144) run the following command:
nc 192.168.40.146 2424 < test.txt
This will copy test.txt file from sender host to receiver host via 2424 port. make sure to allow incoming connections on 2424 port on the receiver host.
6) Transfer a whole directory (including its content) from one host to another
On the receiver host run:
nc -l 2424 | tar xvf -
On the sender host run the following command:
tar cvf - /path/to/dir | nc 192.168.40.146 2424
7) Create a compressed backup of hard drive (e.g., /dev/sdc) on a remote host
On the remote host run:
nc -lp 2424 | sudo dd of=/path/to/image.img.gz
On the local host run the following command:
dd if=/dev/sdc | gzip -c | nc 192.168.40.146 2424
8) Restore a hard drive (e.g. /dev/sdc) from a compressed disk image stored in a remote host
On the local host run:
nc -lp 2424 | gunzip -c | sudo dd of=/dev/sdc
On the remote host run the following command:
cat /path/to/image.img.gz | nc 192.168.40.144 2424
9) Run insecure online chat between two hosts
On one host (e.g. 192.168.40.144) run the command below:
nc -lp 2424
On another host (e.g. 192.168.40.146) run the following command:
nc 192.168.40.144 2424
After running these commands, anything typed in both terminals will be seen on both host machines.
10) Run a web server with a static web page
Run the command below on local host (e.g. 192.168.40.144) to start a web server that serves test.html on port 80. Note that you must run with sudo privileges as 80 is in range of well known ports (1-1023)
while true; do sudo nc -lp 80 < test.html; done
Now open http://192.168.40.144/test.html from another host to access it.
11) Listen on a TCP port using IPv6 address
You can use the following command to allow nc use IPv6 address when listening on a TCP port.
nc -6 -l 2424
Check if it works with the command below
sudo netstat -nap | grep 2424
Output will look like this
tcp6 0 0 :::2424 :::* LISTEN 15665/nc
12) Stream a video file from a server for client to watch the streamed video using video player (e.g., mplayer)
On a video server (192.168.40.144):
cat sample_video.avi | nc -l 2424
On a client host (192.168.40.146):
nc 192.168.40.144 2424 | mplayer -vo x11 -cache 3000 –
